package com.tokera.ate.io.repo;

import com.tokera.ate.common.ConcurrentQueue;
import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.common.MapTools;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.dao.kafka.MessageSerializer;
import com.tokera.ate.dao.msg.MessageBase;
import com.tokera.ate.dao.msg.MessageDataHeader;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.msg.MessageBaseDto;
import com.tokera.ate.dto.msg.MessageDataDigestDto;
import com.tokera.ate.dto.msg.MessageDataDto;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessageDataMetaDto;
import com.tokera.ate.dto.msg.MessageEncryptTextDto;
import com.tokera.ate.dto.msg.MessageMetaDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.security.Encryptor;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:com/tokera/ate/io/repo/DataPartitionChain.class */
public class DataPartitionChain {
    private final IPartitionKey key;
    private final AteDelegate d = AteDelegate.get();
    private final ConcurrentMap<UUID, MessageDataHeaderDto> rootOfTrust = new ConcurrentHashMap();
    private final ConcurrentMap<UUID, DataContainer> chainOfTrust = new ConcurrentHashMap();
    private final ConcurrentMap<UUID, ConcurrentQueue<MessageDataMetaDto>> chainOfPartialTrust = new ConcurrentHashMap();
    private final ConcurrentMap<String, MessagePublicKeyDto> publicKeys = new ConcurrentHashMap();
    private final ConcurrentMap<String, MessageEncryptTextDto> encryptText = new ConcurrentHashMap();
    private final Encryptor encryptor = Encryptor.getInstance();

    public DataPartitionChain(IPartitionKey iPartitionKey) {
        this.key = iPartitionKey;
    }

    public IPartitionKey partitionKey() {
        return this.key;
    }

    public String getPartitionKeyStringValue() {
        return this.key.partitionTopic() + ":" + this.key.partitionIndex();
    }

    public void addTrustDataHeader(MessageDataHeaderDto messageDataHeaderDto, LoggerHook loggerHook) {
        addTrustData(new MessageDataDto(messageDataHeaderDto, null, null), new MessageMetaDto(0L, 0L, new Date().getTime()), loggerHook);
    }

    public void addTrustKey(MessagePublicKeyDto messagePublicKeyDto, LoggerHook loggerHook) {
        String publicKeyHash = messagePublicKeyDto.getPublicKeyHash();
        if (publicKeyHash != null) {
            this.publicKeys.put(publicKeyHash, messagePublicKeyDto);
        }
    }

    public void addTrustData(MessageDataDto messageDataDto, MessageMetaDto messageMetaDto, LoggerHook loggerHook) {
        this.chainOfTrust.compute(messageDataDto.getHeader().getIdOrThrow(), (uuid, dataContainer) -> {
            if (dataContainer == null) {
                dataContainer = new DataContainer(this.key);
            }
            return dataContainer.add(messageDataDto, messageMetaDto);
        });
    }

    public void addTrustEncryptText(MessageEncryptTextDto messageEncryptTextDto, LoggerHook loggerHook) {
        this.encryptText.put(MessageSerializer.getKey(messageEncryptTextDto), messageEncryptTextDto);
    }

    public boolean rcv(MessageBase messageBase, MessageMetaDto messageMetaDto, LoggerHook loggerHook) throws IOException, InvalidCipherTextException {
        MessageBaseDto messagePublicKeyDto;
        switch (messageBase.msgType()) {
            case 1:
                messagePublicKeyDto = new MessageDataDto(messageBase);
                break;
            case 2:
                messagePublicKeyDto = new MessageEncryptTextDto(messageBase);
                break;
            case 3:
                messagePublicKeyDto = new MessagePublicKeyDto(messageBase);
                break;
            default:
                drop(loggerHook, (MessageBaseDto) null, (MessageMetaDto) null, "unhandled message type");
                return false;
        }
        return rcv(messagePublicKeyDto, messageMetaDto, loggerHook);
    }

    public boolean rcv(MessageBaseDto messageBaseDto, MessageMetaDto messageMetaDto, LoggerHook loggerHook) throws IOException, InvalidCipherTextException {
        if (messageBaseDto instanceof MessageDataDto) {
            return processData((MessageDataDto) messageBaseDto, messageMetaDto, loggerHook);
        }
        if (messageBaseDto instanceof MessagePublicKeyDto) {
            return processPublicKey((MessagePublicKeyDto) messageBaseDto, loggerHook);
        }
        if (messageBaseDto instanceof MessageEncryptTextDto) {
            return processEncryptText((MessageEncryptTextDto) messageBaseDto, loggerHook);
        }
        drop(loggerHook, messageBaseDto, messageMetaDto, "unhandled message type");
        return false;
    }

    public void drop(LoggerHook loggerHook, MessageBaseDto messageBaseDto, MessageMetaDto messageMetaDto, String str) {
        drop(loggerHook, messageBaseDto, messageMetaDto, str, null);
    }

    public void drop(LoggerHook loggerHook, MessageBaseDto messageBaseDto, MessageMetaDto messageMetaDto, String str, MessageDataHeader messageDataHeader) {
        String str2 = messageMetaDto != null ? "partition=" + getPartitionKeyStringValue() + ", offset=" + messageMetaDto.getOffset() : "partition=" + getPartitionKeyStringValue();
        if (messageBaseDto instanceof MessageDataDto) {
            drop(loggerHook, (MessageDataDto) messageBaseDto, messageMetaDto, str, messageDataHeader);
            return;
        }
        String str3 = messageBaseDto != null ? "Dropping message on [" + str2 + "] - " + str + " [type=" + messageBaseDto.getClass().getSimpleName() + "]" : "Dropping message on [" + str2 + "] - " + str;
        if (loggerHook != null) {
            loggerHook.error(str3);
        } else {
            new LoggerHook(DataPartitionChain.class).warn(str3);
        }
    }

    public void drop(LoggerHook loggerHook, MessageDataDto messageDataDto, String str, MessageDataHeader messageDataHeader) {
        MessageDataHeaderDto header = messageDataDto.getHeader();
        String str2 = "Dropping data on [" + getPartitionKeyStringValue() + "] - " + str + " [clazz=" + header.getPayloadClazzOrThrow() + ", id=" + header.getIdOrThrow() + "]";
        if (loggerHook != null) {
            loggerHook.error(str2);
        } else {
            new LoggerHook(DataPartitionChain.class).warn(str2);
        }
    }

    private void reconcileChainEntry(UUID uuid) {
        this.chainOfPartialTrust.computeIfPresent(uuid, (uuid2, concurrentQueue) -> {
            if (concurrentQueue.size() > 0) {
                return concurrentQueue;
            }
            return null;
        });
    }

    private void promoteChainEntry(UUID uuid, LoggerHook loggerHook) {
        ConcurrentQueue concurrentQueue = (ConcurrentQueue) MapTools.getOrNull(this.chainOfPartialTrust, uuid);
        if (concurrentQueue == null) {
            return;
        }
        concurrentQueue.pollAndConsumeAll((messageDataMetaDto, loggerHook2) -> {
            promoteChainEntry(messageDataMetaDto, loggerHook2);
        }, loggerHook);
        reconcileChainEntry(uuid);
    }

    public boolean promoteChainEntry(MessageDataMetaDto messageDataMetaDto, LoggerHook loggerHook) {
        MessageDataDto data = messageDataMetaDto.getData();
        if (!validateTrustStructureAndWritability(data, loggerHook)) {
            return false;
        }
        addTrustData(data, messageDataMetaDto.getMeta(), loggerHook);
        return true;
    }

    public boolean validate(MessageBaseDto messageBaseDto, LoggerHook loggerHook) {
        if (messageBaseDto instanceof MessageDataDto) {
            return validateTrustStructureAndWritability((MessageDataDto) messageBaseDto, loggerHook);
        }
        return true;
    }

    public boolean validateTrustStructureAndWritability(MessageDataDto messageDataDto, LoggerHook loggerHook) {
        return validateTrustStructureAndWritability(messageDataDto, loggerHook, new HashMap());
    }

    public boolean validateTrustStructureAndWritability(MessageDataDto messageDataDto, LoggerHook loggerHook, Map<UUID, MessageDataDto> map) {
        MessageDataDto lastDataOrNull;
        MessageDataHeaderDto rootOfTrust;
        MessageDataHeaderDto header = messageDataDto.getHeader();
        MessageDataDigestDto digest = messageDataDto.getDigest();
        UUID idOrThrow = header.getIdOrThrow();
        if (digest == null) {
            return false;
        }
        UUID parentId = header.getParentId();
        MessageDataDto messageDataDto2 = null;
        String payloadClazzOrThrow = header.getPayloadClazzOrThrow();
        if (this.d.daoParents.getAllowedParentsSimple().containsKey(payloadClazzOrThrow)) {
            if (parentId == null) {
                drop(loggerHook, messageDataDto, "must have parent for this entity type", (MessageDataHeader) null);
                return false;
            }
            messageDataDto2 = (MessageDataDto) MapTools.getOrNull(map, parentId);
            if (messageDataDto2 == null) {
                promoteChainEntry(parentId, loggerHook);
                DataContainer data = getData(parentId, loggerHook);
                messageDataDto2 = data != null ? data.getLastDataOrNull() : null;
            }
            if (messageDataDto2 == null) {
                drop(loggerHook, messageDataDto, "parent is missing in chain of trust", (MessageDataHeader) null);
                return false;
            }
            if (!this.d.daoParents.getAllowedParentsSimple().containsEntry(payloadClazzOrThrow, messageDataDto2.getHeader().getPayloadClazzOrThrow())) {
                drop(loggerHook, messageDataDto, "parent type not allowed [see PermitParentType]", (MessageDataHeader) null);
                return false;
            }
        } else {
            if (!this.d.daoParents.getAllowedParentFreeSimple().contains(payloadClazzOrThrow)) {
                drop(loggerHook, messageDataDto, "parent policy not defined for this entity type", (MessageDataHeader) null);
                return false;
            }
            if (parentId != null) {
                drop(loggerHook, messageDataDto, "parent not allowed for this entity type", (MessageDataHeader) null);
                return false;
            }
        }
        if (map.containsKey(idOrThrow)) {
            lastDataOrNull = map.get(idOrThrow);
        } else {
            DataContainer data2 = getData(idOrThrow, loggerHook);
            lastDataOrNull = data2 != null ? data2.getLastDataOrNull() : null;
        }
        if (lastDataOrNull != null) {
            UUID parentId2 = lastDataOrNull.getHeader().getParentId();
            if (parentId2 != null && !parentId2.equals(header.getParentId())) {
                drop(loggerHook, messageDataDto, "parent has changed [was=" + parentId2 + ", now=" + header.getParentId() + "]", (MessageDataHeader) null);
                return false;
            }
            if (!lastDataOrNull.getHeader().getInheritWrite() && lastDataOrNull.getHeader().getAllowWrite().isEmpty()) {
                drop(loggerHook, messageDataDto, "record is immutable", (MessageDataHeader) null);
                return false;
            }
        }
        MessagePublicKeyDto messagePublicKeyDto = null;
        MessageDataDto messageDataDto3 = lastDataOrNull;
        if (messageDataDto3 == null) {
            messageDataDto3 = messageDataDto2;
        }
        if (messageDataDto3 == null) {
            String orDefault = this.d.daoParents.getAllowedImplicitAuthoritySimple().getOrDefault(payloadClazzOrThrow, null);
            if (orDefault == null && this.d.daoParents.getAllowedDynamicImplicitAuthoritySimple().containsKey(payloadClazzOrThrow)) {
                orDefault = header.getImplicitAuthority().stream().findFirst().orElse(null);
                if (orDefault == null) {
                    drop(loggerHook, messageDataDto, "record missing implicit authority", (MessageDataHeader) null);
                    return false;
                }
            }
            if (this.d.daoParents.getAllowedParentFreeSimple().contains(payloadClazzOrThrow) && this.d.daoParents.getAllowedParentClaimableSimple().contains(payloadClazzOrThrow)) {
                messagePublicKeyDto = this.d.encryptor.getTrustOfPublicWrite();
                loggerHook.info("chain-of-trust claimed: " + payloadClazzOrThrow + ":" + idOrThrow);
            } else {
                if (!this.d.daoParents.getAllowedParentFreeSimple().contains(payloadClazzOrThrow) || orDefault == null) {
                    drop(loggerHook, messageDataDto, "record has no leaf to attach to", (MessageDataHeader) null);
                    return false;
                }
                MessagePublicKeyDto enquireDomainKey = this.d.implicitSecurity.enquireDomainKey(orDefault, false);
                if (enquireDomainKey == null) {
                    drop(loggerHook, messageDataDto, "dns or log record for implicit authority missing [" + orDefault + "]", (MessageDataHeader) null);
                    return false;
                }
                messagePublicKeyDto = enquireDomainKey;
                loggerHook.info("chain-of-trust rooted: " + payloadClazzOrThrow + ":" + idOrThrow + " on " + enquireDomainKey.getPublicKeyHash());
            }
        }
        ArrayList<String> arrayList = new ArrayList();
        boolean z = false;
        while (messageDataDto3 != null) {
            MessageDataHeaderDto header2 = messageDataDto3.getHeader();
            for (String str : header2.getAllowWrite()) {
                arrayList.add(str);
                if (str.equals(digest.getPublicKeyHash())) {
                    z = true;
                    MessagePublicKeyDto publicKey = getPublicKey(str);
                    if (publicKey != null) {
                        messagePublicKeyDto = publicKey;
                    }
                    if (messagePublicKeyDto != null) {
                        break;
                    }
                }
            }
            if (!header2.getInheritWrite()) {
                break;
            }
            UUID parentId3 = header2.getParentId();
            if (parentId3 == null) {
                messageDataDto3 = null;
            } else if (map.containsKey(parentId3)) {
                messageDataDto3 = map.get(parentId3);
            } else {
                promoteChainEntry(parentId3, loggerHook);
                DataContainer data3 = getData(parentId3, loggerHook);
                messageDataDto3 = data3 != null ? data3.getLastDataOrNull() : null;
            }
        }
        if (messagePublicKeyDto == null && (rootOfTrust = getRootOfTrust(idOrThrow)) != null) {
            for (String str2 : rootOfTrust.getAllowWrite()) {
                arrayList.add(str2);
                if (str2.equals(digest.getPublicKeyHash())) {
                    z = true;
                    MessagePublicKeyDto publicKey2 = getPublicKey(str2);
                    if (publicKey2 != null) {
                        messagePublicKeyDto = publicKey2;
                    }
                    if (messagePublicKeyDto != null) {
                        break;
                    }
                }
            }
        }
        if (messagePublicKeyDto == null) {
            if (z) {
                drop(loggerHook, messageDataDto, "entity has write roles but public key is missing", (MessageDataHeader) null);
                return false;
            }
            String str3 = "clazz=" + payloadClazzOrThrow + ", id=" + idOrThrow;
            String str4 = messageDataDto2 != null ? "clazz=" + messageDataDto2.getHeader().getPayloadClazzOrThrow() + ", id=" + parentId : "null";
            StringBuilder sb = new StringBuilder();
            sb.append("entity has no right to attach to its parent");
            sb.append("\n [entity: ").append(str3).append("]");
            sb.append("\n [parent: ").append(str4).append("]");
            for (String str5 : arrayList) {
                sb.append("\n [needs: hash=").append(str5);
                MessagePublicKeyDto publicKey3 = getPublicKey(str5);
                if (publicKey3 != null && publicKey3.getAlias() != null) {
                    sb.append(", alias=").append(publicKey3.getAlias());
                }
                sb.append("]");
            }
            sb.append("\n [digest: hash=").append(digest.getPublicKeyHash());
            MessagePublicKeyDto publicKey4 = getPublicKey(digest.getPublicKeyHash());
            if (publicKey4 != null && publicKey4.getAlias() != null) {
                sb.append(", alias=").append(publicKey4.getAlias());
            }
            sb.append("]");
            sb.append("\n from ");
            drop(loggerHook, messageDataDto, sb.toString(), (MessageDataHeader) null);
            return false;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MessageSerializer.writeBytes(byteArrayOutputStream, header.createFlatBuffer());
        if (messageDataDto.hasPayload()) {
            try {
                byte[] payloadBytes = messageDataDto.getPayloadBytes();
                if (payloadBytes == null) {
                    drop(loggerHook, messageDataDto, "message data has payload but it did not appear to be attached", (MessageDataHeader) null);
                    return false;
                }
                byteArrayOutputStream.write(payloadBytes);
            } catch (IOException e) {
                String message = e.getMessage();
                if (message == null) {
                    message = e.toString();
                }
                drop(loggerHook, messageDataDto, message.toLowerCase(), (MessageDataHeader) null);
                return false;
            }
        }
        byte[] hashSha = this.encryptor.hashSha(digest.getSeedBytes(), byteArrayOutputStream.toByteArray());
        if (!Arrays.areEqual(digest.getDigestBytes(), hashSha)) {
            drop(loggerHook, messageDataDto, "digest differential", (MessageDataHeader) null);
            return false;
        }
        byte[] signatureBytes = digest.getSignatureBytes();
        if (hashSha.length <= 4) {
            drop(loggerHook, messageDataDto, "digest of payload bytes invalid", (MessageDataHeader) null);
            return false;
        }
        if (signatureBytes.length <= 4) {
            drop(loggerHook, messageDataDto, "signature bytes invalid", (MessageDataHeader) null);
            return false;
        }
        if (this.encryptor.verify(messagePublicKeyDto, hashSha, signatureBytes)) {
            return true;
        }
        drop(loggerHook, messageDataDto, "signature verification failed", (MessageDataHeader) null);
        return false;
    }

    private boolean processData(MessageDataDto messageDataDto, MessageMetaDto messageMetaDto, LoggerHook loggerHook) throws IOException, InvalidCipherTextException {
        MessageDataHeaderDto header = messageDataDto.getHeader();
        if (messageDataDto.getDigest() == null) {
            drop(loggerHook, messageDataDto, messageMetaDto, "missing header or digest", null);
            return false;
        }
        UUID idOrThrow = header.getIdOrThrow();
        ConcurrentQueue<MessageDataMetaDto> computeIfAbsent = this.chainOfPartialTrust.computeIfAbsent(idOrThrow, uuid -> {
            return new ConcurrentQueue();
        });
        computeIfAbsent.add(new MessageDataMetaDto(messageDataDto, messageMetaDto));
        if (computeIfAbsent.size() <= 100) {
            return true;
        }
        promoteChainEntry(idOrThrow, loggerHook);
        return true;
    }

    public <T extends BaseDao> List<DataContainer> getAllData(Class<T> cls, LoggerHook loggerHook) {
        String name = cls != null ? cls.getName() : null;
        ArrayList arrayList = new ArrayList();
        this.chainOfPartialTrust.forEach((uuid, concurrentQueue) -> {
            MessageDataMetaDto messageDataMetaDto = (MessageDataMetaDto) concurrentQueue.peek();
            if (messageDataMetaDto == null) {
                return;
            }
            MessageDataDto data = messageDataMetaDto.getData();
            if (name == null || name.equals(data.getHeader().getPayloadClazzOrThrow())) {
                arrayList.add(data.getHeader().getIdOrThrow());
            }
        });
        arrayList.forEach(uuid2 -> {
            promoteChainEntry(uuid2, loggerHook);
        });
        ArrayList arrayList2 = new ArrayList();
        this.chainOfTrust.forEach((uuid3, dataContainer) -> {
            if (name == null || name.equals(dataContainer.getPayloadClazz())) {
                arrayList2.add(dataContainer);
            }
        });
        return arrayList2;
    }

    public List<DataContainer> getAllData(LoggerHook loggerHook) {
        return getAllData(null, loggerHook);
    }

    public boolean exists(UUID uuid, LoggerHook loggerHook) {
        DataContainer data = getData(uuid, loggerHook);
        if (data == null) {
            return false;
        }
        return data.hasPayload();
    }

    public boolean everExisted(UUID uuid, LoggerHook loggerHook) {
        return getData(uuid, loggerHook) != null;
    }

    public boolean immutable(UUID uuid, LoggerHook loggerHook) {
        DataContainer data = getData(uuid, loggerHook);
        if (data == null) {
            return false;
        }
        return data.getImmutable();
    }

    public DataContainer getData(UUID uuid, LoggerHook loggerHook) {
        promoteChainEntry(uuid, loggerHook);
        return this.chainOfTrust.getOrDefault(uuid, null);
    }

    public MessageDataHeaderDto getRootOfTrust(UUID uuid) {
        return this.rootOfTrust.getOrDefault(uuid, null);
    }

    public Iterable<MessageMetaDto> getHistory(UUID uuid, LoggerHook loggerHook) {
        DataContainer data = getData(uuid, loggerHook);
        return data == null ? new LinkedList() : data.getHistory();
    }

    private boolean processEncryptText(MessageEncryptTextDto messageEncryptTextDto, LoggerHook loggerHook) {
        this.encryptText.put(MessageSerializer.getKey(messageEncryptTextDto), messageEncryptTextDto);
        return true;
    }

    public MessageEncryptTextDto getEncryptedText(String str, String str2) {
        return this.encryptText.getOrDefault(str + ":" + str2, null);
    }

    private boolean processPublicKey(MessagePublicKeyDto messagePublicKeyDto, LoggerHook loggerHook) {
        this.publicKeys.put(MessageSerializer.getKey(messagePublicKeyDto), messagePublicKeyDto);
        return true;
    }

    public MessagePublicKeyDto getPublicKey(String str) {
        return this.publicKeys.getOrDefault(str, null);
    }

    public boolean hasPublicKey(String str) {
        if (str == null) {
            return false;
        }
        return this.publicKeys.containsKey(str);
    }
}
