package org.adorsys.docusafe.business.impl;

import com.nimbusds.jose.jwk.JWK;
import java.security.UnrecoverableEntryException;
import org.adorsys.cryptoutils.exceptions.BaseException;
import org.adorsys.cryptoutils.exceptions.BaseExceptionHandler;
import org.adorsys.docusafe.business.DocumentSafeService;
import org.adorsys.docusafe.business.exceptions.NoReadAccessException;
import org.adorsys.docusafe.business.exceptions.NoWriteAccessException;
import org.adorsys.docusafe.business.exceptions.UserIDAlreadyExistsException;
import org.adorsys.docusafe.business.exceptions.UserIDDoesNotExistException;
import org.adorsys.docusafe.business.exceptions.WrongPasswordException;
import org.adorsys.docusafe.business.impl.caches.DocumentGuardCache;
import org.adorsys.docusafe.business.impl.caches.DocumentKeyIDCache;
import org.adorsys.docusafe.business.impl.caches.UserAuthCache;
import org.adorsys.docusafe.business.types.UserID;
import org.adorsys.docusafe.business.types.complex.BucketContentFQN;
import org.adorsys.docusafe.business.types.complex.DSDocument;
import org.adorsys.docusafe.business.types.complex.DSDocumentMetaInfo;
import org.adorsys.docusafe.business.types.complex.DSDocumentStream;
import org.adorsys.docusafe.business.types.complex.DocumentDirectoryFQN;
import org.adorsys.docusafe.business.types.complex.DocumentFQN;
import org.adorsys.docusafe.business.types.complex.UserIDAuth;
import org.adorsys.docusafe.business.utils.BucketPath2FQNHelper;
import org.adorsys.docusafe.business.utils.GrantUtil;
import org.adorsys.docusafe.business.utils.GuardUtil;
import org.adorsys.docusafe.business.utils.UserIDUtil;
import org.adorsys.docusafe.service.BucketService;
import org.adorsys.docusafe.service.DocumentGuardService;
import org.adorsys.docusafe.service.DocumentPersistenceService;
import org.adorsys.docusafe.service.KeySourceService;
import org.adorsys.docusafe.service.impl.BucketServiceImpl;
import org.adorsys.docusafe.service.impl.DocumentGuardServiceImpl;
import org.adorsys.docusafe.service.impl.DocumentKeyID2DocumentKeyCache;
import org.adorsys.docusafe.service.impl.DocumentPersistenceServiceImpl;
import org.adorsys.docusafe.service.impl.GuardKeyType;
import org.adorsys.docusafe.service.impl.KeySourceServiceImpl;
import org.adorsys.docusafe.service.impl.PasswordAndDocumentKeyIDWithKeyAndAccessType;
import org.adorsys.docusafe.service.types.AccessType;
import org.adorsys.docusafe.service.types.BucketContent;
import org.adorsys.docusafe.service.types.DocumentContent;
import org.adorsys.docusafe.service.types.DocumentKeyID;
import org.adorsys.docusafe.service.types.complextypes.DocumentBucketPath;
import org.adorsys.docusafe.service.types.complextypes.DocumentGuardLocation;
import org.adorsys.docusafe.service.types.complextypes.DocumentKeyIDWithKeyAndAccessType;
import org.adorsys.encobject.complextypes.BucketDirectory;
import org.adorsys.encobject.complextypes.BucketPath;
import org.adorsys.encobject.domain.KeyStoreAccess;
import org.adorsys.encobject.domain.KeyStoreAuth;
import org.adorsys.encobject.domain.Payload;
import org.adorsys.encobject.domain.PayloadStream;
import org.adorsys.encobject.domain.ReadKeyPassword;
import org.adorsys.encobject.domain.StorageMetadata;
import org.adorsys.encobject.service.api.ExtendedStoreConnection;
import org.adorsys.encobject.service.api.KeyStoreService;
import org.adorsys.encobject.service.api.generator.KeyStoreCreationConfig;
import org.adorsys.encobject.service.impl.KeyStoreServiceImpl;
import org.adorsys.encobject.service.impl.SimplePayloadImpl;
import org.adorsys.encobject.service.impl.SimplePayloadStreamImpl;
import org.adorsys.encobject.service.impl.SimpleStorageMetadataImpl;
import org.adorsys.encobject.types.ListRecursiveFlag;
import org.adorsys.encobject.types.OverwriteFlag;
import org.adorsys.jkeygen.keystore.KeyStoreType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/adorsys/docusafe/business/impl/DocumentSafeServiceImpl.class */
public class DocumentSafeServiceImpl implements DocumentSafeService, DocumentKeyID2DocumentKeyCache {
    private static final Logger LOGGER = LoggerFactory.getLogger(DocumentSafeServiceImpl.class);
    public static final String USER_AUTH_CACHE = "userAuthCache";
    public static final String GUARD_MAP = "GUARD_MAP";
    public static final String DOCUMENT_KEY_MAP = "DOCUMENT_KEY_MAP";
    private BucketService bucketService;
    private KeyStoreService keyStoreService;
    private DocumentGuardService documentGuardService;
    private DocumentPersistenceService documentPersistenceService;
    private KeySourceService keySourceService;
    private ExtendedStoreConnection extendedStoreConnection;
    private DocusafeCacheWrapper docusafeCacheWrapper;

    public DocumentSafeServiceImpl(WithCache withCache, ExtendedStoreConnection extendedStoreConnection) {
        this.docusafeCacheWrapper = null;
        this.extendedStoreConnection = extendedStoreConnection;
        this.bucketService = new BucketServiceImpl(extendedStoreConnection);
        this.keyStoreService = new KeyStoreServiceImpl(extendedStoreConnection);
        this.documentGuardService = new DocumentGuardServiceImpl(extendedStoreConnection);
        this.documentPersistenceService = new DocumentPersistenceServiceImpl(extendedStoreConnection, this);
        this.keySourceService = new KeySourceServiceImpl(extendedStoreConnection);
        if (withCache.equals(WithCache.TRUE)) {
            this.docusafeCacheWrapper = new DocusafeCacheWrapperImpl(CacheType.GUAVA);
        }
        if (withCache.equals(WithCache.TRUE_HASH_MAP)) {
            this.docusafeCacheWrapper = new DocusafeCacheWrapperImpl(CacheType.HASH_MAP);
        }
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void createUser(UserIDAuth userIDAuth) {
        LOGGER.debug("start create user for " + userIDAuth);
        if (userExists(userIDAuth.getUserID())) {
            throw new UserIDAlreadyExistsException(userIDAuth.getUserID().toString());
        }
        BucketDirectory keyStoreDirectory = UserIDUtil.getKeyStoreDirectory(userIDAuth.getUserID());
        KeyStoreAuth keyStoreAuth = UserIDUtil.getKeyStoreAuth(userIDAuth);
        this.bucketService.createBucket(keyStoreDirectory);
        BucketPath keyStorePath = UserIDUtil.getKeyStorePath(userIDAuth.getUserID());
        this.keyStoreService.createKeyStore(keyStoreAuth, KeyStoreType.DEFAULT, keyStorePath, (KeyStoreCreationConfig) null);
        KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStorePath, keyStoreAuth);
        BucketDirectory homeBucketDirectory = UserIDUtil.getHomeBucketDirectory(userIDAuth.getUserID());
        this.bucketService.createBucket(homeBucketDirectory);
        createSymmetricGuardForBucket(keyStoreAccess, homeBucketDirectory, AccessType.WRITE);
        storeDocument(userIDAuth, createWelcomeDocument());
        LOGGER.debug("finished create user for " + userIDAuth);
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void destroyUser(UserIDAuth userIDAuth) {
        LOGGER.debug("start destroy user for " + userIDAuth);
        BucketDirectory userRootBucketDirectory = UserIDUtil.getUserRootBucketDirectory(userIDAuth.getUserID());
        if (!this.bucketService.bucketExists(userRootBucketDirectory)) {
            throw new UserIDDoesNotExistException(userIDAuth.getUserID());
        }
        checkUserKeyPassword(userIDAuth);
        this.bucketService.destroyBucket(userRootBucketDirectory);
        LOGGER.debug("finished destroy user for " + userIDAuth);
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public boolean userExists(UserID userID) {
        return this.bucketService.bucketExists(UserIDUtil.getUserRootBucketDirectory(userID));
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void storeDocument(UserIDAuth userIDAuth, DSDocument dSDocument) {
        LOGGER.debug("start storeDocument for " + userIDAuth + " " + dSDocument.getDocumentFQN());
        SimpleStorageMetadataImpl simpleStorageMetadataImpl = new SimpleStorageMetadataImpl();
        simpleStorageMetadataImpl.mergeUserMetadata(dSDocument.getDsDocumentMetaInfo());
        simpleStorageMetadataImpl.setSize(new Long(dSDocument.getDocumentContent().getValue().length));
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userIDAuth.getUserID(), dSDocument.getDocumentFQN());
        DocumentKeyIDWithKeyAndAccessType orCreateDocumentKeyIDwithKeyForBucketPath = getOrCreateDocumentKeyIDwithKeyForBucketPath(userIDAuth, theDocumentBucketPath.getBucketDirectory(), AccessType.WRITE);
        if (dSDocument.getDsDocumentMetaInfo().isNotEncrypted()) {
            this.documentPersistenceService.persistDocument(theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadImpl(simpleStorageMetadataImpl, dSDocument.getDocumentContent().getValue()));
            LOGGER.debug("finished storeDocument unencrypted document for " + userIDAuth + " " + dSDocument.getDocumentFQN());
        } else {
            this.documentPersistenceService.encryptAndPersistDocument(orCreateDocumentKeyIDwithKeyForBucketPath.getDocumentKeyIDWithKey(), theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadImpl(simpleStorageMetadataImpl, dSDocument.getDocumentContent().getValue()));
            LOGGER.debug("finished storeDocument encrypted document for " + userIDAuth + " " + dSDocument.getDocumentFQN());
        }
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public DSDocument readDocument(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        LOGGER.debug("start readDocument for " + userIDAuth + " " + documentFQN);
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userIDAuth.getUserID(), documentFQN);
        StorageMetadata storageMetadata = this.extendedStoreConnection.getStorageMetadata(theDocumentBucketPath);
        if (DocumentPersistenceService.isNotEncrypted(storageMetadata.getUserMetadata())) {
            checkUserKeyPassword(userIDAuth);
            Payload loadDocument = this.documentPersistenceService.loadDocument(storageMetadata, theDocumentBucketPath);
            DSDocument dSDocument = new DSDocument(documentFQN, new DocumentContent(loadDocument.getData()), new DSDocumentMetaInfo(loadDocument.getStorageMetadata().getUserMetadata()));
            LOGGER.debug("finished readDocument for " + userIDAuth + " " + documentFQN);
            return dSDocument;
        }
        Payload loadAndDecryptDocument = this.documentPersistenceService.loadAndDecryptDocument(storageMetadata, getKeyStoreAccess(userIDAuth), theDocumentBucketPath);
        LOGGER.debug("finished readDocument for " + userIDAuth + " " + documentFQN);
        DSDocument dSDocument2 = new DSDocument(documentFQN, new DocumentContent(loadAndDecryptDocument.getData()), new DSDocumentMetaInfo(loadAndDecryptDocument.getStorageMetadata().getUserMetadata()));
        if (dSDocument2.getDsDocumentMetaInfo().isNotEncrypted()) {
            checkUserKeyPassword(userIDAuth);
        }
        return dSDocument2;
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void storeDocumentStream(UserIDAuth userIDAuth, DSDocumentStream dSDocumentStream) {
        LOGGER.debug("start storeDocumentStream for " + userIDAuth + " " + dSDocumentStream.getDocumentFQN());
        SimpleStorageMetadataImpl simpleStorageMetadataImpl = new SimpleStorageMetadataImpl();
        simpleStorageMetadataImpl.mergeUserMetadata(dSDocumentStream.getDsDocumentMetaInfo());
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userIDAuth.getUserID(), dSDocumentStream.getDocumentFQN());
        DocumentKeyIDWithKeyAndAccessType orCreateDocumentKeyIDwithKeyForBucketPath = getOrCreateDocumentKeyIDwithKeyForBucketPath(userIDAuth, theDocumentBucketPath.getBucketDirectory(), AccessType.WRITE);
        if (dSDocumentStream.getDsDocumentMetaInfo().isNotEncrypted()) {
            this.documentPersistenceService.persistDocumentStream(theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadStreamImpl(simpleStorageMetadataImpl, dSDocumentStream.getDocumentStream()));
            LOGGER.debug("finished store and unencrypted document stream for " + userIDAuth + " " + dSDocumentStream.getDocumentFQN());
        } else {
            this.documentPersistenceService.encryptAndPersistDocumentStream(orCreateDocumentKeyIDwithKeyForBucketPath.getDocumentKeyIDWithKey(), theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadStreamImpl(simpleStorageMetadataImpl, dSDocumentStream.getDocumentStream()));
            LOGGER.debug("finished storeDocument encrypted document stream for " + userIDAuth + " " + dSDocumentStream.getDocumentFQN());
        }
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public DSDocumentStream readDocumentStream(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        try {
            LOGGER.debug("start readDocumentStream for " + userIDAuth + " " + documentFQN);
            DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userIDAuth.getUserID(), documentFQN);
            StorageMetadata storageMetadata = this.extendedStoreConnection.getStorageMetadata(theDocumentBucketPath);
            if (!DocumentPersistenceService.isNotEncrypted(storageMetadata.getUserMetadata())) {
                PayloadStream loadAndDecryptDocumentStream = this.documentPersistenceService.loadAndDecryptDocumentStream(storageMetadata, getKeyStoreAccess(userIDAuth), theDocumentBucketPath);
                LOGGER.debug("finished read and decrypt DocumentStream for " + userIDAuth + " " + documentFQN);
                return new DSDocumentStream(documentFQN, loadAndDecryptDocumentStream.openStream(), new DSDocumentMetaInfo(loadAndDecryptDocumentStream.getStorageMetadata().getUserMetadata()));
            }
            checkUserKeyPassword(userIDAuth);
            PayloadStream loadDocumentStream = this.documentPersistenceService.loadDocumentStream(storageMetadata, theDocumentBucketPath);
            DSDocumentStream dSDocumentStream = new DSDocumentStream(documentFQN, loadDocumentStream.openStream(), new DSDocumentMetaInfo(loadDocumentStream.getStorageMetadata().getUserMetadata()));
            LOGGER.debug("finished readDocumentStream for " + userIDAuth + " " + documentFQN);
            return dSDocumentStream;
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void deleteDocument(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        checkUserKeyPassword(userIDAuth);
        this.bucketService.deletePlainFile(getTheDocumentBucketPath(userIDAuth.getUserID(), documentFQN));
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public boolean documentExists(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        checkUserKeyPassword(userIDAuth);
        return this.bucketService.fileExists(getTheDocumentBucketPath(userIDAuth.getUserID(), documentFQN));
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void deleteFolder(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN) {
        this.bucketService.deletePlainFolder(UserIDUtil.getHomeBucketDirectory(userIDAuth.getUserID()).append(new BucketDirectory(documentDirectoryFQN.getValue())));
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public BucketContentFQN list(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN, ListRecursiveFlag listRecursiveFlag) {
        LOGGER.debug("list directroy " + documentDirectoryFQN + " for " + userIDAuth.getUserID());
        checkUserKeyPassword(userIDAuth);
        BucketDirectory homeBucketDirectory = UserIDUtil.getHomeBucketDirectory(userIDAuth.getUserID());
        BucketDirectory prepend = documentDirectoryFQN.prepend(homeBucketDirectory);
        BucketContentFQNImpl bucketContentFQNImpl = new BucketContentFQNImpl();
        BucketContent readDocumentBucket = this.bucketService.readDocumentBucket(prepend, listRecursiveFlag);
        readDocumentBucket.getFiles().forEach(bucketPath -> {
            bucketContentFQNImpl.getFiles().add(BucketPath2FQNHelper.path2FQN(homeBucketDirectory, bucketPath));
        });
        DocumentDirectoryFQN documentDirectoryFQN2 = documentDirectoryFQN.getValue().startsWith("/") ? documentDirectoryFQN : new DocumentDirectoryFQN("/" + documentDirectoryFQN.getValue());
        readDocumentBucket.getSubdirectories().forEach(bucketDirectory -> {
            DocumentDirectoryFQN directory2FQN = BucketPath2FQNHelper.directory2FQN(homeBucketDirectory, bucketDirectory);
            if (directory2FQN.equals(documentDirectoryFQN2)) {
                return;
            }
            bucketContentFQNImpl.getDirectories().add(directory2FQN);
        });
        return bucketContentFQNImpl;
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void grantAccessToUserForFolder(UserIDAuth userIDAuth, UserID userID, DocumentDirectoryFQN documentDirectoryFQN, AccessType accessType) {
        LOGGER.debug("start grant access for " + userIDAuth + " to  " + userID + " for " + documentDirectoryFQN + " with " + accessType);
        if (!this.bucketService.bucketExists(UserIDUtil.getUserRootBucketDirectory(userIDAuth.getUserID()))) {
            throw new UserIDDoesNotExistException(userIDAuth.getUserID());
        }
        if (!this.bucketService.bucketExists(UserIDUtil.getUserRootBucketDirectory(userID))) {
            throw new UserIDDoesNotExistException(userID);
        }
        BucketDirectory append = UserIDUtil.getHomeBucketDirectory(userIDAuth.getUserID()).append(new BucketDirectory(documentDirectoryFQN.getValue()));
        AccessType accessTypeOfBucketGrantFile = GrantUtil.getAccessTypeOfBucketGrantFile(this.bucketService, append, userIDAuth.getUserID(), userID);
        if (accessTypeOfBucketGrantFile.equals(accessType)) {
            LOGGER.debug("nothing to do. granted access already exists for " + userIDAuth + " to  " + userID + " for " + documentDirectoryFQN + " with " + accessType);
            return;
        }
        if (!accessTypeOfBucketGrantFile.equals(AccessType.NONE)) {
            LOGGER.debug("granted access for " + userIDAuth + " to  " + userID + " for " + documentDirectoryFQN + " will be changed from " + accessTypeOfBucketGrantFile + " to " + accessType);
        }
        DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = new DocumentKeyIDWithKeyAndAccessType(getOrCreateDocumentKeyIDwithKeyForBucketPath(userIDAuth, append, AccessType.WRITE).getDocumentKeyIDWithKey(), accessType);
        KeyStoreAccess keyStoreAccess = getKeyStoreAccess(new UserIDAuth(userID, null));
        if (AccessType.NONE.equals(accessType)) {
            deleteGuardForBucket(keyStoreAccess, documentKeyIDWithKeyAndAccessType, append);
            deleteCacheKey(keyStoreAccess, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
        } else {
            createAsymmetricGuardForBucket(keyStoreAccess, documentKeyIDWithKeyAndAccessType, append, OverwriteFlag.TRUE);
        }
        GrantUtil.saveBucketGrantFile(this.bucketService, append, userIDAuth.getUserID(), userID, accessType);
        LOGGER.debug("finished grant access for " + userIDAuth + " to  " + userID + " for " + documentDirectoryFQN + " with " + accessType);
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public void storeGrantedDocument(UserIDAuth userIDAuth, UserID userID, DSDocument dSDocument) {
        LOGGER.debug("start storeDocument for " + userIDAuth + " " + userID + " " + dSDocument.getDocumentFQN());
        SimpleStorageMetadataImpl simpleStorageMetadataImpl = new SimpleStorageMetadataImpl();
        simpleStorageMetadataImpl.mergeUserMetadata(dSDocument.getDsDocumentMetaInfo());
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userID, dSDocument.getDocumentFQN());
        DocumentKeyIDWithKeyAndAccessType documentKeyIDwithKeyForBucketPath = getDocumentKeyIDwithKeyForBucketPath(userIDAuth, theDocumentBucketPath.getBucketDirectory());
        if (!documentKeyIDwithKeyForBucketPath.getAccessType().equals(AccessType.WRITE)) {
            throw new NoWriteAccessException(userIDAuth.getUserID(), userID, dSDocument.getDocumentFQN());
        }
        if (dSDocument.getDsDocumentMetaInfo().isNotEncrypted()) {
            this.documentPersistenceService.persistDocument(theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadImpl(simpleStorageMetadataImpl, dSDocument.getDocumentContent().getValue()));
            LOGGER.debug("finished storeDocument unencrypted document for " + userIDAuth + " " + dSDocument.getDocumentFQN());
        } else {
            this.documentPersistenceService.encryptAndPersistDocument(documentKeyIDwithKeyForBucketPath.getDocumentKeyIDWithKey(), theDocumentBucketPath, OverwriteFlag.TRUE, new SimplePayloadImpl(simpleStorageMetadataImpl, dSDocument.getDocumentContent().getValue()));
            LOGGER.debug("finished storeDocument encrypted for " + userIDAuth + " " + userID + " " + dSDocument.getDocumentFQN());
        }
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public DSDocument readGrantedDocument(UserIDAuth userIDAuth, UserID userID, DocumentFQN documentFQN) {
        LOGGER.debug("start readDocument for " + userIDAuth + " " + userID + " " + documentFQN);
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userID, documentFQN);
        StorageMetadata storageMetadata = this.extendedStoreConnection.getStorageMetadata(theDocumentBucketPath);
        if (!DocumentPersistenceService.isNotEncrypted(storageMetadata.getUserMetadata())) {
            Payload loadAndDecryptDocument = this.documentPersistenceService.loadAndDecryptDocument(storageMetadata, getKeyStoreAccess(userIDAuth), theDocumentBucketPath);
            LOGGER.debug("finisherd read and decrypt Document for " + userIDAuth + " " + userID + " " + documentFQN);
            return new DSDocument(documentFQN, new DocumentContent(loadAndDecryptDocument.getData()), new DSDocumentMetaInfo(loadAndDecryptDocument.getStorageMetadata().getUserMetadata()));
        }
        checkUserKeyPassword(userIDAuth);
        if (getDocumentKeyIDwithKeyForBucketPath(userIDAuth, theDocumentBucketPath.getBucketDirectory()).getAccessType().equals(AccessType.NONE)) {
            throw new NoReadAccessException(userIDAuth.getUserID(), userID, documentFQN);
        }
        Payload loadDocument = this.documentPersistenceService.loadDocument(storageMetadata, theDocumentBucketPath);
        DSDocument dSDocument = new DSDocument(documentFQN, new DocumentContent(loadDocument.getData()), new DSDocumentMetaInfo(loadDocument.getStorageMetadata().getUserMetadata()));
        LOGGER.debug("finisherd readDocument for " + userIDAuth + " " + userID + " " + documentFQN);
        return dSDocument;
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public boolean grantedDocumentExists(UserIDAuth userIDAuth, UserID userID, DocumentFQN documentFQN) {
        LOGGER.debug("start grantedDocumentExists for " + userIDAuth + " " + userID + " " + documentFQN);
        DocumentBucketPath theDocumentBucketPath = getTheDocumentBucketPath(userID, documentFQN);
        checkUserKeyPassword(userIDAuth);
        return this.bucketService.fileExists(theDocumentBucketPath);
    }

    @Override // org.adorsys.docusafe.business.DocumentSafeService
    public JWK findPublicEncryptionKey(UserID userID) {
        return this.keySourceService.findPublicEncryptionKey(getKeyStoreAccess(new UserIDAuth(userID, null)));
    }

    private DocumentKeyID createSymmetricGuardForBucket(KeyStoreAccess keyStoreAccess, BucketDirectory bucketDirectory, AccessType accessType) {
        LOGGER.debug("start create new guard for " + bucketDirectory);
        DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = new DocumentKeyIDWithKeyAndAccessType(this.documentGuardService.createDocumentKeyIdWithKey(), accessType);
        createCachedDocumentGuardFor(GuardKeyType.SECRET_KEY, keyStoreAccess, documentKeyIDWithKeyAndAccessType, OverwriteFlag.FALSE);
        GuardUtil.saveBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), bucketDirectory, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
        LOGGER.debug("finished create new guard for " + bucketDirectory);
        return documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID();
    }

    private DocumentKeyID createAsymmetricGuardForBucket(KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, BucketDirectory bucketDirectory, OverwriteFlag overwriteFlag) {
        LOGGER.debug("start create asymmetric guard for " + bucketDirectory + " " + keyStoreAccess.getKeyStorePath().getBucketDirectory());
        createCachedDocumentGuardFor(GuardKeyType.PUBLIC_KEY, keyStoreAccess, documentKeyIDWithKeyAndAccessType, overwriteFlag);
        GuardUtil.saveBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), bucketDirectory, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
        LOGGER.debug("finished create asymmetric guard for " + bucketDirectory + " " + keyStoreAccess.getKeyStorePath().getBucketDirectory());
        return documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID();
    }

    private void deleteGuardForBucket(KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, BucketDirectory bucketDirectory) {
        LOGGER.debug("start delete guard for " + bucketDirectory);
        this.bucketService.deletePlainFile(DocumentGuardLocation.getBucketPathOfGuard(keyStoreAccess.getKeyStorePath(), documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()));
        GuardUtil.deleteBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), bucketDirectory);
        LOGGER.debug("finished delete guard for " + bucketDirectory);
    }

    private KeyStoreAccess getKeyStoreAccess(UserIDAuth userIDAuth) {
        return new KeyStoreAccess(UserIDUtil.getKeyStorePath(userIDAuth.getUserID()), UserIDUtil.getKeyStoreAuth(userIDAuth));
    }

    private DocumentBucketPath getTheDocumentBucketPath(UserID userID, DocumentFQN documentFQN) {
        return new DocumentBucketPath(UserIDUtil.getHomeBucketDirectory(userID).appendName(documentFQN.getValue()));
    }

    private DSDocument createWelcomeDocument() {
        return new DSDocument(new DocumentFQN("README.txt"), new DocumentContent("Welcome to the DocumentStore".getBytes()), null);
    }

    private DocumentKeyIDWithKeyAndAccessType getOrCreateDocumentKeyIDwithKeyForBucketPath(UserIDAuth userIDAuth, BucketDirectory bucketDirectory, AccessType accessType) {
        LOGGER.debug("search key for " + bucketDirectory);
        KeyStoreAccess keyStoreAccess = getKeyStoreAccess(userIDAuth);
        DocumentKeyID loadCachedDocumentKeyIDForDocumentDirectory = loadCachedDocumentKeyIDForDocumentDirectory(bucketDirectory);
        if (loadCachedDocumentKeyIDForDocumentDirectory == null) {
            loadCachedDocumentKeyIDForDocumentDirectory = GuardUtil.tryToLoadBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), bucketDirectory);
        }
        if (loadCachedDocumentKeyIDForDocumentDirectory == null) {
            loadCachedDocumentKeyIDForDocumentDirectory = createSymmetricGuardForBucket(keyStoreAccess, bucketDirectory, accessType);
        }
        cacheDocumentKeyIDForDocumentDirectory(bucketDirectory, loadCachedDocumentKeyIDForDocumentDirectory);
        DocumentKeyIDWithKeyAndAccessType loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard = loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, loadCachedDocumentKeyIDForDocumentDirectory);
        LOGGER.debug("found " + loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard + " for " + bucketDirectory);
        return loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard;
    }

    private DocumentKeyIDWithKeyAndAccessType getDocumentKeyIDwithKeyForBucketPath(UserIDAuth userIDAuth, BucketDirectory bucketDirectory) {
        LOGGER.debug("get key for " + bucketDirectory);
        KeyStoreAccess keyStoreAccess = getKeyStoreAccess(userIDAuth);
        DocumentKeyIDWithKeyAndAccessType loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard = loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, GuardUtil.loadBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), bucketDirectory));
        LOGGER.debug("found " + loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard + " for " + bucketDirectory);
        return loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard;
    }

    private void checkUserKeyPassword(UserIDAuth userIDAuth) {
        UserAuthCache userAuthCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getUserAuthCache() : null;
        if (userAuthCache != null) {
            LOGGER.debug("MemoryContext is used");
            ReadKeyPassword readKeyPassword = userAuthCache.get(userIDAuth.getUserID());
            if (readKeyPassword != null) {
                if (readKeyPassword.equals(userIDAuth.getReadKeyPassword())) {
                    LOGGER.debug("MemoryContext successful for " + userIDAuth.getUserID());
                    return;
                }
                userAuthCache.remove(userIDAuth.getUserID());
            }
        }
        KeyStoreAccess keyStoreAccess = getKeyStoreAccess(userIDAuth);
        DocumentKeyID tryToLoadBucketGuardKeyFile = GuardUtil.tryToLoadBucketGuardKeyFile(this.bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), UserIDUtil.getHomeBucketDirectory(userIDAuth.getUserID()));
        if (tryToLoadBucketGuardKeyFile == null) {
            throw new UserIDDoesNotExistException(userIDAuth.getUserID());
        }
        try {
            loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, tryToLoadBucketGuardKeyFile);
            if (userAuthCache != null) {
                userAuthCache.put(userIDAuth.getUserID(), userIDAuth.getReadKeyPassword());
            }
        } catch (BaseException e) {
            if (e.getCause() instanceof UnrecoverableEntryException) {
                throw new WrongPasswordException(userIDAuth.getUserID());
            }
        }
    }

    private DocumentKeyIDWithKeyAndAccessType loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) {
        DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = get(keyStoreAccess, documentKeyID);
        if (documentKeyIDWithKeyAndAccessType != null) {
            return documentKeyIDWithKeyAndAccessType;
        }
        DocumentKeyIDWithKeyAndAccessType loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard = this.documentGuardService.loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, documentKeyID);
        DocumentGuardCache documentGuardCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentGuardCache() : null;
        if (documentGuardCache != null) {
            String cacheKeyToString = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyID);
            documentGuardCache.put(cacheKeyToString, new PasswordAndDocumentKeyIDWithKeyAndAccessType(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword(), loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard));
            LOGGER.debug("AAA insert document key for cache key " + cacheKeyToString);
        }
        return loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard;
    }

    void createCachedDocumentGuardFor(GuardKeyType guardKeyType, KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, OverwriteFlag overwriteFlag) {
        this.documentGuardService.createDocumentGuardFor(guardKeyType, keyStoreAccess, documentKeyIDWithKeyAndAccessType, overwriteFlag);
        DocumentGuardCache documentGuardCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentGuardCache() : null;
        if (documentGuardCache != null) {
            String cacheKeyToString = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
            if (guardKeyType.equals(GuardKeyType.PUBLIC_KEY)) {
                deleteCacheKey(keyStoreAccess, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
            } else {
                documentGuardCache.put(cacheKeyToString, new PasswordAndDocumentKeyIDWithKeyAndAccessType(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword(), documentKeyIDWithKeyAndAccessType));
            }
        }
    }

    private void deleteCacheKey(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) {
        DocumentGuardCache documentGuardCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentGuardCache() : null;
        if (documentGuardCache != null) {
            documentGuardCache.remove(DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyID));
        }
    }

    private DocumentKeyID loadCachedDocumentKeyIDForDocumentDirectory(BucketDirectory bucketDirectory) {
        DocumentKeyIDCache documentKeyIDCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentKeyIDCache() : null;
        if (documentKeyIDCache != null) {
            return documentKeyIDCache.get(bucketDirectory);
        }
        return null;
    }

    private void cacheDocumentKeyIDForDocumentDirectory(BucketDirectory bucketDirectory, DocumentKeyID documentKeyID) {
        DocumentKeyIDCache documentKeyIDCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentKeyIDCache() : null;
        if (documentKeyIDCache == null) {
            return;
        }
        documentKeyIDCache.put(bucketDirectory, documentKeyID);
    }

    public DocumentKeyIDWithKeyAndAccessType get(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) {
        String cacheKeyToString;
        PasswordAndDocumentKeyIDWithKeyAndAccessType passwordAndDocumentKeyIDWithKeyAndAccessType;
        DocumentGuardCache documentGuardCache = this.docusafeCacheWrapper != null ? this.docusafeCacheWrapper.getDocumentGuardCache() : null;
        if (documentGuardCache == null || (passwordAndDocumentKeyIDWithKeyAndAccessType = documentGuardCache.get((cacheKeyToString = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyID)))) == null) {
            return null;
        }
        if (passwordAndDocumentKeyIDWithKeyAndAccessType.getReadKeyPassword().equals(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword())) {
            LOGGER.debug("AAA return document key for cache key " + cacheKeyToString);
            return documentGuardCache.get(cacheKeyToString).getDocumentKeyIDWithKeyAndAccessType();
        }
        documentGuardCache.remove(cacheKeyToString);
        return null;
    }

    public static String showCache(DocumentSafeService documentSafeService) {
        if (!(documentSafeService instanceof DocumentSafeServiceImpl)) {
            throw new BaseException("Instance of DocuementSafeService is not of DocumentSafeServiceImpl but " + documentSafeService.getClass().getName());
        }
        DocumentSafeServiceImpl documentSafeServiceImpl = (DocumentSafeServiceImpl) documentSafeService;
        return documentSafeServiceImpl.docusafeCacheWrapper == null ? "(DocusafeCacheWrapper is null)" : documentSafeServiceImpl.docusafeCacheWrapper.toString();
    }
}
