package com.mirth.connect.server.migration;

import com.mirth.connect.client.core.Version;
import com.mirth.connect.model.util.MigrationException;
import com.mirth.connect.server.util.DatabaseUtil;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import org.apache.commons.configuration2.PropertiesConfiguration;
import org.apache.commons.dbutils.DbUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/mirth/connect/server/migration/Migrate4_3_0.class */
public class Migrate4_3_0 extends Migrator implements ConfigurationMigrator {
    private Logger logger = LogManager.getLogger(getClass());
    protected static String OLD_DEFAULT_CIPHERSUITES = "TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
    protected static String NEW_DEFAULT_CIPHERSUITES = "TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
    protected static List<String> CIPHERSUITES_TO_REMOVE = Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA");

    @Override // com.mirth.connect.server.migration.ConfigurationMigrator
    public Map<String, Object> getConfigurationPropertiesToAdd() {
        return null;
    }

    @Override // com.mirth.connect.server.migration.ConfigurationMigrator
    public String[] getConfigurationPropertiesToRemove() {
        return null;
    }

    @Override // com.mirth.connect.server.migration.ConfigurationMigrator
    public void updateConfiguration(PropertiesConfiguration propertiesConfiguration) {
        if (getStartingVersion() == null || getStartingVersion().ordinal() < Version.v4_3_0.ordinal()) {
            updateConfiguration(propertiesConfiguration, "https.ciphersuites", OLD_DEFAULT_CIPHERSUITES, NEW_DEFAULT_CIPHERSUITES, CIPHERSUITES_TO_REMOVE);
            this.logger.error("In version 4.3.0, the following cipher suites have been disabled by default to reflect the lastest security best practices: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
            updateSecurityConfiguration(propertiesConfiguration);
        }
    }

    private void updateConfiguration(PropertiesConfiguration propertiesConfiguration, String str, String str2, String str3, List<String> list) {
        String[] stringArray = propertiesConfiguration.getStringArray(str);
        boolean z = false;
        if (ArrayUtils.isNotEmpty(stringArray) && (stringArray.length > 1 || StringUtils.isNotBlank(stringArray[0]))) {
            String join = StringUtils.join(stringArray, ',');
            if (!StringUtils.equals(join, str3) && !StringUtils.equals(join, str2)) {
                z = true;
                propertiesConfiguration.setProperty(str + ".old", join);
                propertiesConfiguration.getLayout().setBlancLinesBefore(str + ".old", 1);
                propertiesConfiguration.getLayout().setComment(str + ".old", "In version 4.3.0 the default protocols / cipher suites were updated to reflect the latest security best practices. The old value for " + str + ", in case you need it, is below.\nIf you no longer need it, you can delete this property.");
                this.logger.error("In version 4.3.0 the default protocols / cipher suites were updated to reflect the latest security best practices. The old value for " + str + " is still present in mirth.properties in case you need it. If you no longer need it, you can delete this property.");
            }
        }
        if (!z) {
            propertiesConfiguration.setProperty(str, str3);
            return;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str4 : stringArray) {
            linkedHashSet.addAll(Arrays.asList(StringUtils.split(str4, ',')));
        }
        linkedHashSet.removeAll(list);
        propertiesConfiguration.setProperty(str, StringUtils.join(linkedHashSet, ','));
    }

    void updateSecurityConfiguration(PropertiesConfiguration propertiesConfiguration) {
        if (getStartingVersion() == null || getStartingVersion().ordinal() < Version.v4_3_0.ordinal()) {
            String str = (String) StringUtils.defaultIfBlank(propertiesConfiguration.getString("encryption.algorithm"), "AES");
            if (StringUtils.contains(str, "/")) {
                str = (String) StringUtils.defaultIfBlank(StringUtils.substring(str, 0, StringUtils.indexOf(str, 47)), "AES");
            }
            propertiesConfiguration.setProperty("encryption.fallback.algorithm", str);
            propertiesConfiguration.getLayout().setBlancLinesBefore("encryption.fallback.algorithm", 1);
            propertiesConfiguration.getLayout().setComment("encryption.fallback.algorithm", "The algorithm to use when decrypting old message content.");
            String defaultCharset = getDefaultCharset();
            if (StringUtils.equals(defaultCharset, StandardCharsets.UTF_8.name())) {
                return;
            }
            propertiesConfiguration.setProperty("encryption.fallback.charset", defaultCharset);
            propertiesConfiguration.getLayout().setBlancLinesBefore("encryption.fallback.charset", 1);
            propertiesConfiguration.getLayout().setComment("encryption.fallback.charset", "The character set encoding to use when decrypting old message content");
        }
    }

    @Override // com.mirth.connect.server.migration.Migrator
    public void migrate() throws MigrationException {
        try {
            if (scriptExists(getDatabaseType() + "-4.2.0-4.3.0-attachment-table.sql") && DatabaseUtil.tableExists(getConnection(), "D_CHANNELS")) {
                this.logger.debug("Migrating message attachment tables for " + getDatabaseType());
                PreparedStatement preparedStatement = null;
                ResultSet resultSet = null;
                try {
                    preparedStatement = getConnection().prepareStatement("SELECT LOCAL_CHANNEL_ID FROM D_CHANNELS");
                    resultSet = preparedStatement.executeQuery();
                    while (resultSet.next()) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("localChannelId", Long.valueOf(resultSet.getLong(1)));
                        this.logger.debug("Migrating message attachment table for local channel ID " + hashMap.get("localChannelId"));
                        executeScript(getDatabaseType() + "-4.2.0-4.3.0-attachment-table.sql", hashMap);
                    }
                    DbUtils.closeQuietly(resultSet);
                    DbUtils.closeQuietly(preparedStatement);
                } catch (Throwable th) {
                    DbUtils.closeQuietly(resultSet);
                    DbUtils.closeQuietly(preparedStatement);
                    throw th;
                }
            }
        } catch (Exception e) {
            throw new MigrationException("An error occurred while migrating message attachment tables.", e);
        }
    }

    @Override // com.mirth.connect.server.migration.Migrator
    public void migrateSerializedData() throws MigrationException {
    }

    public Logger getLogger() {
        return this.logger;
    }

    public void setLogger(Logger logger) {
        this.logger = logger;
    }

    String getDefaultCharset() {
        return Charset.defaultCharset().name();
    }
}
