package com.dbeaver.ee.runtime.internal.ui.preferences.security;

import com.dbeaver.ee.runtime.core.DBeaverEnterprisePreferences;
import com.dbeaver.ee.runtime.internal.ui.UiMessages;
import com.dbeaver.model.DBPProjectAdvanced;
import java.lang.reflect.InvocationTargetException;
import java.nio.file.Path;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.StringJoiner;
import org.eclipse.core.runtime.Platform;
import org.eclipse.core.runtime.preferences.ConfigurationScope;
import org.eclipse.core.runtime.preferences.DefaultScope;
import org.eclipse.core.runtime.preferences.IEclipsePreferences;
import org.eclipse.core.runtime.preferences.IScopeContext;
import org.eclipse.equinox.internal.security.storage.PasswordProviderSelector;
import org.eclipse.equinox.internal.security.storage.friends.InternalExchangeUtils;
import org.eclipse.equinox.internal.security.storage.friends.PasswordProviderDescription;
import org.eclipse.equinox.internal.security.storage.friends.ReEncrypter;
import org.eclipse.equinox.internal.security.ui.nls.SecUIMessages;
import org.eclipse.equinox.internal.security.ui.storage.ChangePasswordWizardDialog;
import org.eclipse.equinox.internal.security.ui.storage.PasswordRecoveryDialog;
import org.eclipse.equinox.internal.security.ui.storage.StorageUtils;
import org.eclipse.equinox.security.storage.ISecurePreferences;
import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
import org.eclipse.jface.dialogs.MessageDialog;
import org.eclipse.jface.layout.GridDataFactory;
import org.eclipse.osgi.util.NLS;
import org.eclipse.swt.events.SelectionEvent;
import org.eclipse.swt.events.SelectionListener;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.widgets.Button;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Group;
import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.MessageBox;
import org.eclipse.swt.widgets.Shell;
import org.jkiss.code.NotNull;
import org.jkiss.code.Nullable;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.app.DBPDataSourceRegistry;
import org.jkiss.dbeaver.model.app.DBPProject;
import org.jkiss.dbeaver.model.impl.app.BaseWorkspaceImpl;
import org.jkiss.dbeaver.model.preferences.DBPPreferenceStore;
import org.jkiss.dbeaver.model.secret.DBSSecretBrowser;
import org.jkiss.dbeaver.model.secret.DBSSecretController;
import org.jkiss.dbeaver.registry.DataSourceDescriptor;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.jkiss.dbeaver.ui.ShellUtils;
import org.jkiss.dbeaver.ui.UIUtils;
import org.jkiss.dbeaver.utils.GeneralUtils;
import org.jkiss.dbeaver.utils.HelpUtils;
import org.jkiss.dbeaver.utils.PrefUtils;
import org.jkiss.utils.CommonUtils;
import org.osgi.service.prefs.BackingStoreException;

/* loaded from: input_file:com/dbeaver/ee/runtime/internal/ui/preferences/security/SecureStoragePreferences.class */
public class SecureStoragePreferences {
    private static final String PREFERENCES_PLUGIN = "org.eclipse.equinox.security";
    private static final String DBEAVER_PROVIDER_ID = "com.dbeaver.app.advanced.dbeaverpasswordprovider";
    private static final Log log = Log.getLog(DataSourceDescriptor.class);
    private static final int PARENT_COLUMNS = 2;
    private final int widthHint;
    private Button buttonChangePassword;
    private Button buttonRecoverPassword;
    private Button secureStorageCheckbox;
    private boolean providerModified = false;
    private boolean secureStorageToggled = false;
    private PasswordProviderDescription selectedProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dbeaver/ee/runtime/internal/ui/preferences/security/SecureStoragePreferences$ThrowingConsumer.class */
    public interface ThrowingConsumer<T, E extends Exception> {
        void accept(T t) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureStoragePreferences(@NotNull Composite composite, int i) {
        this.widthHint = i;
        createSecretData(composite);
        createEncryptionMethod(composite);
    }

    private void createSecretData(Composite composite) {
        Group createControlGroup = UIUtils.createControlGroup(composite, UiMessages.pref_page_security_group_secret_data, 1, 32, this.widthHint);
        UIUtils.createInfoLink(createControlGroup, UiMessages.pref_page_security_group_secret_data_hint, () -> {
            ShellUtils.launchProgram(HelpUtils.getHelpExternalReference("Managing-Master-Password"));
        }, 64, PARENT_COLUMNS, -1);
        Button createCheckbox = UIUtils.createCheckbox(createControlGroup, UiMessages.pref_page_security_data_global, UiMessages.pref_page_security_data_global_hint, true, 1);
        GridData gridData = new GridData(32);
        gridData.horizontalIndent = 20;
        createCheckbox.setLayoutData(gridData);
        createCheckbox.addSelectionListener(SelectionListener.widgetSelectedAdapter(selectionEvent -> {
            if (createCheckbox.getSelection()) {
                return;
            }
            createCheckbox.setSelection(true);
            UIUtils.showMessageBox(composite.getShell(), UiMessages.pref_page_security_data_global, "This option cannot be turned off.\nGlobal secure settings must be stored in the encrypted storage", 1);
        }));
        this.secureStorageCheckbox = UIUtils.createCheckbox(createControlGroup, UiMessages.pref_page_security_data_database_credentials, UiMessages.pref_page_security_data_database_credentials_hint, isSecureDatabaseCredentials(), 1);
        this.secureStorageCheckbox.setLayoutData(gridData);
        this.secureStorageCheckbox.addSelectionListener(SelectionListener.widgetSelectedAdapter(selectionEvent2 -> {
            this.secureStorageToggled = isSecureDatabaseCredentials() ^ this.secureStorageCheckbox.getSelection();
        }));
        addSecureStorageButton(createControlGroup);
        UIUtils.createInfoLink(createControlGroup, UiMessages.pref_page_security_group_secret_type_hint, () -> {
            ShellUtils.launchProgram(HelpUtils.getHelpExternalReference("Managing-Master-Password"));
        }, 64, PARENT_COLUMNS, -1);
    }

    private void createEncryptionMethod(@NotNull Composite composite) {
        Group createControlGroup = UIUtils.createControlGroup(composite, UiMessages.pref_page_security_group_encryption_method, PARENT_COLUMNS, 32, this.widthHint);
        createControlGroup.setLayoutData(new GridData(32));
        addPasswordProviderSelector(createControlGroup);
        addPasswordManagementComposite(createControlGroup);
    }

    private void addPasswordProviderSelector(Composite composite) {
        Composite createComposite = UIUtils.createComposite(composite, 1);
        createComposite.setLayoutData(GridDataFactory.fillDefaults().grab(true, false).span(PARENT_COLUMNS, 1).create());
        PasswordProviderDescription[] loadPasswordProviderSettings = loadPasswordProviderSettings();
        int length = loadPasswordProviderSettings.length;
        for (int i = 0; i < length; i++) {
            PasswordProviderDescription passwordProviderDescription = loadPasswordProviderSettings[i];
            UIUtils.createRadioButton(createComposite, passwordProviderDescription.getName(), passwordProviderDescription, SelectionListener.widgetSelectedAdapter(selectionEvent -> {
                if ((selectionEvent.widget instanceof Button) && selectionEvent.widget.getSelection()) {
                    this.providerModified = passwordProviderDescription != this.selectedProvider;
                    this.selectedProvider = passwordProviderDescription;
                    refreshChangePasswordButton();
                    refreshRecoveredPasswordButton();
                }
            })).setSelection(passwordProviderDescription == this.selectedProvider);
            Label label = new Label(createComposite, 64);
            label.setText(CommonUtils.notEmpty(passwordProviderDescription.getDescription()));
            GridData gridData = new GridData(32);
            gridData.widthHint = this.widthHint - 30;
            gridData.horizontalIndent = 20;
            label.setLayoutData(gridData);
        }
    }

    private void addPasswordManagementComposite(Composite composite) {
        Composite createComposite = UIUtils.createComposite(composite, 3);
        createComposite.setLayoutData(GridDataFactory.fillDefaults().grab(true, false).span(PARENT_COLUMNS, PARENT_COLUMNS).create());
        addChangePasswordButton(createComposite, composite.getShell());
        addRecoverPasswordButton(createComposite, composite.getShell());
    }

    private void addChangePasswordButton(Composite composite, final Shell shell) {
        this.buttonChangePassword = UIUtils.createDialogButton(composite, UiMessages.pref_page_security_change_password_button, new SelectionListener() { // from class: com.dbeaver.ee.runtime.internal.ui.preferences.security.SecureStoragePreferences.1
            public void widgetDefaultSelected(SelectionEvent selectionEvent) {
                widgetSelected(selectionEvent);
            }

            public void widgetSelected(SelectionEvent selectionEvent) {
                PasswordProviderDescription passwordProviderDescription = SecureStoragePreferences.this.selectedProvider;
                if (passwordProviderDescription == null) {
                    return;
                }
                String id = passwordProviderDescription.getId();
                ISecurePreferences iSecurePreferences = SecurePreferencesFactory.getDefault();
                if (passwordProviderDescription.hasHint("AutomaticPasswordGeneration")) {
                    SecureStoragePreferences.this.changePassword(iSecurePreferences, id, passwordProviderDescription.getName(), shell);
                } else {
                    new ChangePasswordWizardDialog(shell, iSecurePreferences, id).open();
                    SecureStoragePreferences.this.refreshRecoveredPasswordButton();
                }
            }
        });
        setButtonSize(this.buttonChangePassword);
        refreshChangePasswordButton();
    }

    private void refreshChangePasswordButton() {
        this.buttonChangePassword.setEnabled(isDbeaverPasswordProvider(this.selectedProvider));
    }

    private void addRecoverPasswordButton(Composite composite, final Shell shell) {
        this.buttonRecoverPassword = new Button(composite, 8);
        this.buttonRecoverPassword.setText(UiMessages.pref_page_security_recover_password_button);
        this.buttonRecoverPassword.setLayoutData(new GridData(1, 1, false, false));
        this.buttonRecoverPassword.addSelectionListener(new SelectionListener() { // from class: com.dbeaver.ee.runtime.internal.ui.preferences.security.SecureStoragePreferences.2
            public void widgetDefaultSelected(SelectionEvent selectionEvent) {
                widgetSelected(selectionEvent);
            }

            public void widgetSelected(SelectionEvent selectionEvent) {
                PasswordProviderDescription passwordProviderDescription = SecureStoragePreferences.this.selectedProvider;
                if (passwordProviderDescription == null) {
                    return;
                }
                String id = passwordProviderDescription.getId();
                String[] passwordRecoveryQuestions = InternalExchangeUtils.getPasswordRecoveryQuestions(SecurePreferencesFactory.getDefault(), id);
                if (passwordRecoveryQuestions.length == 0) {
                    return;
                }
                new PasswordRecoveryDialog(passwordRecoveryQuestions, shell, id).open();
            }
        });
        setButtonSize(this.buttonRecoverPassword);
        refreshRecoveredPasswordButton();
    }

    private void refreshRecoveredPasswordButton() {
        this.buttonRecoverPassword.setEnabled(hasHints(this.selectedProvider));
    }

    private void addSecureStorageButton(Composite composite) {
        setButtonSize(UIUtils.createDialogButton(composite, UiMessages.pref_page_security_secure_storage_button, SelectionListener.widgetSelectedAdapter(selectionEvent -> {
            AdvancedPreferences advancedPreferences = new AdvancedPreferences();
            org.jkiss.dbeaver.ui.dialogs.PreferencePageDialog preferencePageDialog = new org.jkiss.dbeaver.ui.dialogs.PreferencePageDialog(composite.getShell(), advancedPreferences);
            advancedPreferences.getPreferenceStore();
            preferencePageDialog.open();
        })));
    }

    private PasswordProviderDescription[] loadPasswordProviderSettings() {
        Set<String> disabledModules = getDisabledModules();
        List passwordProvidersFind = InternalExchangeUtils.passwordProvidersFind();
        int i = Integer.MIN_VALUE;
        PasswordProviderDescription[] passwordProviderDescriptionArr = new PasswordProviderDescription[passwordProvidersFind.size()];
        for (int i2 = 0; i2 < passwordProvidersFind.size(); i2++) {
            PasswordProviderDescription passwordProviderDescription = (PasswordProviderDescription) passwordProvidersFind.get(i2);
            passwordProviderDescriptionArr[i2] = passwordProviderDescription;
            if (!disabledModules.contains(passwordProviderDescription.getId()) && passwordProviderDescription.getPriority() > i) {
                i = passwordProviderDescription.getPriority();
                this.selectedProvider = passwordProviderDescription;
            }
        }
        return passwordProviderDescriptionArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void performDefaults() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void performOk() {
        if (this.providerModified) {
            saveProviders();
        }
        if (this.providerModified || this.secureStorageToggled) {
            boolean selection = this.secureStorageCheckbox.getSelection();
            saveEnabled(selection);
            updateProjects(selection ? SecureStoragePreferences::saveAllSecrets : SecureStoragePreferences::resolveAllSecrets);
        }
        if (this.providerModified) {
            InternalExchangeUtils.passwordProvidersReset();
            refreshChangePasswordButton();
        }
        this.providerModified = false;
        this.secureStorageToggled = false;
    }

    private void updateProjects(ThrowingConsumer<DBPProject, DBException> throwingConsumer) {
        try {
            UIUtils.runInProgressDialog(dBRProgressMonitor -> {
                List<DBPProjectAdvanced> projects = DBWorkbench.getPlatform().getWorkspace().getProjects();
                dBRProgressMonitor.beginTask("Sync project configurations", projects.size());
                for (DBPProjectAdvanced dBPProjectAdvanced : projects) {
                    if (!(dBPProjectAdvanced instanceof DBPProjectAdvanced) || !dBPProjectAdvanced.isProjectPasswordUsed()) {
                        dBRProgressMonitor.subTask("Sync project '" + dBPProjectAdvanced.getName() + "'");
                        try {
                            dBPProjectAdvanced.ensureOpen();
                            throwingConsumer.accept(dBPProjectAdvanced);
                        } catch (Exception e) {
                            log.error("Error synchronizing project '" + dBPProjectAdvanced.getName() + "'", e);
                        }
                        dBRProgressMonitor.worked(1);
                    }
                }
                dBRProgressMonitor.done();
            });
        } catch (InvocationTargetException e) {
            DBWorkbench.getPlatformUI().showError("Projects configuration flush", "Error saving project metadata", e);
        }
    }

    private static void resolveAllSecrets(DBPProject dBPProject) throws DBException {
        DBPDataSourceRegistry dataSourceRegistry = dBPProject.getDataSourceRegistry();
        DBSSecretBrowser projectSecretController = DBSSecretController.getProjectSecretController(dBPProject);
        dataSourceRegistry.resolveSecrets(projectSecretController);
        if (projectSecretController instanceof DBSSecretBrowser) {
            projectSecretController.clearAllSecrets(dBPProject.getId());
        }
        dataSourceRegistry.flushConfig();
    }

    private static void saveAllSecrets(DBPProject dBPProject) throws DBException {
        DBPDataSourceRegistry dataSourceRegistry = dBPProject.getDataSourceRegistry();
        dataSourceRegistry.persistSecrets(DBSSecretController.getProjectSecretController(dBPProject));
        dataSourceRegistry.flushConfig();
    }

    private boolean isSecureDatabaseCredentials() {
        return DBeaverEnterprisePreferences.getPreferences().getBoolean("security.secure.password.storage");
    }

    private boolean isDbeaverPasswordProvider(@Nullable PasswordProviderDescription passwordProviderDescription) {
        if (passwordProviderDescription == null) {
            return false;
        }
        return passwordProviderDescription.getId().equals(DBEAVER_PROVIDER_ID);
    }

    private boolean hasHints(@Nullable PasswordProviderDescription passwordProviderDescription) {
        if (passwordProviderDescription == null) {
            return false;
        }
        return InternalExchangeUtils.getPasswordRecoveryQuestions(SecurePreferencesFactory.getDefault(), passwordProviderDescription.getId()).length > 0;
    }

    private void saveEnabled(boolean z) {
        DBPPreferenceStore preferences = DBeaverEnterprisePreferences.getPreferences();
        preferences.setValue("security.secure.password.storage", z);
        PrefUtils.savePreferenceStore(preferences);
        Path metadataFolder = GeneralUtils.getMetadataFolder();
        Properties readWorkspaceInfo = BaseWorkspaceImpl.readWorkspaceInfo(metadataFolder);
        readWorkspaceInfo.put("security.secure.password.storage", CommonUtils.toString(Boolean.valueOf(z)));
        BaseWorkspaceImpl.writeWorkspaceInfo(metadataFolder, readWorkspaceInfo);
    }

    private void saveProviders() {
        List<PasswordProviderDescription> passwordProvidersFind = InternalExchangeUtils.passwordProvidersFind();
        StringJoiner stringJoiner = new StringJoiner(",");
        for (PasswordProviderDescription passwordProviderDescription : passwordProvidersFind) {
            if (!passwordProviderDescription.getId().equals(this.selectedProvider.getId())) {
                stringJoiner.add(passwordProviderDescription.getId());
            }
        }
        PasswordProviderSelector.getInstance().clearCaches();
        IEclipsePreferences node = ConfigurationScope.INSTANCE.getNode(PREFERENCES_PLUGIN);
        node.put("org.eclipse.equinox.security.preferences.disabledProviders", stringJoiner.toString());
        try {
            node.flush();
        } catch (BackingStoreException unused) {
        }
    }

    private static Set<String> getDisabledModules() {
        return Set.of((Object[]) Platform.getPreferencesService().getString(PREFERENCES_PLUGIN, "org.eclipse.equinox.security.preferences.disabledProviders", "", new IScopeContext[]{ConfigurationScope.INSTANCE, DefaultScope.INSTANCE}).split(","));
    }

    private boolean changePassword(ISecurePreferences iSecurePreferences, String str, String str2, Shell shell) {
        ReEncrypter reEncrypter = new ReEncrypter(iSecurePreferences, str);
        if (!reEncrypter.decrypt()) {
            MessageBox messageBox = new MessageBox(shell, 200);
            messageBox.setText(SecUIMessages.changePasswordWizardTitle);
            messageBox.setMessage(SecUIMessages.wizardDecodeWarning);
            if (messageBox.open() == 64) {
                return false;
            }
        }
        if (reEncrypter.switchToNewPassword()) {
            reEncrypter.encrypt();
            MessageDialog.openInformation(StorageUtils.getShell(), SecUIMessages.generalDialogTitle, NLS.bind(SecUIMessages.passwordChangeDone, str2));
            return true;
        }
        MessageBox messageBox2 = new MessageBox(shell, 33);
        messageBox2.setText(SecUIMessages.changePasswordWizardTitle);
        messageBox2.setMessage(SecUIMessages.wizardSwitchError);
        messageBox2.open();
        return false;
    }

    private void setButtonSize(Button button) {
        GridDataFactory.defaultsFor(button).align(1, 1).grab(false, false).applyTo(button);
    }
}
