package com.tokera.ate.security;

import com.tokera.ate.common.MapTools;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.repo.DataPartitionChain;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.enterprise.context.RequestScoped;

@RequestScoped
/* loaded from: input_file:com/tokera/ate/security/EncryptKeyCachePerRequest.class */
public class EncryptKeyCachePerRequest {
    private AteDelegate d = AteDelegate.get();
    private final Map<String, byte[]> localEncryptKeyCache = new HashMap();
    private final Set<String> nakCache = new HashSet();
    private final ConcurrentMap<String, MessagePrivateKeyDto> signKeyCache = new ConcurrentHashMap();

    public byte[] getEncryptKey(IPartitionKey iPartitionKey, String str) {
        Map<String, byte[]> encryptKeyCache = getEncryptKeyCache();
        byte[] bArr = (byte[]) MapTools.getOrNull(encryptKeyCache, str);
        if (bArr != null) {
            return bArr;
        }
        if (hasNakForSigningKey(str)) {
            return null;
        }
        DataPartitionChain chain = this.d.storageFactory.get().backend().getChain(iPartitionKey);
        Iterator<MessagePrivateKeyDto> it = this.d.currentRights.getRightsRead().iterator();
        while (it.hasNext()) {
            byte[] encryptKeyInternal = getEncryptKeyInternal(chain, str, it.next());
            if (encryptKeyInternal != null) {
                encryptKeyCache.put(str, encryptKeyInternal);
                return encryptKeyInternal;
            }
        }
        addNakForSigningKey(str);
        return null;
    }

    private Map<String, byte[]> getEncryptKeyCache() {
        return this.d.currentToken.getWithinTokenScope() ? this.d.tokenSecurity.getEncryptKeyCache() : this.localEncryptKeyCache;
    }

    public byte[] getEncryptKey(IPartitionKey iPartitionKey, String str, MessagePrivateKeyDto messagePrivateKeyDto) {
        return getEncryptKeyInternal(this.d.storageFactory.get().backend().getChain(iPartitionKey), str, messagePrivateKeyDto);
    }

    private byte[] getEncryptKeyInternal(DataPartitionChain dataPartitionChain, String str, MessagePrivateKeyDto messagePrivateKeyDto) {
        return this.d.headIO.secureKeyResolver().get(dataPartitionChain.partitionKey(), str, messagePrivateKeyDto);
    }

    public boolean hasEncryptKey(IPartitionKey iPartitionKey, String str, String str2) {
        return this.d.headIO.secureKeyResolver().exists(iPartitionKey, str, str2);
    }

    private void addNakForSigningKey(String str) {
        this.nakCache.add(str);
    }

    private boolean hasNakForSigningKey(String str) {
        return this.nakCache.contains(str);
    }

    public MessagePrivateKeyDto getSignKey(String str) {
        MessagePrivateKeyDto messagePrivateKeyDto = null;
        if (this.signKeyCache.containsKey(str)) {
            messagePrivateKeyDto = this.signKeyCache.get(str);
        }
        if (messagePrivateKeyDto != null) {
            return messagePrivateKeyDto;
        }
        if (hasNakForSigningKey(str)) {
            return null;
        }
        MessagePrivateKeyDto orElse = this.d.currentRights.getRightsWrite().stream().filter(messagePrivateKeyDto2 -> {
            return str.equals(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto2));
        }).findFirst().orElse(null);
        if (orElse != null) {
            this.signKeyCache.put(str, orElse);
            return orElse;
        }
        addNakForSigningKey(str);
        return null;
    }

    public void addSignKeyToCache(String str, MessagePrivateKeyDto messagePrivateKeyDto) {
        this.signKeyCache.put(str, messagePrivateKeyDto);
    }
}
