package com.tokera.ate.delegates;

import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dto.TokenDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.events.NewAccessRightsEvent;
import com.tokera.ate.events.RightsDiscoverEvent;
import com.tokera.ate.io.api.IPartitionKey;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.event.Observes;
import javax.ws.rs.WebApplicationException;

@RequestScoped
/* loaded from: input_file:com/tokera/ate/delegates/CurrentRightsDelegate.class */
public class CurrentRightsDelegate implements IRights {
    private AteDelegate d = AteDelegate.get();
    private RightsDiscoverEvent currentRights = new RightsDiscoverEvent();
    private Set<MessagePrivateKeyDto> rightsReadCache = null;
    private Set<MessagePrivateKeyDto> rightsWriteCache = null;
    private Set<MessagePrivateKeyDto> impersonateRead = null;
    private Set<MessagePrivateKeyDto> impersonateWrite = null;

    public void init(@Observes NewAccessRightsEvent newAccessRightsEvent) {
        this.rightsReadCache = null;
        this.rightsWriteCache = null;
        this.impersonateRead = null;
        this.impersonateWrite = null;
        this.currentRights = new RightsDiscoverEvent();
        this.d.eventRightsDiscover.fire(this.currentRights);
        clearRightsCache();
    }

    public void clearRightsCache() {
        this.rightsReadCache = null;
        this.rightsWriteCache = null;
    }

    public void impersonate(IPartitionKey iPartitionKey, IRights iRights) {
        this.d.requestContext.pushPartitionKey(iPartitionKey);
        try {
            this.d.authorization.getOrCreateImplicitRightToRead(iRights);
            this.d.authorization.getOrCreateImplicitRightToWrite(iRights);
            this.impersonateRead = iRights.getRightsRead();
            this.impersonateWrite = iRights.getRightsWrite();
            clearRightsCache();
        } finally {
            this.d.requestContext.popPartitionKey();
        }
    }

    public void impersonate(IRights iRights) {
        impersonate(this.d.headIO.partitionResolver().resolve(iRights), iRights);
    }

    @Override // com.tokera.ate.dao.IRights
    public UUID getId() {
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull == null) {
            throw new WebApplicationException("There is no current user in the request.");
        }
        return tokenOrNull.getUserId();
    }

    @Override // com.tokera.ate.dao.IRights
    public Set<MessagePrivateKeyDto> getRightsRead() {
        if (this.rightsReadCache != null) {
            return this.rightsReadCache;
        }
        boolean z = true;
        HashSet hashSet = new HashSet();
        if (this.d.currentToken.getWithinTokenScope()) {
            hashSet.addAll(this.d.tokenSecurity.getRightsRead());
        }
        hashSet.addAll(this.currentRights.getRolesRead());
        MessagePrivateKeyDto currentUserTrustRead = this.currentRights.getCurrentUserTrustRead();
        if (currentUserTrustRead != null) {
            hashSet.add(currentUserTrustRead);
        } else {
            z = false;
        }
        if (this.impersonateRead != null) {
            for (MessagePrivateKeyDto messagePrivateKeyDto : this.impersonateRead) {
                if (!hashSet.contains(messagePrivateKeyDto)) {
                    hashSet.add(messagePrivateKeyDto);
                }
            }
        } else {
            z = false;
        }
        if (!hashSet.contains(new MessagePrivateKeyDto(this.d.encryptor.getTrustOfPublicRead()))) {
            hashSet.add(new MessagePrivateKeyDto(this.d.encryptor.getTrustOfPublicRead()));
        }
        if (z) {
            this.rightsReadCache = (Set) hashSet.stream().collect(Collectors.toSet());
        }
        return hashSet;
    }

    @Override // com.tokera.ate.dao.IRights
    public Set<MessagePrivateKeyDto> getRightsWrite() {
        if (this.rightsWriteCache != null) {
            return this.rightsWriteCache;
        }
        boolean z = true;
        HashSet hashSet = new HashSet();
        if (this.d.currentToken.getWithinTokenScope()) {
            hashSet.addAll(this.d.tokenSecurity.getRightsWrite());
        }
        hashSet.addAll(this.currentRights.getRolesWrite());
        MessagePrivateKeyDto currentUserTrustWrite = this.currentRights.getCurrentUserTrustWrite();
        if (currentUserTrustWrite != null) {
            hashSet.add(currentUserTrustWrite);
        } else {
            z = false;
        }
        if (this.impersonateWrite != null) {
            for (MessagePrivateKeyDto messagePrivateKeyDto : this.impersonateWrite) {
                if (!hashSet.contains(messagePrivateKeyDto)) {
                    hashSet.add(messagePrivateKeyDto);
                }
            }
        } else {
            z = false;
        }
        if (!hashSet.contains(new MessagePrivateKeyDto(this.d.encryptor.getTrustOfPublicWrite()))) {
            hashSet.add(new MessagePrivateKeyDto(this.d.encryptor.getTrustOfPublicWrite()));
        }
        if (z) {
            this.rightsWriteCache = (Set) hashSet.stream().collect(Collectors.toSet());
        }
        return hashSet;
    }

    @Override // com.tokera.ate.dao.IRights
    public String getRightsAlias() {
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull == null) {
            throw new UnsupportedOperationException("No token attached to this session.");
        }
        return tokenOrNull.getUsername();
    }

    @Override // com.tokera.ate.dao.IRights
    public void onAddRight(IRoles iRoles) {
    }

    @Override // com.tokera.ate.dao.IRights
    public void onRemoveRight(IRoles iRoles) {
    }
}
