package com.tokera.ate.security;

import com.tokera.ate.common.MapTools;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.api.ISecurityCastleFactory;
import com.tokera.ate.io.repo.DataPartitionChain;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.enterprise.context.RequestScoped;
import org.apache.commons.codec.binary.Base64;

@RequestScoped
/* loaded from: input_file:com/tokera/ate/security/SecurityCastleManager.class */
public class SecurityCastleManager {
    private AteDelegate d = AteDelegate.get();
    private final Map<String, SecurityCastleContext> localCastles = new HashMap();
    private final Map<UUID, SecurityCastleContext> lookupCastles = new HashMap();

    public Collection<MessagePublicKeyDto> findPublicKeys(IPartitionKey iPartitionKey, Collection<String> collection) {
        DataPartitionChain chain = this.d.io.backend().getChain(iPartitionKey, true);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str : collection) {
            MessagePublicKeyDto findPublicKey = this.d.requestContext.currentTransaction().findPublicKey(iPartitionKey, str);
            if (findPublicKey != null) {
                linkedHashSet.add(findPublicKey);
            } else {
                PrivateKeyWithSeedDto findKey = this.d.currentRights.findKey(str);
                if (findKey != null) {
                    linkedHashSet.add(new MessagePublicKeyDto(findKey));
                } else {
                    MessagePublicKeyDto publicKey = chain.getPublicKey(str);
                    if (publicKey == null) {
                        throw new RuntimeException("We encountered a public key [" + str + "] that is not yet known to the distributed commit log. Ensure all public keys are merged before using them in data entities by either calling mergeLater(obj), mergeThreeWay(obj) or mergeThreeWay(publicKeyOrNull).");
                    }
                    linkedHashSet.add(publicKey);
                }
            }
        }
        return linkedHashSet;
    }

    public SecurityCastleContext makeCastle(IPartitionKey iPartitionKey, List<String> list) {
        String computePermissionsHash = this.d.encryptor.computePermissionsHash(iPartitionKey, list);
        ISecurityCastleFactory securityCastleFactory = this.d.io.securityCastleFactory();
        if (!this.d.bootstrapConfig.getDefaultAutomaticKeyRotation()) {
            SecurityCastleContext securityCastleContext = (SecurityCastleContext) MapTools.getOrNull(this.localCastles, computePermissionsHash);
            if (securityCastleContext == null) {
                Iterator<PrivateKeyWithSeedDto> it = this.d.currentRights.getRightsRead().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    PrivateKeyWithSeedDto next = it.next();
                    if (list.contains(next.publicHash())) {
                        SecurityCastleContext findContext = securityCastleFactory.findContext(iPartitionKey, computePermissionsHash, next);
                        if (findContext != null) {
                            this.localCastles.put(computePermissionsHash, findContext);
                            return findContext;
                        }
                    }
                }
            } else {
                return securityCastleContext;
            }
        }
        return this.localCastles.computeIfAbsent(computePermissionsHash, str -> {
            UUID randomUUID = UUID.randomUUID();
            byte[] decodeBase64 = Base64.decodeBase64(this.d.encryptor.generateSecret64());
            securityCastleFactory.putSecret(iPartitionKey, randomUUID, decodeBase64, findPublicKeys(iPartitionKey, list));
            SecurityCastleContext securityCastleContext2 = new SecurityCastleContext(randomUUID, decodeBase64);
            this.lookupCastles.put(randomUUID, securityCastleContext2);
            return securityCastleContext2;
        });
    }

    public SecurityCastleContext enterCastle(IPartitionKey iPartitionKey, UUID uuid, Collection<PrivateKeyWithSeedDto> collection) {
        SecurityCastleContext securityCastleContext = (SecurityCastleContext) MapTools.getOrNull(this.lookupCastles, uuid);
        if (securityCastleContext != null) {
            return securityCastleContext;
        }
        byte[] secret = this.d.io.securityCastleFactory().getSecret(iPartitionKey, uuid, collection);
        if (secret == null) {
            return null;
        }
        SecurityCastleContext securityCastleContext2 = new SecurityCastleContext(uuid, secret);
        this.lookupCastles.put(uuid, securityCastleContext2);
        return securityCastleContext2;
    }

    public boolean hasEncryptKey(IPartitionKey iPartitionKey, UUID uuid, String str) {
        return this.d.io.securityCastleFactory().exists(iPartitionKey, uuid, str);
    }

    public boolean hasCastle(IPartitionKey iPartitionKey, UUID uuid) {
        return this.d.io.securityCastleFactory().exists(iPartitionKey, uuid);
    }
}
