package com.tokera.ate.security;

import com.tokera.ate.common.MapTools;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.PUUID;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.repo.DataContainer;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/tokera/ate/security/EffectivePermissionBuilder.class */
public class EffectivePermissionBuilder {
    private IPartitionKey partitionKey;
    private UUID origId;
    private UUID origParentId;
    private final AteDelegate d = AteDelegate.get();
    private boolean usePostMerged = true;
    private final Map<UUID, BaseDao> suppliedObjects = new HashMap();

    public EffectivePermissionBuilder(PUUID puuid, UUID uuid) {
        this.partitionKey = puuid;
        this.origId = puuid.id();
        this.origParentId = uuid;
    }

    public EffectivePermissionBuilder(IPartitionKey iPartitionKey, UUID uuid, UUID uuid2) {
        this.partitionKey = iPartitionKey;
        this.origId = uuid;
        this.origParentId = uuid2;
    }

    public EffectivePermissionBuilder setUsePostMerged(boolean z) {
        this.usePostMerged = z;
        return this;
    }

    public EffectivePermissionBuilder withSuppliedObject(BaseDao baseDao) {
        this.suppliedObjects.put(baseDao.getId(), baseDao);
        return this;
    }

    public EffectivePermissions build() {
        EffectivePermissions effectivePermissions = new EffectivePermissions();
        addRootTrust(effectivePermissions);
        addChainTrust(effectivePermissions);
        addImplicitTrust(effectivePermissions);
        addClaimableTrust(effectivePermissions);
        if (this.usePostMerged) {
            addPostMergedPerms(effectivePermissions);
        }
        effectivePermissions.updateEncryptKeyFromObjIfNull(this.origId, this);
        return effectivePermissions;
    }

    public BaseDao findDataObj(UUID uuid) {
        BaseDao baseDao = (BaseDao) MapTools.getOrNull(this.suppliedObjects, uuid);
        if (baseDao == null) {
            baseDao = this.d.dataStagingManager.find(this.partitionKey, uuid);
        }
        if (baseDao == null) {
            baseDao = this.d.headIO.getOrNull(PUUID.from(this.partitionKey, uuid));
        }
        return baseDao;
    }

    private void addRootTrust(EffectivePermissions effectivePermissions) {
        MessageDataHeaderDto rootOfTrust = this.d.headIO.getRootOfTrust(PUUID.from(this.partitionKey, this.origId));
        if (rootOfTrust != null) {
            effectivePermissions.encryptKeyHash = rootOfTrust.getEncryptKeyHash();
            effectivePermissions.rolesRead.addAll(rootOfTrust.getAllowRead());
            effectivePermissions.rolesWrite.addAll(rootOfTrust.getAllowWrite());
            effectivePermissions.anchorRolesRead.addAll(rootOfTrust.getAllowRead());
            effectivePermissions.anchorRolesWrite.addAll(rootOfTrust.getAllowWrite());
        }
    }

    private void addChainTrust(EffectivePermissions effectivePermissions) {
        boolean z = true;
        boolean z2 = true;
        UUID uuid = this.origId;
        UUID uuid2 = this.origParentId;
        do {
            DataContainer rawOrNull = this.d.headIO.getRawOrNull(PUUID.from(this.partitionKey, uuid));
            if (rawOrNull != null) {
                MessageDataHeaderDto mergedHeader = rawOrNull.getMergedHeader();
                if (effectivePermissions.encryptKeyHash == null) {
                    effectivePermissions.encryptKeyHash = mergedHeader.getEncryptKeyHash();
                }
                if (z) {
                    addRolesRead(effectivePermissions, mergedHeader.getAllowRead(), true);
                }
                if (z2) {
                    addRolesWrite(effectivePermissions, mergedHeader.getAllowWrite(), true);
                }
                if (!mergedHeader.getInheritRead()) {
                    z = false;
                }
                if (!mergedHeader.getInheritWrite()) {
                    z2 = false;
                }
                uuid2 = mergedHeader.getParentId();
            }
            uuid = uuid2;
            uuid2 = null;
        } while (uuid != null);
    }

    private void addImplicitTrust(EffectivePermissions effectivePermissions) {
        BaseDao findDataObj = findDataObj(this.origId);
        if (findDataObj != null) {
            Class<?> cls = findDataObj.getClass();
            Field field = (Field) MapTools.getOrNull(this.d.daoParents.getAllowedDynamicImplicitAuthority(), cls);
            if (field != null) {
                try {
                    Object obj = field.get(findDataObj);
                    if (obj == null || obj.toString().isEmpty()) {
                        throw new RuntimeException("The implicit authority field can not be null or empty [field: " + field.getName() + "].");
                    }
                    MessagePublicKeyDto enquireDomainKey = this.d.implicitSecurity.enquireDomainKey(obj.toString(), true);
                    if (enquireDomainKey == null) {
                        throw new WebApplicationException("No implicit authority found at domain name (missing TXT record)[" + this.d.bootstrapConfig.getImplicitAuthorityAlias() + "." + obj + "].", Response.Status.UNAUTHORIZED);
                    }
                    effectivePermissions.addWriteRole(enquireDomainKey);
                } catch (IllegalAccessException e) {
                    this.d.genericLogger.warn(e);
                }
            }
            String str = (String) MapTools.getOrNull(this.d.daoParents.getAllowedImplicitAuthority(), cls);
            if (str != null) {
                effectivePermissions.addWriteRole(this.d.implicitSecurity.enquireDomainKey(str, true));
            }
        }
        DataContainer rawOrNull = this.d.headIO.getRawOrNull(PUUID.from(this.partitionKey, this.origId));
        if (rawOrNull != null) {
            Iterator<String> it = rawOrNull.getMergedHeader().getImplicitAuthority().iterator();
            while (it.hasNext()) {
                effectivePermissions.addWriteRole(this.d.implicitSecurity.enquireDomainKey(it.next(), true));
            }
        }
    }

    private void addClaimableTrust(EffectivePermissions effectivePermissions) {
        BaseDao findDataObj = findDataObj(this.origId);
        if (findDataObj != null) {
            if (this.d.daoParents.getAllowedParentClaimable().contains(findDataObj.getClass()) && this.d.headIO.getRawOrNull(PUUID.from(this.partitionKey, this.origId)) == null) {
                effectivePermissions.addWriteRole(this.d.encryptor.getTrustOfPublicWrite());
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void addPostMergedPerms(EffectivePermissions effectivePermissions) {
        boolean z = false;
        boolean z2 = true;
        boolean z3 = true;
        UUID uuid = this.origId;
        UUID uuid2 = this.origParentId;
        do {
            BaseDao findDataObj = findDataObj(uuid);
            if (findDataObj != 0) {
                if (findDataObj instanceof IRoles) {
                    IRoles iRoles = (IRoles) findDataObj;
                    if (z2) {
                        addRolesRead(effectivePermissions, iRoles.getTrustAllowRead().values(), z);
                    }
                    if (z3) {
                        addRolesWrite(effectivePermissions, iRoles.getTrustAllowWrite().values(), z);
                    }
                    if (!iRoles.getTrustInheritRead()) {
                        z2 = false;
                    }
                    if (!iRoles.getTrustInheritWrite() && this.d.headIO.exists(PUUID.from(this.partitionKey, uuid))) {
                        z3 = false;
                    }
                }
                uuid2 = findDataObj.getParentId();
            } else {
                DataContainer rawOrNull = this.d.headIO.getRawOrNull(PUUID.from(this.partitionKey, uuid));
                if (rawOrNull != null) {
                    MessageDataHeaderDto mergedHeader = rawOrNull.getMergedHeader();
                    if (!mergedHeader.getInheritRead()) {
                        z2 = false;
                    }
                    if (!mergedHeader.getInheritWrite()) {
                        z3 = false;
                    }
                    uuid2 = mergedHeader.getParentId();
                }
            }
            z = true;
            uuid = uuid2;
            uuid2 = null;
        } while (uuid != null);
    }

    private void addRolesRead(EffectivePermissions effectivePermissions, Collection<String> collection, boolean z) {
        for (String str : collection) {
            if (!effectivePermissions.rolesRead.contains(str)) {
                effectivePermissions.rolesRead.add(str);
            }
        }
        if (z) {
            for (String str2 : collection) {
                if (!effectivePermissions.anchorRolesRead.contains(str2)) {
                    effectivePermissions.anchorRolesRead.add(str2);
                }
            }
        }
    }

    private void addRolesWrite(EffectivePermissions effectivePermissions, Collection<String> collection, boolean z) {
        for (String str : collection) {
            if (!effectivePermissions.rolesWrite.contains(str)) {
                effectivePermissions.rolesWrite.add(str);
            }
        }
        if (z) {
            for (String str2 : collection) {
                if (!effectivePermissions.anchorRolesWrite.contains(str2)) {
                    effectivePermissions.anchorRolesWrite.add(str2);
                }
            }
        }
    }
}
