package de.adorsys.docusafe.business.impl;

import de.adorsys.common.exceptions.BaseException;
import de.adorsys.common.exceptions.BaseExceptionHandler;
import de.adorsys.dfs.connection.api.complextypes.BucketDirectory;
import de.adorsys.dfs.connection.api.complextypes.BucketPath;
import de.adorsys.dfs.connection.api.domain.Payload;
import de.adorsys.dfs.connection.api.domain.PayloadStream;
import de.adorsys.dfs.connection.api.service.api.DFSConnection;
import de.adorsys.dfs.connection.api.service.impl.SimplePayloadImpl;
import de.adorsys.dfs.connection.api.service.impl.SimplePayloadStreamImpl;
import de.adorsys.dfs.connection.api.types.ListRecursiveFlag;
import de.adorsys.dfs.connection.api.types.properties.ConnectionProperties;
import de.adorsys.dfs.connection.impl.factory.DFSConnectionFactory;
import de.adorsys.docusafe.business.DocumentSafeService;
import de.adorsys.docusafe.business.exceptions.UserExistsException;
import de.adorsys.docusafe.business.impl.jsonserialisation.Class2JsonHelper;
import de.adorsys.docusafe.business.types.DFSCredentials;
import de.adorsys.docusafe.business.types.DSDocument;
import de.adorsys.docusafe.business.types.DSDocumentStream;
import de.adorsys.docusafe.business.types.DocumentDirectoryFQN;
import de.adorsys.docusafe.business.types.DocumentFQN;
import de.adorsys.docusafe.business.types.EncryptionInputStreamWrapper;
import de.adorsys.docusafe.business.types.MoveType;
import de.adorsys.docusafe.service.api.bucketpathencryption.BucketPathEncryptionService;
import de.adorsys.docusafe.service.api.cmsencryption.CMSEncryptionService;
import de.adorsys.docusafe.service.api.keystore.KeyStoreService;
import de.adorsys.docusafe.service.api.keystore.types.KeyStoreAccess;
import de.adorsys.docusafe.service.api.keystore.types.KeyStoreAuth;
import de.adorsys.docusafe.service.api.keystore.types.KeyStoreCreationConfig;
import de.adorsys.docusafe.service.api.keystore.types.KeyStoreType;
import de.adorsys.docusafe.service.api.keystore.types.PublicKeyIDWithPublicKey;
import de.adorsys.docusafe.service.api.keystore.types.ReadStorePassword;
import de.adorsys.docusafe.service.api.types.DocumentContent;
import de.adorsys.docusafe.service.api.types.UserID;
import de.adorsys.docusafe.service.api.types.UserIDAuth;
import de.adorsys.docusafe.service.impl.bucketpathencryption.BucketPathEncryptionServiceImpl;
import de.adorsys.docusafe.service.impl.cmsencryption.services.CMSEncryptionServiceImpl;
import de.adorsys.docusafe.service.impl.keystore.service.KeyStoreServiceImpl;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.crypto.SecretKey;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/docusafe/business/impl/DocumentSafeServiceImpl.class */
public class DocumentSafeServiceImpl implements DocumentSafeService {
    private static final Logger log = LoggerFactory.getLogger(DocumentSafeServiceImpl.class);
    private final DFSConnection systemDFS;
    private final DFSCredentials defaultUserDFSCredentials;
    private final Class2JsonHelper class2JsonHelper = new Class2JsonHelper();
    private final BucketPathEncryptionService bucketPathEncryptionService = new BucketPathEncryptionServiceImpl();
    private final CMSEncryptionService cmsEncryptionService = new CMSEncryptionServiceImpl();
    private final KeyStoreService keyStoreService = new KeyStoreServiceImpl();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/adorsys/docusafe/business/impl/DocumentSafeServiceImpl$DFSAndKeystoreAndPath.class */
    public static final class DFSAndKeystoreAndPath {
        DFSConnection usersDFS;
        KeyStoreAccess privateKeystoreAccess;
        SecretKey pathEncryptionKey;
        BucketPath encryptedBucketPath;
        BucketDirectory encryptedBucketDirectory;

        private DFSAndKeystoreAndPath() {
        }
    }

    private DFSCredentials getDefaultDFSCredentials(ConnectionProperties connectionProperties) {
        return new DFSCredentials(connectionProperties);
    }

    public DocumentSafeServiceImpl(DFSConnection dFSConnection) {
        DFSCredentials dFSCredentials = new DFSCredentials(dFSConnection.getConnectionProperties());
        dFSCredentials.addRootBucket(DFSCredentials.TYPE.SYSTEM_DFS);
        this.systemDFS = DFSConnectionFactory.get(dFSCredentials.getProperties());
        DFSCredentials dFSCredentials2 = new DFSCredentials(dFSConnection.getConnectionProperties());
        dFSCredentials2.addRootBucket(DFSCredentials.TYPE.USERS_DFS);
        this.defaultUserDFSCredentials = new DFSCredentials(dFSCredentials2.getProperties());
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void createUser(UserIDAuth userIDAuth) {
        try {
            if (userExists(userIDAuth.getUserID())) {
                throw new UserExistsException(userIDAuth.getUserID());
            }
            KeyStoreAuth keyStoreAuth = new KeyStoreAuth(new ReadStorePassword(userIDAuth.getReadKeyPassword().getValue()), userIDAuth.getReadKeyPassword());
            KeyStore createKeyStore = this.keyStoreService.createKeyStore(keyStoreAuth, KeyStoreType.DEFAULT, new KeyStoreCreationConfig(1, 0, 0));
            persistKeystore(userIDAuth, createKeyStore, this.systemDFS);
            KeyStoreAccess keyStoreAccess = new KeyStoreAccess(createKeyStore, keyStoreAuth);
            DFSCredentials dFSCredentials = new DFSCredentials(this.defaultUserDFSCredentials);
            storeUserDFSCredentials(userIDAuth, keyStoreAccess, dFSCredentials);
            DFSConnection dFSConnection = DFSConnectionFactory.get(dFSCredentials.getProperties());
            KeyStoreAuth keyStoreAuth2 = new KeyStoreAuth(new ReadStorePassword(userIDAuth.getReadKeyPassword().getValue()), userIDAuth.getReadKeyPassword());
            KeyStore createKeyStore2 = this.keyStoreService.createKeyStore(keyStoreAuth2, KeyStoreType.DEFAULT, new KeyStoreCreationConfig(5, 0, 1));
            persistKeystore(userIDAuth, createKeyStore2, dFSConnection);
            this.systemDFS.putBlob(FolderHelper.getPublicKeyListPath(userIDAuth.getUserID()), this.class2JsonHelper.keyListToContent(this.keyStoreService.getPublicKeys(new KeyStoreAccess(createKeyStore2, keyStoreAuth2))));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void destroyUser(UserIDAuth userIDAuth) {
        getUsersDFS(userIDAuth).removeBlobFolder(FolderHelper.getRootDirectory(userIDAuth.getUserID()));
        this.systemDFS.removeBlobFolder(FolderHelper.getRootDirectory(userIDAuth.getUserID()));
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public boolean userExists(UserID userID) {
        return this.systemDFS.blobExists(FolderHelper.getKeyStorePath(userID));
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void registerDFSCredentials(UserIDAuth userIDAuth, DFSCredentials dFSCredentials) {
        try {
            DFSConnection dFSConnection = getUsersAccess(userIDAuth).usersDFS;
            DFSConnection dFSConnection2 = DFSConnectionFactory.get(dFSCredentials.getProperties());
            int i = 0;
            for (BucketPath bucketPath : dFSConnection.list(new BucketDirectory("/"), ListRecursiveFlag.TRUE)) {
                dFSConnection2.putBlob(bucketPath, dFSConnection.getBlob(bucketPath));
                i++;
            }
            log.debug("copied " + i + " from old dfs to new dfs");
            storeUserDFSCredentials(userIDAuth, getKeyStoreAccess(this.systemDFS, userIDAuth), dFSCredentials);
            dFSConnection.removeBlobFolder(new BucketDirectory("/"));
            log.debug("deleted user from old dfs");
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void storeDocument(UserIDAuth userIDAuth, DSDocument dSDocument) {
        DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, dSDocument.getDocumentFQN());
        usersAccess.usersDFS.putBlob(usersAccess.encryptedBucketPath, encryptDataForUserWithRandomKey(userIDAuth.getUserID(), new SimplePayloadImpl(dSDocument.getDocumentContent().getValue())));
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public DSDocument readDocument(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        try {
            DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentFQN);
            return new DSDocument(documentFQN, new DocumentContent(this.cmsEncryptionService.decrypt(new CMSEnvelopedData(usersAccess.usersDFS.getBlob(usersAccess.encryptedBucketPath).getData()), usersAccess.privateKeystoreAccess).getData()));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void storeDocumentStream(UserIDAuth userIDAuth, DSDocumentStream dSDocumentStream) {
        try {
            DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, dSDocumentStream.getDocumentFQN());
            PublicKeyIDWithPublicKey publicKeyIDWithPublicKey = getPublicKeyIDWithPublicKey(userIDAuth.getUserID());
            usersAccess.usersDFS.putBlobStream(usersAccess.encryptedBucketPath, new SimplePayloadStreamImpl(this.cmsEncryptionService.buildEncryptionInputStream(dSDocumentStream.getDocumentStream(), publicKeyIDWithPublicKey.getPublicKey(), publicKeyIDWithPublicKey.getKeyID())));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public DSDocumentStream readDocumentStream(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        try {
            DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentFQN);
            PayloadStream blobStream = usersAccess.usersDFS.getBlobStream(usersAccess.encryptedBucketPath);
            return new DSDocumentStream(documentFQN, new EncryptionInputStreamWrapper(this.cmsEncryptionService.buildDecryptionInputStream(blobStream.openStream(), usersAccess.privateKeystoreAccess), blobStream.openStream()));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void deleteDocument(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentFQN);
        usersAccess.usersDFS.removeBlob(usersAccess.encryptedBucketPath);
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public boolean documentExists(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentFQN);
        return usersAccess.usersDFS.blobExists(usersAccess.encryptedBucketPath);
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void deleteFolder(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN) {
        DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentDirectoryFQN);
        usersAccess.usersDFS.removeBlobFolder(usersAccess.encryptedBucketDirectory);
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public List<DocumentFQN> list(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN, ListRecursiveFlag listRecursiveFlag) {
        ArrayList arrayList = new ArrayList();
        DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentDirectoryFQN);
        List list = usersAccess.usersDFS.list(usersAccess.encryptedBucketDirectory, listRecursiveFlag);
        String value = FolderHelper.getHomeDirectory(userIDAuth.getUserID()).getValue();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String value2 = this.bucketPathEncryptionService.decrypt(usersAccess.pathEncryptionKey, (BucketPath) it.next()).getValue();
            if (!value2.startsWith(value)) {
                throw new BaseException("ProgrammingError:" + value2 + " does not start with " + value);
            }
            arrayList.add(new DocumentFQN(value2.substring(value.length())));
        }
        return arrayList;
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public List<DocumentFQN> listInbox(UserIDAuth userIDAuth) {
        ArrayList arrayList = new ArrayList();
        BucketDirectory inboxDirectory = FolderHelper.getInboxDirectory(userIDAuth.getUserID());
        String value = inboxDirectory.getValue();
        Iterator it = this.systemDFS.list(inboxDirectory, ListRecursiveFlag.TRUE).iterator();
        while (it.hasNext()) {
            String value2 = ((BucketPath) it.next()).getValue();
            if (!value2.startsWith(value)) {
                throw new BaseException("ProgrammingError:" + value2 + " does not start with " + value);
            }
            arrayList.add(new DocumentFQN(value2.substring(value.length())));
        }
        return arrayList;
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void writeDocumentToInboxOfUser(UserID userID, DSDocument dSDocument, DocumentFQN documentFQN) {
        Payload encryptDataForUserWithRandomKey = encryptDataForUserWithRandomKey(userID, new SimplePayloadImpl(dSDocument.getDocumentContent().getValue()));
        this.systemDFS.putBlob(FolderHelper.getInboxDirectory(userID).appendName(documentFQN.getValue()), encryptDataForUserWithRandomKey);
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public DSDocument readDocumentFromInbox(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        try {
            Payload blob = this.systemDFS.getBlob(FolderHelper.getInboxDirectory(userIDAuth.getUserID()).appendName(documentFQN.getValue()));
            DFSAndKeystoreAndPath usersAccess = getUsersAccess(userIDAuth, documentFQN);
            return new DSDocument(documentFQN, new DocumentContent(this.cmsEncryptionService.decrypt(new CMSEnvelopedData(blob.getData()), usersAccess.privateKeystoreAccess).getData()));
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void deleteDocumentFromInbox(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        this.systemDFS.removeBlob(FolderHelper.getInboxDirectory(userIDAuth.getUserID()).appendName(documentFQN.getValue()));
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public void moveDocumnetToInboxOfUser(UserIDAuth userIDAuth, UserID userID, DocumentFQN documentFQN, DocumentFQN documentFQN2, MoveType moveType) {
        writeDocumentToInboxOfUser(userID, readDocument(userIDAuth, documentFQN), documentFQN2);
        if (moveType.equals(MoveType.MOVE)) {
            deleteDocument(userIDAuth, documentFQN);
        }
    }

    @Override // de.adorsys.docusafe.business.DocumentSafeService
    public DSDocument moveDocumentFromInbox(UserIDAuth userIDAuth, DocumentFQN documentFQN, DocumentFQN documentFQN2) {
        DSDocument dSDocument = new DSDocument(documentFQN2, readDocumentFromInbox(userIDAuth, documentFQN).getDocumentContent());
        storeDocument(userIDAuth, dSDocument);
        deleteDocumentFromInbox(userIDAuth, documentFQN);
        return dSDocument;
    }

    private void persistKeystore(UserIDAuth userIDAuth, KeyStore keyStore, DFSConnection dFSConnection) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, userIDAuth.getReadKeyPassword().getValue().toCharArray());
        dFSConnection.putBlob(FolderHelper.getKeyStorePath(userIDAuth.getUserID()), new SimplePayloadImpl(byteArrayOutputStream.toByteArray()));
    }

    private DFSConnection getUsersDFS(UserIDAuth userIDAuth) {
        try {
            KeyStoreAccess keyStoreAccess = getKeyStoreAccess(this.systemDFS, userIDAuth);
            return DFSConnectionFactory.get(this.class2JsonHelper.contentToDFSConnection(this.cmsEncryptionService.decrypt(new CMSEnvelopedData(this.systemDFS.getBlob(FolderHelper.getDFSCredentialsPath(userIDAuth.getUserID())).getData()), keyStoreAccess)).getProperties());
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    private KeyStoreAccess getKeyStoreAccess(DFSConnection dFSConnection, UserIDAuth userIDAuth) {
        try {
            KeyStoreAuth keyStoreAuth = new KeyStoreAuth(new ReadStorePassword(userIDAuth.getReadKeyPassword().getValue()), userIDAuth.getReadKeyPassword());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(dFSConnection.getBlob(FolderHelper.getKeyStorePath(userIDAuth.getUserID())).getData());
            KeyStore keyStore = KeyStore.getInstance(KeyStoreType.DEFAULT.getValue());
            keyStore.load(byteArrayInputStream, userIDAuth.getReadKeyPassword().getValue().toCharArray());
            return new KeyStoreAccess(keyStore, keyStoreAuth);
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    private DFSAndKeystoreAndPath getUsersAccess(UserIDAuth userIDAuth) {
        return getUsersAccess(userIDAuth, null, null);
    }

    private DFSAndKeystoreAndPath getUsersAccess(UserIDAuth userIDAuth, DocumentFQN documentFQN) {
        return getUsersAccess(userIDAuth, null, documentFQN);
    }

    private DFSAndKeystoreAndPath getUsersAccess(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN) {
        return getUsersAccess(userIDAuth, documentDirectoryFQN, null);
    }

    private DFSAndKeystoreAndPath getUsersAccess(UserIDAuth userIDAuth, DocumentDirectoryFQN documentDirectoryFQN, DocumentFQN documentFQN) {
        DFSAndKeystoreAndPath dFSAndKeystoreAndPath = new DFSAndKeystoreAndPath();
        dFSAndKeystoreAndPath.usersDFS = getUsersDFS(userIDAuth);
        dFSAndKeystoreAndPath.pathEncryptionKey = this.keyStoreService.getRandomSecretKeyID(getKeyStoreAccess(dFSAndKeystoreAndPath.usersDFS, userIDAuth)).getSecretKey();
        dFSAndKeystoreAndPath.privateKeystoreAccess = getKeyStoreAccess(dFSAndKeystoreAndPath.usersDFS, userIDAuth);
        if (documentFQN != null) {
            dFSAndKeystoreAndPath.encryptedBucketPath = this.bucketPathEncryptionService.encrypt(dFSAndKeystoreAndPath.pathEncryptionKey, FolderHelper.getHomeDirectory(userIDAuth.getUserID()).appendName(documentFQN.getValue()));
        }
        if (documentDirectoryFQN != null) {
            dFSAndKeystoreAndPath.encryptedBucketDirectory = this.bucketPathEncryptionService.encrypt(dFSAndKeystoreAndPath.pathEncryptionKey, FolderHelper.getHomeDirectory(userIDAuth.getUserID()).appendDirectory(documentDirectoryFQN.getValue()));
        }
        return dFSAndKeystoreAndPath;
    }

    private Payload encryptDataForUserWithRandomKey(UserID userID, Payload payload) {
        try {
            PublicKeyIDWithPublicKey publicKeyIDWithPublicKey = getPublicKeyIDWithPublicKey(userID);
            return new SimplePayloadImpl(this.cmsEncryptionService.encrypt(new SimplePayloadImpl(payload.getData()), publicKeyIDWithPublicKey.getPublicKey(), publicKeyIDWithPublicKey.getKeyID()).getEncoded());
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    private PublicKeyIDWithPublicKey getPublicKeyIDWithPublicKey(UserID userID) {
        List<PublicKeyIDWithPublicKey> contentToKeyList = this.class2JsonHelper.contentToKeyList(this.systemDFS.getBlob(FolderHelper.getPublicKeyListPath(userID)));
        return contentToKeyList.get(new Random().nextInt(contentToKeyList.size()));
    }

    private void storeUserDFSCredentials(UserIDAuth userIDAuth, KeyStoreAccess keyStoreAccess, DFSCredentials dFSCredentials) throws IOException {
        PublicKeyIDWithPublicKey publicKeyIDWithPublicKey = (PublicKeyIDWithPublicKey) this.keyStoreService.getPublicKeys(keyStoreAccess).get(0);
        this.systemDFS.putBlob(FolderHelper.getDFSCredentialsPath(userIDAuth.getUserID()), new SimplePayloadImpl(this.cmsEncryptionService.encrypt(this.class2JsonHelper.dfsCredentialsToContent(dFSCredentials), publicKeyIDWithPublicKey.getPublicKey(), publicKeyIDWithPublicKey.getKeyID()).getEncoded()));
        log.debug("stored the new dfs credentials info");
    }
}
