package com.tokera.ate.delegates;

import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.PUUID;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.TokenDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.events.NewAccessRightsEvent;
import com.tokera.ate.events.TokenScopeChangedEvent;
import com.tokera.ate.events.TokenStateChangedEvent;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.repo.DataContainer;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.EffectivePermissionBuilder;
import com.tokera.ate.security.Encryptor;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/delegates/AuthorizationDelegate.class */
public class AuthorizationDelegate {
    private AteDelegate d = AteDelegate.get();

    @Inject
    private LoggerHook LOG;

    public boolean canRead(BaseDao baseDao) {
        if (baseDao == null) {
            return false;
        }
        return this.d.authorization.perms(baseDao).canRead(this.d.currentRights);
    }

    public boolean canRead(PUUID puuid, UUID uuid) {
        if (puuid == null) {
            return false;
        }
        return canRead(puuid, puuid.id(), uuid);
    }

    public boolean canRead(IPartitionKey iPartitionKey, UUID uuid, UUID uuid2) {
        if (this.d.memoryRequestCacheIO.exists(PUUID.from(iPartitionKey, uuid))) {
            return true;
        }
        return this.d.authorization.perms(iPartitionKey, uuid, uuid2, true).canRead(this.d.currentRights);
    }

    public boolean canWrite(BaseDao baseDao) {
        if (baseDao == null) {
            return false;
        }
        return this.d.authorization.perms(baseDao).canWrite(this.d.currentRights);
    }

    public boolean canWrite(PUUID puuid, UUID uuid) {
        if (puuid == null) {
            return false;
        }
        return canWrite(puuid, puuid.id(), uuid);
    }

    public void ensureCanWrite(BaseDao baseDao) {
        if (canWrite(baseDao)) {
            return;
        }
        throw buildWriteException(this.d.headIO.partitionResolver().resolve(baseDao), baseDao.getId(), this.d.authorization.perms(baseDao), true);
    }

    public boolean canWrite(IPartitionKey iPartitionKey, UUID uuid, UUID uuid2) {
        return this.d.authorization.perms(iPartitionKey, uuid, uuid2, true).canWrite(this.d.currentRights);
    }

    public RuntimeException buildWriteException(IPartitionKey iPartitionKey, UUID uuid, EffectivePermissions effectivePermissions, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("Access denied while attempting to write object [");
        DataContainer rawOrNull = this.d.headIO.getRawOrNull(PUUID.from(iPartitionKey, uuid));
        if (rawOrNull != null) {
            sb.append(rawOrNull.getPayloadClazz()).append(":");
        }
        sb.append(uuid).append("]\n");
        boolean z2 = false;
        for (String str : effectivePermissions.rolesWrite) {
            if (z2) {
                sb.append(" >        ");
            } else {
                sb.append(" > needs: ");
            }
            MessagePublicKeyDto publicKeyOrNull = this.d.headIO.publicKeyOrNull(iPartitionKey, str);
            if (publicKeyOrNull == null || publicKeyOrNull.getAlias() == null) {
                sb.append(str);
            } else {
                sb.append(publicKeyOrNull.getAlias()).append(" - ").append(str).append("]");
            }
            sb.append("\n");
            z2 = true;
        }
        if (!z2) {
            sb.append(" > needs: [no write roles exist!]\n");
        }
        boolean z3 = false;
        for (MessagePrivateKeyDto messagePrivateKeyDto : this.d.currentRights.getRightsWrite()) {
            if (z3) {
                sb.append(" >        ");
            } else {
                sb.append(" > roles: ");
            }
            sb.append(this.d.encryptor.getAlias(iPartitionKey, messagePrivateKeyDto)).append(" - ").append(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto));
            if (this.d.encryptKeyCachePerRequest.getSignKey(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto)) == null) {
                sb.append(" [lookup failed!!]");
            }
            sb.append("\n");
            z3 = true;
        }
        if (!z3) {
            sb.append(" > roles: [no access rights]\n");
        }
        try {
            return new WebApplicationException(sb.toString(), Response.Status.UNAUTHORIZED);
        } catch (Throwable th) {
            this.LOG.warn(th);
            return new WebApplicationException(sb.toString(), Response.Status.UNAUTHORIZED);
        }
    }

    public RuntimeException buildReadException(IPartitionKey iPartitionKey, UUID uuid, EffectivePermissions effectivePermissions, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("Access denied while attempting to read object [");
        DataContainer rawOrNull = this.d.headIO.getRawOrNull(PUUID.from(iPartitionKey, uuid));
        if (rawOrNull != null) {
            sb.append(rawOrNull.getPayloadClazz()).append(":");
        }
        sb.append(uuid).append("]\n");
        String str = effectivePermissions.encryptKeyHash;
        sb.append(" > encKey: ");
        if (str != null) {
            MessagePublicKeyDto publicKeyOrNull = this.d.headIO.publicKeyOrNull(iPartitionKey, str);
            sb.append(publicKeyOrNull != null ? this.d.encryptor.getPublicKeyHash(publicKeyOrNull) : str);
            sb.append("\n");
            boolean z2 = false;
            for (String str2 : effectivePermissions.rolesRead) {
                if (z2) {
                    sb.append(" >        ");
                } else {
                    sb.append(" > needs: ");
                }
                MessagePublicKeyDto publicKeyOrNull2 = this.d.headIO.publicKeyOrNull(iPartitionKey, str2);
                sb.append(publicKeyOrNull2 != null ? this.d.encryptor.getAlias(iPartitionKey, publicKeyOrNull2) : str2).append(" - ").append(str2).append("]");
                if (this.d.encryptKeyCachePerRequest.hasEncryptKey(iPartitionKey, str, str2)) {
                    sb.append(" [record found]");
                } else {
                    sb.append(" [record missing!!]");
                }
                sb.append("\n");
                z2 = true;
            }
            if (!z2) {
                sb.append(" > needs: [no read roles exist!]\n");
            }
            boolean z3 = false;
            for (MessagePrivateKeyDto messagePrivateKeyDto : this.d.currentRights.getRightsRead()) {
                if (z3) {
                    sb.append(" >        ");
                } else {
                    sb.append(" > roles: ");
                }
                sb.append(this.d.encryptor.getAlias(iPartitionKey, messagePrivateKeyDto)).append(" - ").append(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto));
                sb.append("\n");
                z3 = true;
            }
            if (!z3) {
                sb.append(" > roles: [no access rights]\n");
            }
        } else {
            sb.append("[missing!!]");
        }
        try {
            return new WebApplicationException(sb.toString(), Response.Status.UNAUTHORIZED);
        } catch (Throwable th) {
            this.LOG.warn(th);
            return new WebApplicationException(sb.toString(), Response.Status.UNAUTHORIZED);
        }
    }

    public EffectivePermissions perms(BaseDao baseDao) {
        return new EffectivePermissionBuilder(this.d.headIO.partitionResolver().resolve(baseDao), baseDao.getId(), baseDao.getParentId()).setUsePostMerged(true).withSuppliedObject(baseDao).build();
    }

    public EffectivePermissions perms(PUUID puuid, UUID uuid, boolean z) {
        return new EffectivePermissionBuilder(puuid, puuid.id(), uuid).setUsePostMerged(z).build();
    }

    public EffectivePermissions perms(IPartitionKey iPartitionKey, UUID uuid, UUID uuid2, boolean z) {
        return new EffectivePermissionBuilder(iPartitionKey, uuid, uuid2).setUsePostMerged(z).build();
    }

    public void authorizeEntity(IRights iRights, IRoles iRoles) {
        authorizeEntity(iRights, iRoles, true);
    }

    public void authorizeEntity(IRights iRights, IRoles iRoles, boolean z) {
        authorizeEntityRead(iRights, iRoles, z);
        authorizeEntityWrite(iRights, iRoles, z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeRead(String str, String str2, IRoles iRoles) {
        if (iRoles.getTrustAllowRead().values().contains(str2)) {
            return;
        }
        iRoles.getTrustAllowRead().put(str, str2);
        this.d.headIO.mergeLater((BaseDao) iRoles);
    }

    public MessagePrivateKeyDto getImplicitRightToRead(IRights iRights) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        String rightsAlias = iRights.getRightsAlias();
        return iRights.getRightsRead().stream().filter(messagePrivateKeyDto -> {
            return rightsAlias.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).filter(messagePrivateKeyDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicRead()));
        }).findFirst().orElse(null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public MessagePrivateKeyDto getOrCreateImplicitRightToRead(IRights iRights) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        String rightsAlias = iRights.getRightsAlias();
        MessagePrivateKeyDto orElse = iRights.getRightsRead().stream().filter(messagePrivateKeyDto -> {
            return rightsAlias.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).filter(messagePrivateKeyDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicRead()));
        }).findFirst().orElse(null);
        if (orElse == null) {
            orElse = new MessagePrivateKeyDto(this.d.encryptor.genEncryptKeyWithAlias(Encryptor.AES_KEY_SIZE, rightsAlias));
            iRights.getRightsRead().add(orElse);
            this.d.headIO.merge(resolve, this.d.encryptor.getPublicKey(orElse));
            if (iRights instanceof BaseDao) {
                this.d.headIO.mergeLater((BaseDao) iRights);
            }
        }
        return orElse;
    }

    public void authorizeEntityRead(IRights iRights, IRoles iRoles) {
        authorizeEntityRead(iRights, iRoles, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeEntityRead(IRights iRights, IRoles iRoles, boolean z) {
        MessagePrivateKeyDto orCreateImplicitRightToRead = getOrCreateImplicitRightToRead(iRights);
        String alias = this.d.encryptor.getAlias(this.d.headIO.partitionResolver().resolve(iRights), orCreateImplicitRightToRead);
        if (iRoles.getTrustAllowRead().containsKey(alias)) {
            if (this.d.encryptor.getPublicKeyHash(orCreateImplicitRightToRead).equals(iRoles.getTrustAllowRead().get(alias))) {
                return;
            }
        }
        iRoles.getTrustAllowRead().put(alias, this.d.encryptor.getPublicKeyHash(orCreateImplicitRightToRead));
        this.d.daoHelper.generateEncryptKey(iRoles);
        if (z) {
            this.d.headIO.mergeLater((BaseDao) iRoles);
        }
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull != null && iRights.getId().equals(tokenOrNull.getUserIdOrNull())) {
            this.d.eventTokenScopeChanged.fire(new TokenScopeChangedEvent(tokenOrNull));
            this.d.eventNewAccessRights.fire(new NewAccessRightsEvent());
            this.d.eventTokenChanged.fire(new TokenStateChangedEvent());
        }
        iRights.onAddRight(iRoles);
    }

    public void authorizeEntityPublicRead(IRoles iRoles) {
        authorizeEntityPublicRead(iRoles, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeEntityPublicRead(IRoles iRoles, boolean z) {
        iRoles.getTrustAllowRead().put("public", this.d.encryptor.getTrustOfPublicRead().getPublicKeyHash());
        if (z) {
            this.d.headIO.mergeLater((BaseDao) iRoles);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeWrite(String str, String str2, IRoles iRoles) {
        if (iRoles.getTrustAllowWrite().values().contains(str2)) {
            return;
        }
        iRoles.getTrustAllowWrite().put(str, str2);
        this.d.headIO.mergeLater((BaseDao) iRoles);
    }

    public MessagePrivateKeyDto getImplicitRightToWrite(IRights iRights) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        String rightsAlias = iRights.getRightsAlias();
        return iRights.getRightsWrite().stream().filter(messagePrivateKeyDto -> {
            return rightsAlias.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).filter(messagePrivateKeyDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicWrite()));
        }).findFirst().orElse(null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public MessagePrivateKeyDto getOrCreateImplicitRightToWrite(IRights iRights) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        String rightsAlias = iRights.getRightsAlias();
        MessagePrivateKeyDto orElse = iRights.getRightsWrite().stream().filter(messagePrivateKeyDto -> {
            return rightsAlias.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).filter(messagePrivateKeyDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicWrite()));
        }).findFirst().orElse(null);
        if (orElse == null) {
            orElse = new MessagePrivateKeyDto(this.d.encryptor.genSignKeyWithAlias(rightsAlias));
            iRights.getRightsWrite().add(orElse);
            this.d.headIO.merge(resolve, this.d.encryptor.getPublicKey(orElse));
            if (iRights instanceof BaseDao) {
                this.d.headIO.mergeLater((BaseDao) iRights);
            }
        }
        return orElse;
    }

    public void authorizeEntityWrite(IRights iRights, IRoles iRoles) {
        authorizeEntityWrite(iRights, iRoles, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeEntityWrite(IRights iRights, IRoles iRoles, boolean z) {
        MessagePrivateKeyDto orCreateImplicitRightToWrite = getOrCreateImplicitRightToWrite(iRights);
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        String alias = this.d.encryptor.getAlias(resolve, orCreateImplicitRightToWrite);
        if (iRoles.getTrustAllowWrite().containsKey(alias)) {
            if (this.d.encryptor.getPublicKeyHash(orCreateImplicitRightToWrite).equals(iRoles.getTrustAllowWrite().get(alias))) {
                return;
            }
        }
        iRoles.getTrustAllowWrite().put(this.d.encryptor.getAlias(resolve, orCreateImplicitRightToWrite), this.d.encryptor.getPublicKeyHash(orCreateImplicitRightToWrite));
        if (z) {
            this.d.headIO.mergeLater((BaseDao) iRoles);
        }
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull == null || !iRights.getId().equals(tokenOrNull.getUserIdOrNull())) {
            return;
        }
        this.d.eventTokenScopeChanged.fire(new TokenScopeChangedEvent(tokenOrNull));
        this.d.eventNewAccessRights.fire(new NewAccessRightsEvent());
        this.d.eventTokenChanged.fire(new TokenStateChangedEvent());
    }

    public void authorizeEntityPublicWrite(IRoles iRoles) {
        authorizeEntityPublicWrite(iRoles, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeEntityPublicWrite(IRoles iRoles, boolean z) {
        iRoles.getTrustAllowWrite().put("public", this.d.encryptor.getTrustOfPublicWrite().getPublicKeyHash());
        if (z) {
            this.d.headIO.mergeLater((BaseDao) iRoles);
        }
    }

    public void unauthorizeEntity(IRights iRights, IRoles iRoles) {
        unauthorizeEntityRead(iRights, iRoles);
        unauthorizeEntityWrite(iRights, iRoles);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeEntityRead(IRights iRights, IRoles iRoles) {
        for (MessagePrivateKeyDto messagePrivateKeyDto : (List) iRights.getRightsRead().stream().collect(Collectors.toList())) {
            Map.Entry<String, String> orElse = iRoles.getTrustAllowRead().entrySet().stream().filter(entry -> {
                return ((String) entry.getValue()).equals(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto));
            }).findFirst().orElse(null);
            if (orElse != null) {
                iRoles.getTrustAllowRead().remove(orElse.getKey());
                this.d.headIO.mergeLater((BaseDao) iRoles);
            }
        }
        iRights.onRemoveRight(iRoles);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeEntityWrite(IRights iRights, IRoles iRoles) {
        for (MessagePrivateKeyDto messagePrivateKeyDto : (List) iRights.getRightsWrite().stream().collect(Collectors.toList())) {
            Map.Entry<String, String> orElse = iRoles.getTrustAllowWrite().entrySet().stream().filter(entry -> {
                return ((String) entry.getValue()).equals(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto));
            }).findFirst().orElse(null);
            if (orElse != null) {
                iRoles.getTrustAllowWrite().remove(orElse.getKey());
                this.d.headIO.mergeLater((BaseDao) iRoles);
            }
        }
    }

    public void unauthorizeAlias(IRoles iRoles, String str) {
        unauthorizeAliasRead(iRoles, str);
        unauthorizeAliasWrite(iRoles, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeAliasRead(IRoles iRoles, String str) {
        iRoles.getTrustAllowRead().remove(str);
        this.d.headIO.mergeLater((BaseDao) iRoles);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeAliasWrite(IRoles iRoles, String str) {
        iRoles.getTrustAllowWrite().remove(str);
        this.d.headIO.mergeLater((BaseDao) iRoles);
    }

    public void unauthorizeAlias(IRights iRights, String str) {
        unauthorizeAliasRead(iRights, str);
        unauthorizeAliasWrite(iRights, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeAliasRead(IRights iRights, String str) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        Iterator it = ((List) iRights.getRightsRead().stream().filter(messagePrivateKeyDto -> {
            return str.equals(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto)) || str.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            iRights.getRightsRead().remove((MessagePrivateKeyDto) it.next());
            this.d.headIO.mergeLater((BaseDao) iRights);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unauthorizeAliasWrite(IRights iRights, String str) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(iRights);
        Iterator it = ((List) iRights.getRightsWrite().stream().filter(messagePrivateKeyDto -> {
            return str.equals(this.d.encryptor.getPublicKeyHash(messagePrivateKeyDto)) || str.equals(this.d.encryptor.getAlias(resolve, messagePrivateKeyDto));
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            iRights.getRightsWrite().remove((MessagePrivateKeyDto) it.next());
            this.d.headIO.mergeLater((BaseDao) iRights);
        }
    }
}
