package com.tokera.ate.security;

import com.tokera.ate.common.MapTools;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.PUUID;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.dao.base.BaseDaoInternal;
import com.tokera.ate.dao.enumerations.PermissionPhase;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.msg.MessageDataDto;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.enumerations.EnquireDomainKeyHandling;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.repo.DataContainer;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/tokera/ate/security/EffectivePermissionBuilder.class */
public class EffectivePermissionBuilder {
    private String type;
    private IPartitionKey partitionKey;
    private UUID origId;
    private final AteDelegate d = AteDelegate.get();
    private PermissionPhase origPhase = PermissionPhase.DynamicStaging;
    private final Map<UUID, BaseDao> suppliedObjects = new HashMap();
    private boolean avoidIoReads = false;

    public EffectivePermissionBuilder(String str, PUUID puuid) {
        this.type = str;
        this.partitionKey = puuid.partition();
        this.origId = puuid.id();
    }

    public EffectivePermissionBuilder(String str, IPartitionKey iPartitionKey, UUID uuid) {
        this.type = str;
        this.partitionKey = iPartitionKey;
        this.origId = uuid;
    }

    public EffectivePermissionBuilder withPhase(PermissionPhase permissionPhase) {
        this.origPhase = permissionPhase;
        return this;
    }

    public EffectivePermissionBuilder withAvoidIoReads(boolean z) {
        this.avoidIoReads = z;
        return this;
    }

    public EffectivePermissionBuilder withSuppliedObject(BaseDao baseDao) {
        this.suppliedObjects.put(baseDao.getId(), baseDao);
        return this;
    }

    private PermissionPhase computePhase(UUID uuid) {
        switch (this.origPhase) {
            case DynamicStaging:
                return this.d.requestContext.currentTransaction().isWritten(this.partitionKey, uuid) ? PermissionPhase.AfterMerge : PermissionPhase.BeforeMerge;
            case DynamicChain:
                return this.d.requestContext.currentTransaction().findSavedData(this.partitionKey, uuid) != null ? PermissionPhase.AfterMerge : PermissionPhase.BeforeMerge;
            default:
                return this.origPhase;
        }
    }

    public EffectivePermissions build() {
        EffectivePermissions effectivePermissions = new EffectivePermissions(this.type, this.partitionKey, this.origId);
        reconcileType(effectivePermissions);
        if (computePhase(this.origId) == PermissionPhase.BeforeMerge) {
            addRootTrust(effectivePermissions);
        }
        addChainTrust(effectivePermissions);
        if (computePhase(this.origId) == PermissionPhase.BeforeMerge) {
            addImplicitTrust(effectivePermissions);
            addClaimableTrust(effectivePermissions);
        }
        return effectivePermissions;
    }

    private void reconcileType(EffectivePermissions effectivePermissions) {
        BaseDao findDataObj;
        DataContainer readRawOrNull;
        if (effectivePermissions.type == null && (readRawOrNull = this.d.io.readRawOrNull(PUUID.from(this.partitionKey, this.origId))) != null) {
            effectivePermissions.type = readRawOrNull.getPayloadClazz();
        }
        if (effectivePermissions.type == null && computePhase(this.origId) == PermissionPhase.AfterMerge && (findDataObj = findDataObj(this.origId)) != null) {
            effectivePermissions.type = BaseDaoInternal.getType(findDataObj);
        }
    }

    public BaseDao findDataObj(UUID uuid) {
        BaseDao baseDao = (BaseDao) MapTools.getOrNull(this.suppliedObjects, uuid);
        if (this.avoidIoReads) {
            return baseDao;
        }
        if (baseDao == null) {
            baseDao = this.d.io.readOrNull(PUUID.from(this.partitionKey, uuid));
        }
        return baseDao;
    }

    private void addRootTrust(EffectivePermissions effectivePermissions) {
        MessageDataHeaderDto readRootOfTrust = this.d.io.readRootOfTrust(PUUID.from(this.partitionKey, this.origId));
        if (readRootOfTrust != null) {
            effectivePermissions.castleId = readRootOfTrust.getCastleId();
            effectivePermissions.rolesRead.addAll(readRootOfTrust.getAllowRead());
            effectivePermissions.rolesWrite.addAll(readRootOfTrust.getAllowWrite());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void addChainTrust(EffectivePermissions effectivePermissions) {
        MessageDataHeaderDto mergedHeader;
        boolean z = true;
        boolean z2 = true;
        boolean z3 = true;
        UUID uuid = this.origId;
        while (true) {
            UUID uuid2 = uuid;
            if (uuid2 == null) {
                return;
            }
            if (computePhase(uuid2) == PermissionPhase.AfterMerge) {
                MessageDataDto findSavedData = this.d.requestContext.currentTransaction().findSavedData(this.partitionKey, uuid2);
                if (findSavedData != null) {
                    MessageDataHeaderDto header = findSavedData.getHeader();
                    if (z3) {
                        effectivePermissions.castleId = header.getCastleId();
                        z3 = false;
                    }
                    if (z) {
                        addRolesRead(effectivePermissions, header.getAllowRead());
                    }
                    if (z2) {
                        addRolesWrite(effectivePermissions, header.getAllowWrite());
                    }
                    if (!header.getInheritRead()) {
                        z = false;
                    }
                    if (!header.getInheritWrite()) {
                        z2 = false;
                    }
                    uuid = header.getParentId();
                } else {
                    BaseDao findDataObj = findDataObj(uuid2);
                    if (findDataObj != 0) {
                        if (findDataObj instanceof IRoles) {
                            IRoles iRoles = (IRoles) findDataObj;
                            if (z) {
                                addRolesRead(effectivePermissions, iRoles.getTrustAllowRead().values());
                            }
                            if (z2) {
                                addRolesWrite(effectivePermissions, iRoles.getTrustAllowWrite().values());
                            }
                            if (!iRoles.getTrustInheritRead()) {
                                z = false;
                            }
                            if (!iRoles.getTrustInheritWrite()) {
                                z2 = false;
                            }
                        }
                        uuid = findDataObj.getParentId();
                    }
                }
            }
            DataContainer readRawOrNull = this.d.io.readRawOrNull(PUUID.from(this.partitionKey, uuid2));
            if (readRawOrNull == null || (mergedHeader = readRawOrNull.getMergedHeader()) == null) {
                MessageDataDto findSavedData2 = this.d.requestContext.currentTransaction().findSavedData(this.partitionKey, uuid2);
                if (findSavedData2 != null) {
                    uuid = findSavedData2.getHeader().getParentId();
                } else {
                    BaseDao findDataObj2 = findDataObj(uuid2);
                    if (findDataObj2 == null) {
                        return;
                    } else {
                        uuid = findDataObj2.getParentId();
                    }
                }
            } else {
                if (z3) {
                    effectivePermissions.castleId = mergedHeader.getCastleId();
                    z3 = false;
                }
                if (z) {
                    addRolesRead(effectivePermissions, mergedHeader.getAllowRead());
                }
                if (z2) {
                    addRolesWrite(effectivePermissions, mergedHeader.getAllowWrite());
                }
                if (!mergedHeader.getInheritRead()) {
                    z = false;
                }
                if (!mergedHeader.getInheritWrite()) {
                    z2 = false;
                }
                uuid = mergedHeader.getParentId();
            }
        }
    }

    private void addImplicitTrust(EffectivePermissions effectivePermissions) {
        MessageDataHeaderDto mergedHeader;
        DataContainer readRawOrNull = this.d.io.readRawOrNull(PUUID.from(this.partitionKey, this.origId));
        if (readRawOrNull != null && (mergedHeader = readRawOrNull.getMergedHeader()) != null) {
            Iterator<String> it = mergedHeader.getImplicitAuthority().iterator();
            while (it.hasNext()) {
                effectivePermissions.addWriteRole(this.d.implicitSecurity.enquireDomainKey(it.next(), EnquireDomainKeyHandling.ThrowOnNull, readRawOrNull.partitionKey));
            }
            return;
        }
        MessageDataDto findSavedData = this.d.requestContext.currentTransaction().findSavedData(this.partitionKey, this.origId);
        if (findSavedData != null) {
            Iterator<String> it2 = findSavedData.getHeader().getImplicitAuthority().iterator();
            while (it2.hasNext()) {
                effectivePermissions.addWriteRole(this.d.implicitSecurity.enquireDomainKey(it2.next(), EnquireDomainKeyHandling.ThrowOnNull, readRawOrNull.partitionKey));
            }
            return;
        }
        BaseDao findDataObj = findDataObj(this.origId);
        if (findDataObj != null) {
            Class<?> cls = findDataObj.getClass();
            IPartitionKey partitionKey = findDataObj.partitionKey(true);
            Field field = (Field) MapTools.getOrNull(this.d.daoParents.getAllowedDynamicImplicitAuthority(), cls);
            if (field != null) {
                try {
                    Object obj = field.get(findDataObj);
                    if (obj == null || obj.toString().isEmpty()) {
                        throw new RuntimeException("The implicit authority field can not be null or empty [field: " + field.getName() + "].");
                    }
                    MessagePublicKeyDto enquireDomainKey = this.d.implicitSecurity.enquireDomainKey(obj.toString(), EnquireDomainKeyHandling.ThrowOnError, partitionKey);
                    if (enquireDomainKey == null) {
                        throw new WebApplicationException("No implicit authority found at domain name (missing TXT record)[" + this.d.bootstrapConfig.getImplicitAuthorityAlias() + "." + obj + "].", Response.Status.UNAUTHORIZED);
                    }
                    effectivePermissions.addWriteRole(enquireDomainKey);
                } catch (IllegalAccessException e) {
                    this.d.genericLogger.warn(e);
                }
            }
            String str = (String) MapTools.getOrNull(this.d.daoParents.getAllowedImplicitAuthority(), cls);
            if (str != null) {
                effectivePermissions.addWriteRole(this.d.implicitSecurity.enquireDomainKey(str, EnquireDomainKeyHandling.ThrowOnNull, partitionKey));
            }
        }
    }

    private void addClaimableTrust(EffectivePermissions effectivePermissions) {
        if (effectivePermissions.type != null && this.d.io.readRawOrNull(PUUID.from(this.partitionKey, this.origId)) == null && this.d.daoParents.getAllowedParentClaimableSimple().contains(effectivePermissions.type)) {
            effectivePermissions.addWriteRole(new MessagePublicKeyDto(this.d.encryptor.getTrustOfPublicWrite()));
        }
    }

    private void addRolesRead(EffectivePermissions effectivePermissions, Collection<String> collection) {
        for (String str : collection) {
            if (!effectivePermissions.rolesRead.contains(str)) {
                effectivePermissions.rolesRead.add(str);
            }
        }
    }

    private void addRolesWrite(EffectivePermissions effectivePermissions, Collection<String> collection) {
        for (String str : collection) {
            if (!effectivePermissions.rolesWrite.contains(str)) {
                effectivePermissions.rolesWrite.add(str);
            }
        }
    }

    public String getType() {
        return this.type;
    }
}
