package de.mhus.app.vault.core;

import de.mhus.app.vault.api.CherryVaultApi;
import de.mhus.app.vault.api.ifc.SecretContent;
import de.mhus.app.vault.api.ifc.SecretGenerator;
import de.mhus.app.vault.api.ifc.TargetCondition;
import de.mhus.app.vault.api.ifc.TargetProcessor;
import de.mhus.app.vault.api.model.VaultArchive;
import de.mhus.app.vault.api.model.VaultEntry;
import de.mhus.app.vault.api.model.VaultGroup;
import de.mhus.app.vault.api.model.VaultTarget;
import de.mhus.app.vault.api.model.WritableEntry;
import de.mhus.crypt.api.CryptApi;
import de.mhus.lib.adb.DbCollection;
import de.mhus.lib.adb.query.AQuery;
import de.mhus.lib.adb.query.Db;
import de.mhus.lib.core.IProperties;
import de.mhus.lib.core.IReadProperties;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MLog;
import de.mhus.lib.core.MProperties;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.aaa.Aaa;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.crypt.pem.PemBlockList;
import de.mhus.lib.core.crypt.pem.PemUtil;
import de.mhus.lib.core.logging.ITracer;
import de.mhus.lib.core.util.EmptyList;
import de.mhus.lib.core.util.SecureString;
import de.mhus.lib.errors.AccessDeniedException;
import de.mhus.lib.errors.MException;
import de.mhus.lib.errors.NotFoundException;
import de.mhus.lib.errors.UsageException;
import de.mhus.lib.xdb.XdbService;
import de.mhus.osgi.api.MOsgi;
import io.opentracing.Scope;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;

@Component(immediate = true)
/* loaded from: input_file:de/mhus/app/vault/core/VaultApiImpl.class */
public class VaultApiImpl extends MLog implements CherryVaultApi {
    public static final Date END_OF_DAYS = new Date(1100, 0, 1);
    private static final String DEFAULT_GROUP_NAME = "default";
    private static final CfgString CFG_DEFAULT_GROUP_NAME = new CfgString(CherryVaultApi.class, "defaultGroup", DEFAULT_GROUP_NAME);
    private static final int INDEXES = 5;
    public static VaultApiImpl instance;

    @Activate
    public void doActivate(ComponentContext componentContext) {
        instance = this;
    }

    @Deactivate
    public void doDeactivate(ComponentContext componentContext) {
        instance = null;
    }

    public String createSecret(String str, Date date, Date date2, IProperties iProperties, String[] strArr) throws MException {
        Scope enter = ITracer.get().enter("createSecret", new Object[]{"group", str, "validFrom", date, "validTo", date2, "properties", iProperties, "index", strArr});
        if (date == null) {
            try {
                date = new Date();
            } catch (Throwable th) {
                if (enter != null) {
                    try {
                        enter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (date2 == null) {
            date2 = END_OF_DAYS;
        }
        VaultGroup group = getGroup(str);
        if (!Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
            throw new AccessDeniedException("Write access to group denied", new Object[]{str});
        }
        String secretGeneratorName = group.getSecretGeneratorName();
        if (MString.isEmpty(secretGeneratorName)) {
            throw new UsageException("Group can't generate secrets", new Object[]{str});
        }
        SecretContent generateSecret = getGenerator(secretGeneratorName).generateSecret(group, iProperties);
        if (generateSecret == null) {
            throw new MException(409, "Secret is null", new Object[0]);
        }
        String uuid = UUID.randomUUID().toString();
        log().d("create secret", new Object[]{str, uuid});
        LinkedList<VaultEntry> linkedList = new LinkedList<>();
        processGroupTargets(group, iProperties, uuid, generateSecret, linkedList);
        if (linkedList.size() == 0) {
            if (enter != null) {
                enter.close();
            }
            return null;
        }
        updateIndexes(linkedList, strArr, iProperties);
        saveEntries(str, linkedList, date, date2);
        ITracer.get().current().setTag("secretId", uuid);
        if (enter != null) {
            enter.close();
        }
        return uuid;
    }

    public void updateIndexes(LinkedList<VaultEntry> linkedList, String[] strArr, IProperties iProperties) {
        linkedList.forEach(vaultEntry -> {
            if (strArr != null) {
                for (int i = 0; i < strArr.length; i++) {
                    String str = strArr[i];
                    if (!MString.isEmpty(str)) {
                        switch (i) {
                            case 0:
                                vaultEntry.setIndex0(str);
                                break;
                            case 1:
                                vaultEntry.setIndex1(str);
                                break;
                            case 2:
                                vaultEntry.setIndex2(str);
                                break;
                            case 3:
                                vaultEntry.setIndex3(str);
                                break;
                            case 4:
                                vaultEntry.setIndex4(str);
                                break;
                        }
                    }
                }
            }
            if (iProperties != null) {
                for (Map.Entry entry : iProperties.entrySet()) {
                    if (!vaultEntry.getProperties().containsKey(entry.getKey())) {
                        vaultEntry.getProperties().put((String) entry.getKey(), entry.getValue());
                    }
                }
            }
        });
    }

    public void createUpdate(String str, Date date, Date date2, IProperties iProperties, String[] strArr) throws MException {
        Scope enter = ITracer.get().enter("createUpdate", new Object[]{"secretId", str, "validFrom", date, "validTo", date2, "properties", iProperties, "index", strArr});
        if (date == null) {
            try {
                date = new Date();
            } catch (Throwable th) {
                if (enter != null) {
                    try {
                        enter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (date2 == null) {
            date2 = END_OF_DAYS;
        }
        String findGroupNameForSecretId = findGroupNameForSecretId(str);
        VaultGroup group = getGroup(findGroupNameForSecretId);
        if (iProperties == null) {
            iProperties = new MProperties();
        }
        List<VaultEntry> secrets = getSecrets(str);
        if (secrets.size() > 0) {
            for (Map.Entry entry : secrets.get(0).getProperties().entrySet()) {
                if (!iProperties.containsKey(entry.getKey())) {
                    iProperties.put((String) entry.getKey(), entry.getValue());
                }
            }
            strArr = fillIndex(strArr, secrets.get(0));
        }
        if (!Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
            throw new AccessDeniedException("Write access to group denied", new Object[]{findGroupNameForSecretId});
        }
        if (!group.isAllowUpdate()) {
            throw new AccessDeniedException("The group dos not allow updates", new Object[]{findGroupNameForSecretId});
        }
        String secretGeneratorName = group.getSecretGeneratorName();
        if (MString.isEmpty(secretGeneratorName)) {
            throw new UsageException("Group can't generate secrets", new Object[]{findGroupNameForSecretId});
        }
        SecretContent generateSecret = getGenerator(secretGeneratorName).generateSecret(group, iProperties);
        if (generateSecret == null) {
            throw new MException(409, "Secret is null", new Object[0]);
        }
        log().d("create update", new Object[]{findGroupNameForSecretId, str});
        LinkedList<VaultEntry> linkedList = new LinkedList<>();
        processGroupTargets(group, iProperties, str, generateSecret, linkedList);
        updateEntriesValidTo(str, date);
        updateIndexes(linkedList, strArr, iProperties);
        saveEntries(findGroupNameForSecretId, linkedList, date, date2);
        if (enter != null) {
            enter.close();
        }
    }

    private String[] fillIndex(String[] strArr, VaultEntry vaultEntry) {
        String[] strArr2 = new String[INDEXES];
        for (int i = 0; i < strArr2.length; i++) {
            strArr2[i] = null;
            if (strArr != null && strArr.length > i && MString.isSet(strArr[i])) {
                strArr2[i] = strArr[i];
            }
            if (MString.isEmpty(strArr2[i])) {
                switch (i) {
                    case 0:
                        strArr2[i] = vaultEntry.getIndex0();
                        break;
                    case 1:
                        strArr2[i] = vaultEntry.getIndex1();
                        break;
                    case 2:
                        strArr2[i] = vaultEntry.getIndex2();
                        break;
                    case 3:
                        strArr2[i] = vaultEntry.getIndex3();
                        break;
                    case 4:
                        strArr2[i] = vaultEntry.getIndex4();
                        break;
                }
            }
        }
        return strArr2;
    }

    public String importSecret(String str, Date date, Date date2, SecretContent secretContent, IProperties iProperties, String[] strArr) throws MException {
        Scope enter = ITracer.get().enter("importSecret", new Object[]{"group", str, "validFrom", date, "validTo", date2, "properties", iProperties, "index", strArr});
        if (date == null) {
            try {
                date = new Date();
            } catch (Throwable th) {
                if (enter != null) {
                    try {
                        enter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (date2 == null) {
            date2 = END_OF_DAYS;
        }
        VaultGroup group = getGroup(str);
        if (!Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
            throw new AccessDeniedException("Write access to group denied", new Object[]{str});
        }
        if (secretContent == null || secretContent.getContent() == null || secretContent.getContent().isNull()) {
            throw new MException(400, "Secret is null", new Object[0]);
        }
        if (group.getMaxImportLength() > 0 && secretContent.getContent().length() > group.getMaxImportLength()) {
            throw new MException(409, "Secret out of bounds", new Object[]{Integer.valueOf(group.getMaxImportLength())});
        }
        String uuid = UUID.randomUUID().toString();
        log().d("import secret", new Object[]{str, uuid});
        LinkedList<VaultEntry> linkedList = new LinkedList<>();
        processGroupTargets(group, iProperties, uuid, secretContent, linkedList);
        updateIndexes(linkedList, strArr, iProperties);
        saveEntries(str, linkedList, date, date2);
        ITracer.get().current().setTag("secretId", uuid);
        if (enter != null) {
            enter.close();
        }
        return uuid;
    }

    public void importUpdate(String str, Date date, Date date2, SecretContent secretContent, IProperties iProperties, String[] strArr) throws MException {
        Scope enter = ITracer.get().enter("importUpdate", new Object[]{"secretId", str, "validFrom", date, "validTo", date2, "properties", iProperties, "index", strArr});
        if (date == null) {
            try {
                date = new Date();
            } catch (Throwable th) {
                if (enter != null) {
                    try {
                        enter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (date2 == null) {
            date2 = END_OF_DAYS;
        }
        String findGroupNameForSecretId = findGroupNameForSecretId(str);
        VaultGroup group = getGroup(findGroupNameForSecretId);
        if (iProperties == null) {
            iProperties = new MProperties();
        }
        List<VaultEntry> secrets = getSecrets(str);
        if (secrets.size() > 0) {
            for (Map.Entry entry : secrets.get(0).getProperties().entrySet()) {
                if (!iProperties.containsKey(entry.getKey())) {
                    iProperties.put((String) entry.getKey(), entry.getValue());
                }
            }
            strArr = fillIndex(strArr, secrets.get(0));
        }
        System.out.println("Index: " + Arrays.toString(strArr) + " " + iProperties);
        if (!Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
            throw new AccessDeniedException("Write access to group denied", new Object[]{findGroupNameForSecretId});
        }
        if (!group.isAllowUpdate()) {
            throw new AccessDeniedException("The group dos not allow updates", new Object[]{findGroupNameForSecretId});
        }
        if (secretContent == null || secretContent.getContent() == null || secretContent.getContent().isNull()) {
            throw new MException(400, "Secret is null", new Object[0]);
        }
        if (group.getMaxImportLength() > 0 && secretContent.getContent().length() > group.getMaxImportLength()) {
            throw new MException(409, "Secret out of bounds", new Object[]{Integer.valueOf(group.getMaxImportLength())});
        }
        log().d("import update", new Object[]{findGroupNameForSecretId, str});
        LinkedList<VaultEntry> linkedList = new LinkedList<>();
        processGroupTargets(group, iProperties, str, secretContent, linkedList);
        updateEntriesValidTo(str, date);
        updateIndexes(linkedList, strArr, iProperties);
        saveEntries(findGroupNameForSecretId, linkedList, date, date2);
        if (enter != null) {
            enter.close();
        }
    }

    public void deleteSecret(String str) throws MException {
        Scope enter = ITracer.get().enter("deleteSecret", new Object[]{"secretId", str});
        try {
            String findGroupNameForSecretId = findGroupNameForSecretId(str);
            VaultGroup group = getGroup(findGroupNameForSecretId);
            if (!Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
                throw new AccessDeniedException("Write access to group denied", new Object[]{findGroupNameForSecretId});
            }
            log().d("delete secret", new Object[]{findGroupNameForSecretId, str});
            DbCollection<VaultEntry> byQualification = StaticAccess.db.getManager().getByQualification(Db.query(VaultEntry.class).eq("secretid", str));
            for (VaultEntry vaultEntry : byQualification) {
                ((VaultArchive) StaticAccess.db.getManager().inject(new VaultArchive(vaultEntry))).save();
                vaultEntry.delete();
            }
            byQualification.close();
            if (enter != null) {
                enter.close();
            }
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void undeleteSecret(String str) throws MException {
        Scope enter = ITracer.get().enter("undeleteSecret", new Object[]{"secretId", str});
        try {
            VaultArchive vaultArchive = (VaultArchive) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultArchive.class).eq("secretid", str));
            if (vaultArchive == null) {
                throw new NotFoundException("secretId not found", new Object[]{str});
            }
            String group = vaultArchive.getGroup();
            VaultGroup group2 = getGroup(group);
            if (!Aaa.isPermitted(group2.getWriteAcl(), VaultGroup.class, "u", group2.getName())) {
                throw new AccessDeniedException("Write access to group denied", new Object[]{group});
            }
            log().d("undelete secret", new Object[]{group, str});
            DbCollection<VaultEntry> byQualification = StaticAccess.db.getManager().getByQualification(Db.query(VaultArchive.class).eq("secretid", str));
            for (VaultEntry vaultEntry : byQualification) {
                ((VaultEntry) StaticAccess.db.getManager().inject(new VaultEntry(vaultEntry))).save();
                vaultEntry.delete();
            }
            byQualification.close();
            if (enter != null) {
                enter.close();
            }
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public VaultEntry getSecret(String str, String str2) throws NotFoundException {
        Scope enter = ITracer.get().enter("getSecret", new Object[]{"secretId", str, "targetName", str2});
        try {
            VaultTarget target = getTarget(str2);
            if (!Aaa.isPermitted(target.getReadAcl(), VaultTarget.class, "r", target.getName())) {
                throw new AccessDeniedException("Read access to target denied", new Object[]{str2});
            }
            try {
                VaultEntry vaultEntry = (VaultEntry) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultEntry.class).eq("secretid", str).eq("target", str2));
                if (vaultEntry == null) {
                    throw new NotFoundException("secret not found", new Object[]{str, target});
                }
                if (enter != null) {
                    enter.close();
                }
                return vaultEntry;
            } catch (MException e) {
                throw new NotFoundException(str, new Object[]{target, e});
            }
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public List<VaultEntry> getSecrets(String str) throws MException {
        Scope enter = ITracer.get().enter("getSecrets", new Object[]{"secretId", str});
        try {
            Date date = new Date();
            AQuery gt = Db.query(VaultEntry.class).le("validfrom", date).gt("validto", date);
            gt.eq("secretid", str);
            LinkedList linkedList = new LinkedList();
            for (VaultEntry vaultEntry : StaticAccess.db.getManager().getByQualification(gt)) {
                try {
                    VaultTarget target = getTarget(vaultEntry.getTarget());
                    if (Aaa.isPermitted(target.getReadAcl(), VaultTarget.class, "r", target.getName())) {
                        linkedList.add(vaultEntry);
                    }
                } catch (NotFoundException e) {
                    log().d("get secrets failed", new Object[]{vaultEntry, e.toString()});
                    log().t(e);
                }
            }
            if (enter != null) {
                enter.close();
            }
            return linkedList;
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void saveEntries(String str, LinkedList<VaultEntry> linkedList, Date date, Date date2) {
        Iterator<VaultEntry> it = linkedList.iterator();
        while (it.hasNext()) {
            VaultEntry next = it.next();
            try {
                next.setValidFrom(date);
                next.setValidTo(date2);
                next.save();
            } catch (Throwable th) {
                log().w(str, new Object[]{next, th});
            }
        }
    }

    private void processGroupTargets(VaultGroup vaultGroup, IProperties iProperties, String str, SecretContent secretContent, LinkedList<VaultEntry> linkedList) throws MException {
        VaultGroup mustHaveGroup;
        Iterator it = vaultGroup.getTargets().iterator();
        while (it.hasNext()) {
            processTarget(vaultGroup, (String) it.next(), iProperties, str, secretContent, linkedList);
        }
        if (linkedList.isEmpty() || (mustHaveGroup = getMustHaveGroup(vaultGroup.getName())) == null) {
            return;
        }
        Iterator it2 = mustHaveGroup.getTargets().iterator();
        while (it2.hasNext()) {
            processTarget(vaultGroup, (String) it2.next(), iProperties, str, secretContent, linkedList);
        }
    }

    public void processTarget(VaultGroup vaultGroup, String str, IProperties iProperties, String str2, SecretContent secretContent, LinkedList<VaultEntry> linkedList) throws NotFoundException, MException {
        VaultEntry processTarget;
        VaultTarget target = getTarget(str);
        if (!checkProcessConditions(vaultGroup, iProperties, target) || (processTarget = processTarget(vaultGroup, iProperties, target, str2, secretContent)) == null) {
            return;
        }
        linkedList.add(processTarget);
    }

    private VaultGroup getMustHaveGroup(String str) throws NotFoundException {
        try {
            VaultGroup vaultGroup = (VaultGroup) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultGroup.class).eq("name", CFG_DEFAULT_GROUP_NAME.value()));
            if (vaultGroup == null) {
                log().w("Unique group not found", new Object[]{CFG_DEFAULT_GROUP_NAME.value()});
                return null;
            }
            if (vaultGroup.isEnabled()) {
                return vaultGroup;
            }
            return null;
        } catch (MException e) {
            throw new NotFoundException((String) CFG_DEFAULT_GROUP_NAME.value(), new Object[]{e});
        }
    }

    public VaultEntry processTarget(VaultGroup vaultGroup, IProperties iProperties, VaultTarget vaultTarget, String str, SecretContent secretContent) throws MException {
        try {
            TargetProcessor processor = getProcessor(vaultTarget.getProcessorName());
            WritableEntry writableEntry = new WritableEntry();
            for (String str2 : vaultTarget.getProcessorConfig().getString("properties2meta.mapping", "").split(",")) {
                String str3 = str2;
                String str4 = str2;
                int indexOf = str2.indexOf(61);
                if (indexOf > 0) {
                    str3 = str2.substring(indexOf + 1);
                    str4 = str2.substring(0, indexOf);
                }
                writableEntry.getMeta().put(str4, iProperties.get(str3));
            }
            processor.process(iProperties, vaultTarget.getProcessorConfig(), secretContent, writableEntry);
            writableEntry.setGroup(vaultGroup.getName());
            writableEntry.setTarget(vaultTarget.getName());
            writableEntry.setSecretId(str);
            return (VaultEntry) StaticAccess.db.getManager().inject(new VaultEntry(writableEntry));
        } catch (Throwable th) {
            log().e("error executing target", new Object[]{vaultGroup, vaultTarget, str, th.toString()});
            throw th;
        }
    }

    public TargetProcessor getProcessor(String str) throws NotFoundException {
        return (TargetProcessor) MOsgi.getService(TargetProcessor.class, "(name=" + str + ")");
    }

    public boolean checkProcessConditions(VaultGroup vaultGroup, IProperties iProperties, VaultTarget vaultTarget) throws NotFoundException {
        String conditionNames;
        if (!vaultTarget.isEnabled() || (conditionNames = vaultTarget.getConditionNames()) == null) {
            return false;
        }
        for (String str : conditionNames.split(",")) {
            IReadProperties conditionConfig = vaultTarget.getConditionConfig(str);
            if (!getConditionCheck(conditionConfig.getString("service", str)).check(iProperties, conditionConfig)) {
                return false;
            }
        }
        return true;
    }

    public TargetCondition getConditionCheck(String str) throws NotFoundException {
        return (TargetCondition) MOsgi.getService(TargetCondition.class, "(name=" + str + ")");
    }

    public SecretGenerator getGenerator(String str) throws NotFoundException {
        return (SecretGenerator) MOsgi.getService(SecretGenerator.class, "(name=" + str + ")");
    }

    public VaultGroup getGroup(String str) throws NotFoundException {
        try {
            VaultGroup vaultGroup = (VaultGroup) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultGroup.class).eq("name", str));
            if (vaultGroup.isEnabled()) {
                return vaultGroup;
            }
            throw new NotFoundException("Group is disabled", new Object[]{str});
        } catch (MException e) {
            throw new NotFoundException(str, new Object[]{e});
        }
    }

    public VaultTarget getTarget(String str) throws NotFoundException {
        try {
            VaultTarget vaultTarget = (VaultTarget) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultTarget.class).eq("name", str));
            if (vaultTarget == null) {
                throw new NotFoundException("Target not exists", new Object[]{str});
            }
            return vaultTarget;
        } catch (MException e) {
            throw new NotFoundException(str, new Object[]{e});
        }
    }

    private String findGroupNameForSecretId(String str) throws NotFoundException {
        try {
            VaultEntry vaultEntry = (VaultEntry) StaticAccess.db.getManager().getObjectByQualification(Db.query(VaultEntry.class).eq("secretid", str).ne("group", CFG_DEFAULT_GROUP_NAME.value()));
            if (vaultEntry == null) {
                throw new NotFoundException("secretId not found", new Object[]{str});
            }
            return vaultEntry.getGroup();
        } catch (MException e) {
            throw new NotFoundException(str, new Object[]{e});
        }
    }

    private void updateEntriesValidTo(String str, Date date) throws MException {
        Date date2 = new Date();
        DbCollection<VaultEntry> byQualification = StaticAccess.db.getManager().getByQualification(Db.query(VaultEntry.class).eq("secretid", str).le("validfrom", date2).gt("validto", date2));
        for (VaultEntry vaultEntry : byQualification) {
            log().t("Update validTo", new Object[]{vaultEntry.getId(), vaultEntry.getValidTo(), date});
            vaultEntry.setValidTo(date);
            vaultEntry.save();
        }
        byQualification.close();
    }

    public String importSecret(String str, Date date, Date date2, String str2, IProperties iProperties, String[] strArr) throws MException {
        SecretContent secretContent;
        VaultGroup group = getGroup(str);
        if (iProperties == null) {
            iProperties = new MProperties();
        }
        if (PemUtil.isPemBlock(str2)) {
            CryptApi cryptApi = (CryptApi) M.l(CryptApi.class);
            PemBlockList pemBlockList = new PemBlockList(str2);
            CherryVaultProcessContext cherryVaultProcessContext = new CherryVaultProcessContext(iProperties);
            cryptApi.processPemBlocks(cherryVaultProcessContext, pemBlockList);
            if (cherryVaultProcessContext.getLastSecret() == null) {
                throw new MException(400, "can't decode secret", new Object[0]);
            }
            secretContent = new SecretContent(cherryVaultProcessContext.getLastSecret(), new MProperties());
        } else {
            if (!group.isAllowUnencrypted()) {
                throw new AccessDeniedException("Need to encrypt secrets", new Object[]{str});
            }
            secretContent = new SecretContent(new SecureString(str2), new MProperties());
        }
        return importSecret(str, date, date2, secretContent, iProperties, strArr);
    }

    public void importUpdate(String str, Date date, Date date2, String str2, IProperties iProperties, String[] strArr) throws MException {
        SecretContent secretContent;
        String findGroupNameForSecretId = findGroupNameForSecretId(str);
        VaultGroup group = getGroup(findGroupNameForSecretId);
        if (iProperties == null) {
            iProperties = new MProperties();
        }
        if (PemUtil.isPemBlock(str2)) {
            CryptApi cryptApi = (CryptApi) M.l(CryptApi.class);
            PemBlockList pemBlockList = new PemBlockList(str2);
            CherryVaultProcessContext cherryVaultProcessContext = new CherryVaultProcessContext(iProperties);
            cryptApi.processPemBlocks(cherryVaultProcessContext, pemBlockList);
            if (cherryVaultProcessContext.getLastSecret() == null) {
                throw new MException(400, "can't decode secret", new Object[0]);
            }
            secretContent = new SecretContent(cherryVaultProcessContext.getLastSecret(), new MProperties());
        } else {
            if (!group.isAllowUnencrypted()) {
                throw new AccessDeniedException("Need to encrypt secrets", new Object[]{findGroupNameForSecretId});
            }
            secretContent = new SecretContent(new SecureString(str2), new MProperties());
        }
        importUpdate(str, date, date2, secretContent, iProperties, strArr);
    }

    public void indexUpdate(String str, String[] strArr) throws MException {
        Scope enter = ITracer.get().enter("indexUpdate", new Object[]{"secretId", str, "index", strArr});
        try {
            Date date = new Date();
            DbCollection byQualification = StaticAccess.db.getManager().getByQualification(Db.query(VaultEntry.class).eq("secretid", str).le("validfrom", date).gt("validto", date));
            LinkedList<VaultEntry> linkedList = new LinkedList<>();
            Iterator it = byQualification.iterator();
            while (it.hasNext()) {
                linkedList.add((VaultEntry) it.next());
            }
            byQualification.close();
            updateIndexes(linkedList, strArr, null);
            Iterator<VaultEntry> it2 = linkedList.iterator();
            while (it2.hasNext()) {
                VaultEntry next = it2.next();
                try {
                    next.save();
                } catch (Throwable th) {
                    log().w("save entry failed", new Object[]{next, th});
                }
            }
            if (enter != null) {
                enter.close();
            }
        } catch (Throwable th2) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    public List<VaultEntry> search(String str, String str2, String[] strArr, int i, boolean z) throws MException {
        Scope enter = ITracer.get().enter("search", new Object[]{"group", str, "target", str2, "index", strArr, "size", Integer.valueOf(i), "all", Boolean.valueOf(z)});
        try {
            List<VaultEntry> search = search(str, str2, strArr, i, z, true);
            if (enter != null) {
                enter.close();
            }
            return search;
        } catch (Throwable th) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public List<VaultEntry> search(String str, String str2, String[] strArr, int i, boolean z, boolean z2) throws MException {
        if (z2 && (strArr == null || strArr.length == 0)) {
            return new EmptyList();
        }
        Date date = new Date();
        AQuery query = Db.query(VaultEntry.class);
        if (!z) {
            query.le("validfrom", date).gt("validto", date);
        }
        if (str != null) {
            query.eq("group", str);
        }
        if (str2 != null) {
            query.eq("target", str2);
        }
        boolean z3 = false;
        if (strArr != null) {
            for (int i2 = 0; i2 < strArr.length; i2++) {
                if (!MString.isEmpty(strArr[i2]) && i2 <= 4) {
                    z3 = true;
                    query.eq("index" + i2, strArr[i2]);
                }
            }
        }
        if (z2 && !z3) {
            return new EmptyList();
        }
        DbCollection byQualification = StaticAccess.db.getManager().getByQualification(query);
        LinkedList linkedList = new LinkedList();
        Iterator it = byQualification.iterator();
        while (it.hasNext()) {
            linkedList.add((VaultEntry) it.next());
            if (linkedList.size() >= i) {
                break;
            }
        }
        byQualification.close();
        return linkedList;
    }

    public String testGroup(String str, boolean z, IProperties iProperties) {
        Scope enter = ITracer.get().enter("testGroup", new Object[]{"groupName", str, "execute", Boolean.valueOf(z), "properties", iProperties});
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PrintStream printStream = new PrintStream(byteArrayOutputStream);
            try {
                printStream.println("Group Name: " + str);
                VaultGroup group = getGroup(str);
                printStream.println("Group: " + group);
                if (Aaa.isPermitted(group.getWriteAcl(), VaultGroup.class, "u", group.getName())) {
                    printStream.println("Access Granted");
                } else {
                    printStream.println("Access Denied");
                }
                String secretGeneratorName = group.getSecretGeneratorName();
                printStream.println("Generator Name: " + secretGeneratorName);
                SecretContent secretContent = null;
                UUID randomUUID = UUID.randomUUID();
                if (secretGeneratorName != null) {
                    SecretGenerator generator = getGenerator(secretGeneratorName);
                    printStream.println("---------------------------");
                    printStream.println("Generator: " + generator);
                    printStream.println("---------------------------");
                    printStream.println(group.getSecretGeneratorConfig());
                    generator.test(printStream, group, iProperties);
                    if (z) {
                        printStream.println(">>> Execute Generator");
                        secretContent = generator.generateSecret(group, iProperties);
                        printStream.println("=== Result:" + secretContent.getContent().value());
                        printStream.println("Properties: " + secretContent.getProperties());
                        printStream.println("<<< End Generator");
                    }
                }
                for (String str2 : group.getTargets()) {
                    printStream.println();
                    printStream.println("---------------------------");
                    printStream.println("Target: " + str2);
                    printStream.println("---------------------------");
                    VaultTarget target = getTarget(str2);
                    printStream.println("DB: " + target);
                    String processorName = target.getProcessorName();
                    printStream.println("Processor: " + processorName);
                    TargetProcessor processor = getProcessor(processorName);
                    printStream.println("Instance: " + processor);
                    printStream.println(target.getProcessorConfig());
                    boolean checkProcessConditions = checkProcessConditions(group, iProperties, target);
                    printStream.println("Condition: " + checkProcessConditions);
                    processor.test(printStream, iProperties, target.getProcessorConfig());
                    if (checkProcessConditions && z) {
                        printStream.println(">>> Execute Target " + str2);
                        WritableEntry writableEntry = new WritableEntry();
                        writableEntry.setSecretId(randomUUID.toString());
                        writableEntry.setTarget(str2);
                        writableEntry.setGroup(str);
                        processor.process(iProperties, target.getProcessorConfig(), secretContent, writableEntry);
                        printStream.println("=== Result:");
                        printStream.println("Secret:");
                        printStream.println(writableEntry.getSecret());
                        printStream.println("Meta: " + writableEntry.getMeta());
                        printStream.println("<<< End Target");
                    }
                }
                VaultGroup mustHaveGroup = getMustHaveGroup(group.getName());
                if (mustHaveGroup != null) {
                    printStream.println();
                    printStream.println("*****************************);");
                    printStream.println("Must Have Group: " + mustHaveGroup);
                    for (String str3 : mustHaveGroup.getTargets()) {
                        printStream.println();
                        printStream.println("---------------------------");
                        printStream.println("Target: " + str3);
                        printStream.println("---------------------------");
                        VaultTarget target2 = getTarget(str3);
                        printStream.println("DB: " + target2);
                        String processorName2 = target2.getProcessorName();
                        printStream.println("Processor: " + processorName2);
                        TargetProcessor processor2 = getProcessor(processorName2);
                        printStream.println("Instance: " + processor2);
                        printStream.println(target2.getProcessorConfig());
                        boolean checkProcessConditions2 = checkProcessConditions(group, iProperties, target2);
                        printStream.println("Condition: " + checkProcessConditions2);
                        processor2.test(printStream, iProperties, target2.getProcessorConfig());
                        if (checkProcessConditions2 && z) {
                            printStream.println(">>> Execute Default Target " + str3);
                            WritableEntry writableEntry2 = new WritableEntry();
                            writableEntry2.setSecretId(randomUUID.toString());
                            writableEntry2.setTarget(str3);
                            writableEntry2.setGroup(str);
                            processor2.process(iProperties, target2.getProcessorConfig(), secretContent, writableEntry2);
                            printStream.println("=== Result:");
                            printStream.println("Secret:");
                            printStream.println(writableEntry2.getSecret());
                            printStream.println("Meta: " + writableEntry2.getMeta());
                            printStream.println("<<< End Default Target");
                        }
                    }
                }
                printStream.append((CharSequence) "############################################\n");
            } catch (Throwable th) {
                printStream.println(th.toString());
            }
            String str4 = new String(byteArrayOutputStream.toByteArray());
            if (enter != null) {
                enter.close();
            }
            return str4;
        } catch (Throwable th2) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    public XdbService getManager() {
        return StaticAccess.db.getManager();
    }

    public void cleanup(String str) {
        Scope enter = ITracer.get().enter("cleanup", new Object[]{"group", str});
        try {
            try {
                for (VaultEntry vaultEntry : StaticAccess.db.getManager().getByQualification(Db.query(VaultEntry.class).le("validto", new Date()))) {
                    try {
                        log().i("cleanup", new Object[]{vaultEntry.getId()});
                        vaultEntry.delete();
                    } catch (Throwable th) {
                        log().e("delete entry failed", new Object[]{vaultEntry, th});
                    }
                }
            } catch (Throwable th2) {
                log().e(th2);
            }
            if (enter != null) {
                enter.close();
            }
        } catch (Throwable th3) {
            if (enter != null) {
                try {
                    enter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
