package com.tokera.ate.io.repo;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.tokera.ate.common.Immutalizable;
import com.tokera.ate.common.ImmutalizableArrayList;
import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.common.MapTools;
import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.msg.MessageBaseDto;
import com.tokera.ate.dto.msg.MessageDataDigestDto;
import com.tokera.ate.dto.msg.MessageDataDto;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessageDataMetaDto;
import com.tokera.ate.dto.msg.MessageKeyPartDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.EffectivePermissionBuilder;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/io/repo/DataSerializer.class */
public class DataSerializer {
    private AteDelegate d = AteDelegate.get();

    @Inject
    private LoggerHook LOG;
    private static Cache<String, BaseDao> decryptCacheObj = CacheBuilder.newBuilder().maximumSize(1000).expireAfterWrite(10, TimeUnit.MINUTES).build();
    private static Cache<String, byte[]> decryptCacheData = CacheBuilder.newBuilder().maximumSize(10000).expireAfterWrite(10, TimeUnit.MINUTES).build();

    @PostConstruct
    public void init() {
        this.LOG.setLogClazz(DataSerializer.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] getEncryptKeyForDataObject(BaseDao baseDao, boolean z) {
        String encryptKey = this.d.daoHelper.getEncryptKey(baseDao, false, z);
        if (encryptKey != null) {
            return Base64.decodeBase64(encryptKey);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("No encryption toPutKeys available for this data entity\n");
        for (BaseDao baseDao2 : this.d.daoHelper.getObjAndParents(baseDao)) {
            sb.append(" - obj [clazz=").append(baseDao2.getClass().getSimpleName()).append(", id=").append(baseDao2.getId());
            if (baseDao2 instanceof IRoles) {
                if (((IRoles) baseDao2).getEncryptKey() != null) {
                    sb.append(", key=yes");
                } else {
                    sb.append(", key=no");
                }
            }
            sb.append("]\n");
        }
        throw new RuntimeException(sb.toString());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void writeRightPublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        DataPartitionChain chain = dataPartition.getChain();
        if (baseDao instanceof IRights) {
            IRights iRights = (IRights) baseDao;
            for (MessagePrivateKeyDto messagePrivateKeyDto : iRights.getRightsRead()) {
                if (!chain.hasPublicKey(messagePrivateKeyDto.getPublicKeyHash())) {
                    dataPartition.write(new MessagePublicKeyDto(messagePrivateKeyDto), this.LOG);
                }
            }
            for (MessagePrivateKeyDto messagePrivateKeyDto2 : iRights.getRightsWrite()) {
                String publicKeyHash = messagePrivateKeyDto2.getPublicKeyHash();
                if (publicKeyHash != null && !chain.hasPublicKey(publicKeyHash)) {
                    dataPartition.write(new MessagePublicKeyDto(messagePrivateKeyDto2), this.LOG);
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void writeRolePublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        MessagePublicKeyDto publicKeyOrNull;
        MessagePublicKeyDto publicKeyOrNull2;
        DataPartitionChain chain = dataPartition.getChain();
        if (baseDao instanceof IRoles) {
            IRoles iRoles = (IRoles) baseDao;
            for (String str : iRoles.getTrustAllowRead().values()) {
                if (!chain.hasPublicKey(str) && (publicKeyOrNull2 = this.d.headIO.publicKeyOrNull(dataPartition.partitionKey(), str)) != null) {
                    dataPartition.write(publicKeyOrNull2, this.LOG);
                }
            }
            for (String str2 : iRoles.getTrustAllowWrite().values()) {
                if (!chain.hasPublicKey(str2) && (publicKeyOrNull = this.d.headIO.publicKeyOrNull(dataPartition.partitionKey(), str2)) != null) {
                    dataPartition.write(publicKeyOrNull, this.LOG);
                }
            }
        }
    }

    private void writePermissionPublicKeysForDataObject(EffectivePermissions effectivePermissions, DataPartition dataPartition) {
        MessagePrivateKeyDto signKey;
        DataPartitionChain chain = dataPartition.getChain();
        for (String str : effectivePermissions.rolesWrite) {
            if (!chain.hasPublicKey(str) && (signKey = this.d.encryptKeyCachePerRequest.getSignKey(str)) != null) {
                ImmutalizableArrayList<MessageKeyPartDto> publicParts = signKey.getPublicParts();
                String publicKeyHash = signKey.getPublicKeyHash();
                if (publicParts != null && publicKeyHash != null) {
                    MessagePublicKeyDto messagePublicKeyDto = new MessagePublicKeyDto(publicParts, publicKeyHash);
                    String alias = signKey.getAlias();
                    if (alias != null) {
                        messagePublicKeyDto.setAlias(alias);
                    }
                    dataPartition.write(messagePublicKeyDto, this.LOG);
                }
            }
        }
    }

    private void writePermissionEncryptKeysForDataObject(EffectivePermissions effectivePermissions, DataPartition dataPartition, byte[] bArr, String str) {
        for (String str2 : effectivePermissions.rolesRead) {
            if (!this.d.headIO.secureKeyResolver().exists(dataPartition.partitionKey(), str, str2)) {
                this.d.headIO.secureKeyResolver().put(dataPartition.partitionKey(), bArr, str2);
            }
        }
    }

    private void writePublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        writeRightPublicKeysForDataObject(baseDao, dataPartition);
        writeRolePublicKeysForDataObject(baseDao, dataPartition);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void updateHeaderWithRolesForDataObject(BaseDao baseDao, MessageDataHeaderDto messageDataHeaderDto) {
        boolean z = true;
        boolean z2 = true;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (baseDao instanceof IRoles) {
            IRoles iRoles = (IRoles) baseDao;
            z = iRoles.getTrustInheritRead();
            z2 = iRoles.getTrustInheritWrite();
            hashSet.addAll(iRoles.getTrustAllowRead().values());
            hashSet2.addAll(iRoles.getTrustAllowWrite().values());
        }
        messageDataHeaderDto.setInheritRead(z);
        messageDataHeaderDto.setInheritWrite(z2);
        messageDataHeaderDto.setAllowRead(hashSet);
        messageDataHeaderDto.setAllowWrite(hashSet2);
    }

    private void updateHeaderWithImplicitAuthority(BaseDao baseDao, MessageDataHeaderDto messageDataHeaderDto) {
        HashSet hashSet = new HashSet();
        Field field = (Field) MapTools.getOrNull(this.d.daoParents.getAllowedDynamicImplicitAuthority(), baseDao.getClass());
        if (field != null) {
            try {
                Object obj = field.get(baseDao);
                if (obj != null) {
                    hashSet.add(obj.toString());
                }
            } catch (IllegalAccessException e) {
                this.d.genericLogger.warn(e);
            }
        }
        messageDataHeaderDto.setImplicitAuthority(hashSet);
    }

    private MessageDataHeaderDto buildHeaderForDataObject(BaseDao baseDao) {
        UUID uuid = baseDao.version;
        if (uuid == null) {
            uuid = UUID.randomUUID();
            baseDao.version = uuid;
        }
        MessageDataHeaderDto messageDataHeaderDto = new MessageDataHeaderDto(baseDao.getId(), uuid, baseDao.previousVersion, baseDao.getClass());
        updateHeaderWithRolesForDataObject(baseDao, messageDataHeaderDto);
        updateHeaderWithImplicitAuthority(baseDao, messageDataHeaderDto);
        UUID parentId = baseDao.getParentId();
        if (parentId != null) {
            messageDataHeaderDto.setParentId(parentId);
        }
        Set<UUID> set = baseDao.mergesVersions;
        if (set != null) {
            messageDataHeaderDto.getMerges().copyFrom(set);
        }
        return messageDataHeaderDto;
    }

    public MessageBaseDto toDataMessage(BaseDao baseDao, DataPartition dataPartition, boolean z, boolean z2) {
        IPartitionKey resolve = this.d.headIO.partitionResolver().resolve(baseDao);
        BaseDao.newVersion(baseDao);
        MessageDataHeaderDto buildHeaderForDataObject = buildHeaderForDataObject(baseDao);
        byte[] encryptKeyForDataObject = getEncryptKeyForDataObject(baseDao, z2);
        String hashShaAndEncode = this.d.encryptor.hashShaAndEncode(encryptKeyForDataObject);
        buildHeaderForDataObject.setEncryptKeyHash(hashShaAndEncode);
        writePublicKeysForDataObject(baseDao, dataPartition);
        EffectivePermissions build = new EffectivePermissionBuilder(resolve, baseDao.getId(), baseDao.getParentId()).setUsePostMerged(true).build();
        writePermissionEncryptKeysForDataObject(build, dataPartition, encryptKeyForDataObject, hashShaAndEncode);
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (!z) {
            bArr = this.d.os.serializeObj(baseDao);
            bArr2 = this.d.encryptor.encryptAes(encryptKeyForDataObject, bArr);
        }
        MessageDataDigestDto signDataMessage = this.d.dataSignatureBuilder.signDataMessage(buildHeaderForDataObject, bArr2, build);
        if (bArr != null && signDataMessage != null) {
            decryptCacheData.put(this.d.encryptor.hashMd5AndEncode(encryptKeyForDataObject, signDataMessage.getDigestBytes()), bArr);
        }
        writePermissionPublicKeysForDataObject(build, dataPartition);
        if (signDataMessage == null) {
            throw this.d.authorization.buildWriteException(resolve, baseDao.getId(), build, false);
        }
        return new MessageDataDto(buildHeaderForDataObject, signDataMessage, bArr2);
    }

    public BaseDao fromDataMessage(IPartitionKey iPartitionKey, MessageDataMetaDto messageDataMetaDto, boolean z) {
        if (messageDataMetaDto == null) {
            return null;
        }
        return fromDataMessage(iPartitionKey, messageDataMetaDto.getData(), z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseDao fromDataMessage(IPartitionKey iPartitionKey, MessageDataDto messageDataDto, boolean z) {
        BaseDao readObjectFromDataMessage;
        if (messageDataDto == null || !messageDataDto.hasPayload() || (readObjectFromDataMessage = readObjectFromDataMessage(iPartitionKey, messageDataDto, z)) == null) {
            return null;
        }
        validateObjectAfterRead(readObjectFromDataMessage, messageDataDto);
        return readObjectFromDataMessage;
    }

    private <T extends BaseDao> T lintDataObject(T t, MessageDataDto messageDataDto) {
        if (t == null) {
            return null;
        }
        MessageDataHeaderDto header = messageDataDto.getHeader();
        Object cloneObject = this.d.merger.cloneObject(t);
        if (cloneObject == null) {
            return null;
        }
        T t2 = (T) cloneObject;
        t2.version = header.getVersionOrThrow();
        t2.previousVersion = header.getPreviousVersion();
        t2.mergesVersions = header.getMerges();
        Field orDefault = this.d.daoParents.getAllowedDynamicImplicitAuthoritySimple().getOrDefault(header.getPayloadClazzOrThrow(), null);
        if (orDefault != null) {
            try {
                orDefault.set(t2, header.getImplicitAuthority().stream().findFirst().orElse(null));
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            }
        }
        return t2;
    }

    protected BaseDao readObjectFromDataMessage(IPartitionKey iPartitionKey, MessageDataDto messageDataDto, boolean z) {
        byte[] aesKeyForHeader = getAesKeyForHeader(iPartitionKey, messageDataDto.getHeader(), z);
        if (aesKeyForHeader == null) {
            return null;
        }
        MessageDataDigestDto digest = messageDataDto.getDigest();
        byte[] digestBytes = digest != null ? digest.getDigestBytes() : messageDataDto.getPayloadBytes();
        if (digestBytes == null) {
            return null;
        }
        String hashMd5AndEncode = this.d.encryptor.hashMd5AndEncode(aesKeyForHeader, digestBytes);
        try {
            return lintDataObject((BaseDao) decryptCacheObj.get(hashMd5AndEncode, () -> {
                BaseDao readObjectFromDataMessageInternal = readObjectFromDataMessageInternal(hashMd5AndEncode, aesKeyForHeader, messageDataDto);
                if (readObjectFromDataMessageInternal == null) {
                    throw new RuntimeException("Failed to deserialize the data object.");
                }
                if (readObjectFromDataMessageInternal instanceof Immutalizable) {
                    readObjectFromDataMessageInternal.immutalize();
                }
                return readObjectFromDataMessageInternal;
            }), messageDataDto);
        } catch (ExecutionException e) {
            return lintDataObject(readObjectFromDataMessageInternal(hashMd5AndEncode, aesKeyForHeader, messageDataDto), messageDataDto);
        }
    }

    private byte[] readDataFromDataMessageInternal(byte[] bArr, MessageDataDto messageDataDto) {
        byte[] payloadBytes = messageDataDto.getPayloadBytes();
        if (payloadBytes == null) {
            return null;
        }
        return this.d.encryptor.decryptAes(bArr, payloadBytes);
    }

    private BaseDao readObjectFromDataMessageInternal(String str, byte[] bArr, MessageDataDto messageDataDto) {
        byte[] readDataFromDataMessageInternal;
        try {
            readDataFromDataMessageInternal = (byte[]) decryptCacheData.get(str, () -> {
                byte[] readDataFromDataMessageInternal2 = readDataFromDataMessageInternal(bArr, messageDataDto);
                if (readDataFromDataMessageInternal2 == null) {
                    throw new RuntimeException("Failed to recode the bytes from the stream.");
                }
                return readDataFromDataMessageInternal2;
            });
        } catch (ExecutionException e) {
            readDataFromDataMessageInternal = readDataFromDataMessageInternal(bArr, messageDataDto);
        }
        if (readDataFromDataMessageInternal == null) {
            return null;
        }
        return this.d.os.deserializeObj(readDataFromDataMessageInternal, this.d.serializableObjectsExtension.findClass(messageDataDto.getHeader().getPayloadClazzOrThrow(), BaseDao.class));
    }

    private void validateObjectAfterRead(BaseDao baseDao, MessageDataDto messageDataDto) {
        MessageDataHeaderDto header = messageDataDto.getHeader();
        UUID idOrThrow = header.getIdOrThrow();
        if (!idOrThrow.equals(baseDao.getId())) {
            throw new RuntimeException("Read access denied (id does not match) - ID=" + idOrThrow);
        }
        if (!header.getPayloadClazzOrThrow().equals(baseDao.getClass().getName())) {
            throw new RuntimeException("Read access denied (payload types do not match) - ID=" + idOrThrow);
        }
    }

    private byte[] getAesKeyForHeader(IPartitionKey iPartitionKey, MessageDataHeaderDto messageDataHeaderDto, boolean z) {
        byte[] bArr = null;
        String encryptKeyHash = messageDataHeaderDto.getEncryptKeyHash();
        if (encryptKeyHash != null) {
            bArr = this.d.encryptKeyCachePerRequest.getEncryptKey(iPartitionKey, encryptKeyHash);
        }
        if (bArr == null) {
            if (encryptKeyHash != null) {
                Iterator<MessagePrivateKeyDto> it = this.d.currentRights.getRightsRead().iterator();
                while (it.hasNext()) {
                    bArr = this.d.encryptKeyCachePerRequest.getEncryptKey(iPartitionKey, encryptKeyHash, it.next());
                    if (bArr != null) {
                        break;
                    }
                }
            }
            if (bArr == null) {
                if (!z) {
                    return null;
                }
                throw this.d.authorization.buildReadException(iPartitionKey, messageDataHeaderDto.getIdOrThrow(), this.d.authorization.perms(iPartitionKey, messageDataHeaderDto.getIdOrThrow(), messageDataHeaderDto.getParentId(), false), true);
            }
        }
        return bArr;
    }
}
