package com.tokera.ate.delegates;

import com.tokera.ate.common.ImmutalizableArrayList;
import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.PUUID;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.dao.base.BaseDaoInternal;
import com.tokera.ate.dao.enumerations.PermissionPhase;
import com.tokera.ate.dto.ClaimDto;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.RolesPairDto;
import com.tokera.ate.dto.TokenDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.enumerations.LinuxCmds;
import com.tokera.ate.enumerations.PrivateKeyType;
import com.tokera.ate.events.NewAccessRightsEvent;
import com.tokera.ate.events.RightsValidationEvent;
import com.tokera.ate.events.TokenScopeChangedEvent;
import com.tokera.ate.events.TokenStateChangedEvent;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.repo.DataContainer;
import com.tokera.ate.providers.PartitionKeySerializer;
import com.tokera.ate.providers.TokenSerializer;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.EffectivePermissionBuilder;
import com.tokera.ate.security.Encryptor;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/delegates/AuthorizationDelegate.class */
public class AuthorizationDelegate {

    @Inject
    private LoggerHook LOG;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final AteDelegate d = AteDelegate.get();
    private TokenSerializer tokenSerializer = new TokenSerializer();

    public boolean canRead(BaseDao baseDao) {
        if (baseDao == null) {
            return false;
        }
        return this.d.authorization.perms(baseDao).canRead(this.d.currentRights);
    }

    public boolean canRead(PUUID puuid) {
        if (puuid == null) {
            return false;
        }
        return canRead(puuid.partition(), puuid.id());
    }

    public boolean canRead(IPartitionKey iPartitionKey, UUID uuid) {
        if (this.d.requestContext.currentTransaction().exists(PUUID.from(iPartitionKey, uuid))) {
            return true;
        }
        return this.d.authorization.perms(null, iPartitionKey, uuid, PermissionPhase.BeforeMerge).canRead(this.d.currentRights);
    }

    public boolean canWrite(BaseDao baseDao) {
        if (baseDao == null) {
            return false;
        }
        return this.d.authorization.perms(baseDao).canWrite(this.d.currentRights);
    }

    public boolean canWrite(PUUID puuid) {
        if (puuid == null) {
            return false;
        }
        return canWrite(puuid.partition(), puuid.id());
    }

    public void ensureCanWrite(BaseDao baseDao) {
        if (canWrite(baseDao)) {
            return;
        }
        EffectivePermissions perms = this.d.authorization.perms(baseDao);
        throw buildWriteException(perms.rolesWrite, perms, true);
    }

    public boolean canWrite(IPartitionKey iPartitionKey, UUID uuid) {
        return this.d.authorization.perms(null, iPartitionKey, uuid, PermissionPhase.BeforeMerge).canWrite(this.d.currentRights);
    }

    public RuntimeException buildWriteException(Collection<String> collection, EffectivePermissions effectivePermissions, boolean z) {
        return buildWriteException("Access denied while attempting to write object", collection, effectivePermissions, z);
    }

    public RuntimeException buildWriteException(String str, Collection<String> collection, EffectivePermissions effectivePermissions, boolean z) {
        IPartitionKey iPartitionKey = effectivePermissions.partitionKey;
        UUID uuid = effectivePermissions.id;
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append(" [");
        DataContainer readRawOrNull = this.d.io.readRawOrNull(PUUID.from(iPartitionKey, uuid));
        if (readRawOrNull != null) {
            sb.append(readRawOrNull.getPayloadClazz()).append(":");
        } else {
            BaseDao find = this.d.requestContext.currentTransaction().find(PUUID.from(iPartitionKey, uuid));
            if (find != null) {
                sb.append(BaseDaoInternal.getShortType(find)).append(":");
            }
        }
        sb.append(uuid).append("]\n");
        if (effectivePermissions.type != null) {
            sb.append(" >  type: ").append(effectivePermissions.type).append("\n");
        }
        sb.append(" > where: ").append(PartitionKeySerializer.toString(effectivePermissions.partitionKey)).append("\n");
        boolean z2 = false;
        for (String str2 : collection) {
            if (z2) {
                sb.append(" >        ");
            } else {
                sb.append(" > needs: ");
            }
            MessagePublicKeyDto publicKeyOrNull = this.d.io.publicKeyOrNull(iPartitionKey, str2);
            if (publicKeyOrNull == null) {
                sb.append("[missing] - ").append(str2);
            } else if (publicKeyOrNull.getAlias() != null) {
                sb.append(publicKeyOrNull.getAlias()).append(" - ").append(str2);
            } else {
                sb.append(str2);
            }
            sb.append("\n");
            z2 = true;
        }
        if (!z2) {
            sb.append(" > needs: [no write roles exist!]\n");
        }
        boolean z3 = false;
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : this.d.currentRights.getRightsWrite()) {
            if (z3) {
                sb.append(" >        ");
            } else {
                sb.append(" > roles: ");
            }
            sb.append(this.d.encryptor.getAlias(iPartitionKey, privateKeyWithSeedDto)).append(" - ").append(this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto));
            if (this.d.requestContext.currentTransaction().findPrivateKey(iPartitionKey, this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto)) == null) {
                sb.append(" [not staged!!]");
            }
            sb.append("\n");
            z3 = true;
        }
        if (!z3) {
            sb.append(" > roles: [no access rights]\n");
        }
        String sb2 = sb.toString();
        try {
            return new WebApplicationException(sb2, Response.Status.UNAUTHORIZED);
        } catch (Throwable th) {
            this.LOG.warn(th);
            return new WebApplicationException(sb2, Response.Status.UNAUTHORIZED);
        }
    }

    public void validateReadOrThrow(PUUID puuid) {
        validateReadOrThrow(puuid.partition(), puuid.id());
    }

    public void validateWriteOrThrow(PUUID puuid) {
        validateWriteOrThrow(puuid.partition(), puuid.id());
    }

    public void validateReadOrThrow(IPartitionKey iPartitionKey, UUID uuid) {
        EffectivePermissions perms = perms(null, iPartitionKey, uuid, PermissionPhase.BeforeMerge);
        if (!canRead(iPartitionKey, uuid)) {
            throw buildReadException(perms, false);
        }
    }

    public void validateWriteOrThrow(IPartitionKey iPartitionKey, UUID uuid) {
        EffectivePermissions perms = perms(null, iPartitionKey, uuid, PermissionPhase.BeforeMerge);
        if (!canWrite(iPartitionKey, uuid)) {
            throw buildWriteException(perms.rolesWrite, perms, false);
        }
    }

    public RuntimeException buildReadException(EffectivePermissions effectivePermissions, boolean z) {
        return buildReadException("Access denied while attempting to read object", effectivePermissions, z);
    }

    public RuntimeException buildReadException(String str, EffectivePermissions effectivePermissions, boolean z) {
        IPartitionKey iPartitionKey = effectivePermissions.partitionKey;
        UUID uuid = effectivePermissions.id;
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append(" [");
        DataContainer readRawOrNull = this.d.io.readRawOrNull(PUUID.from(iPartitionKey, uuid));
        if (readRawOrNull != null) {
            sb.append(readRawOrNull.getPayloadClazz()).append(":");
        }
        sb.append(uuid).append("]\n");
        if (effectivePermissions.type != null) {
            sb.append(" >  type: ").append(effectivePermissions.type).append("\n");
        }
        sb.append(" > where: ").append(PartitionKeySerializer.toString(iPartitionKey)).append("\n");
        sb.append(" > castle: ");
        UUID uuid2 = effectivePermissions.castleId;
        if (uuid2 != null) {
            sb.append(uuid2);
            if (this.d.securityCastleManager.hasCastle(iPartitionKey, uuid2)) {
                sb.append(" [missing!!]");
            }
            sb.append("\n");
        } else {
            sb.append("[none]\n");
        }
        boolean z2 = false;
        for (String str2 : effectivePermissions.rolesRead) {
            if (z2) {
                sb.append(" >        ");
            } else {
                sb.append(" > needs: ");
            }
            MessagePublicKeyDto publicKeyOrNull = this.d.io.publicKeyOrNull(iPartitionKey, str2);
            sb.append(publicKeyOrNull != null ? this.d.encryptor.getAlias(iPartitionKey, publicKeyOrNull) : "[missing]").append(" - ").append(str2);
            if (uuid2 == null) {
                sb.append(" [castle unknown]");
            } else if (this.d.securityCastleManager.hasCastle(iPartitionKey, uuid2)) {
                sb.append(" [castle missing]");
            } else if (this.d.securityCastleManager.hasEncryptKey(iPartitionKey, uuid2, str2)) {
                sb.append(" [castle key found]");
            } else {
                sb.append(" [castle key missing!!]");
            }
            sb.append("\n");
            z2 = true;
        }
        if (!z2) {
            sb.append(" > needs: [no read roles exist!]\n");
        }
        boolean z3 = false;
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : this.d.currentRights.getRightsRead()) {
            if (z3) {
                sb.append(" >        ");
            } else {
                sb.append(" > roles: ");
            }
            String publicKeyHash = this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto);
            sb.append(this.d.encryptor.getAlias(iPartitionKey, privateKeyWithSeedDto)).append(" - ").append(publicKeyHash);
            if (uuid2 == null) {
                sb.append(" [no castle]");
            } else if (this.d.securityCastleManager.hasCastle(iPartitionKey, uuid2)) {
                sb.append(" [castle missing]");
            } else if (this.d.securityCastleManager.hasEncryptKey(iPartitionKey, uuid2, publicKeyHash)) {
                if (effectivePermissions.rolesRead.contains(publicKeyHash)) {
                    sb.append(" [record found]");
                } else {
                    sb.append(" [irrelevant record found]");
                }
            } else if (effectivePermissions.rolesRead.contains(publicKeyHash)) {
                sb.append(" [record missing]");
            } else {
                sb.append(" [irrelevant record missing]");
            }
            sb.append("\n");
            z3 = true;
        }
        if (!z3) {
            sb.append(" > roles: [no access rights]\n");
        }
        String sb2 = sb.toString();
        try {
            return new WebApplicationException(sb2, Response.Status.UNAUTHORIZED);
        } catch (Throwable th) {
            this.LOG.warn(th);
            return new WebApplicationException(sb2, Response.Status.UNAUTHORIZED);
        }
    }

    public EffectivePermissions perms(BaseDao baseDao) {
        return perms(baseDao, PermissionPhase.AfterMerge);
    }

    public EffectivePermissions perms(BaseDao baseDao, PermissionPhase permissionPhase) {
        return new EffectivePermissionBuilder(BaseDaoInternal.getType(baseDao), baseDao.partitionKey(true), baseDao.getId()).withPhase(permissionPhase).withSuppliedObject(baseDao).build();
    }

    public EffectivePermissions perms(String str, PUUID puuid) {
        return this.d.permissionCache.perms(str, puuid.partition(), puuid.id(), PermissionPhase.BeforeMerge);
    }

    public EffectivePermissions perms(String str, PUUID puuid, PermissionPhase permissionPhase) {
        return this.d.permissionCache.perms(str, puuid.partition(), puuid.id(), permissionPhase);
    }

    public EffectivePermissions perms(String str, IPartitionKey iPartitionKey, UUID uuid) {
        return this.d.permissionCache.perms(str, iPartitionKey, uuid, PermissionPhase.BeforeMerge);
    }

    public EffectivePermissions perms(String str, IPartitionKey iPartitionKey, UUID uuid, PermissionPhase permissionPhase) {
        return this.d.permissionCache.perms(str, iPartitionKey, uuid, permissionPhase);
    }

    public void authorizeEntity(IRights iRights, IRoles iRoles) {
        authorizeEntityRead(iRights, iRoles);
        authorizeEntityWrite(iRights, iRoles);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void copy(IRoles iRoles, IRoles iRoles2) {
        boolean z = false;
        for (Map.Entry<String, String> entry : iRoles.getTrustAllowRead().entrySet()) {
            if (!iRoles2.getTrustAllowRead().getOrDefault(entry.getKey(), LinuxCmds.Void).equals(entry.getValue())) {
                iRoles2.getTrustAllowRead().put(entry.getKey(), entry.getValue());
                z = true;
            }
        }
        for (Map.Entry<String, String> entry2 : iRoles.getTrustAllowWrite().entrySet()) {
            if (!iRoles2.getTrustAllowWrite().getOrDefault(entry2.getKey(), LinuxCmds.Void).equals(entry2.getValue())) {
                iRoles2.getTrustAllowWrite().put(entry2.getKey(), entry2.getValue());
                z = true;
            }
        }
        if (z && (iRoles2 instanceof BaseDao)) {
            this.d.io.write((BaseDao) iRoles2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void copyEffective(BaseDao baseDao, IRoles iRoles) {
        EffectivePermissions perms = this.d.authorization.perms(baseDao);
        boolean z = false;
        for (String str : perms.rolesRead) {
            if (!iRoles.getTrustAllowRead().containsValue(str)) {
                iRoles.getTrustAllowRead().put(str, str);
                z = true;
            }
        }
        for (String str2 : perms.rolesWrite) {
            if (!iRoles.getTrustAllowWrite().containsValue(str2)) {
                iRoles.getTrustAllowWrite().put(str2, str2);
                z = true;
            }
        }
        if (z && (iRoles instanceof BaseDao)) {
            this.d.io.write((BaseDao) iRoles);
        }
    }

    public PrivateKeyWithSeedDto getImplicitRightToRead(IRights iRights) {
        String rightsAlias = iRights.getRightsAlias();
        return iRights.getRightsRead().stream().filter(privateKeyWithSeedDto -> {
            return rightsAlias.equals(privateKeyWithSeedDto.aliasOrHash());
        }).filter(privateKeyWithSeedDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicRead()));
        }).findFirst().orElse(null);
    }

    public PrivateKeyWithSeedDto getOrCreateImplicitRightToRead(IRights iRights) {
        String rightsAlias = iRights.getRightsAlias();
        PrivateKeyWithSeedDto orElse = iRights.getRightsRead().stream().filter(privateKeyWithSeedDto -> {
            return rightsAlias.equals(privateKeyWithSeedDto.aliasOrHash());
        }).filter(privateKeyWithSeedDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicRead()));
        }).findFirst().orElse(null);
        if (orElse == null) {
            if (iRights.readOnly()) {
                throw new WebApplicationException("Unable to create an implicit right to read for this entity as it is read only.", Response.Status.BAD_REQUEST);
            }
            orElse = new PrivateKeyWithSeedDto(PrivateKeyType.read, Encryptor.AES_KEY_SIZE, rightsAlias);
            iRights.getRightsRead().add(orElse);
            ensureKeyIsThere(orElse.key(), iRights);
        }
        return orElse;
    }

    public void authorizeEntityRead(IRights iRights, IRoles iRoles) {
        PrivateKeyWithSeedDto orCreateImplicitRightToRead = getOrCreateImplicitRightToRead(iRights);
        ensureKeyIsThere(orCreateImplicitRightToRead.key(), iRoles);
        authorizeEntityRead(orCreateImplicitRightToRead.key(), iRoles);
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull != null && iRights.getId().equals(tokenOrNull.getUserIdOrNull())) {
            this.d.eventTokenScopeChanged.fire(new TokenScopeChangedEvent(tokenOrNull));
            this.d.eventTokenChanged.fire(new TokenStateChangedEvent());
            this.d.eventNewAccessRights.fire(new NewAccessRightsEvent());
            this.d.eventRightsValidation.fire(new RightsValidationEvent());
        }
        iRights.onAddRight(iRoles);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void authorizeEntity(RolesPairDto rolesPairDto, IRoles iRoles) {
        if (rolesPairDto == null) {
            return;
        }
        if (rolesPairDto.read != null) {
            authorizeEntityRead(rolesPairDto.read, iRoles);
            if (iRoles instanceof BaseDao) {
                this.d.io.write((BaseDao) iRoles);
            }
        }
        if (rolesPairDto.write != null) {
            authorizeEntityWrite(rolesPairDto.write, iRoles);
            if (iRoles instanceof BaseDao) {
                this.d.io.write((BaseDao) iRoles);
            }
        }
    }

    public void authorizeEntityRead(PrivateKeyWithSeedDto privateKeyWithSeedDto, IRoles iRoles) {
        authorizeEntityRead(privateKeyWithSeedDto.key(), iRoles);
    }

    public void authorizeEntityRead(MessagePublicKeyDto messagePublicKeyDto, IRoles iRoles) {
        String publicKeyHash = this.d.encryptor.getPublicKeyHash(messagePublicKeyDto);
        ensureKeyIsThere(messagePublicKeyDto, iRoles);
        String aliasOrHash = messagePublicKeyDto.getAliasOrHash();
        if (iRoles.getTrustAllowRead().containsKey(aliasOrHash) && publicKeyHash.equals(iRoles.getTrustAllowRead().get(aliasOrHash))) {
            return;
        }
        iRoles.getTrustAllowRead().put(aliasOrHash, publicKeyHash);
    }

    public void authorizeEntityPublicRead(IRoles iRoles) {
        PrivateKeyWithSeedDto trustOfPublicRead = this.d.encryptor.getTrustOfPublicRead();
        ensureKeyIsThere(trustOfPublicRead.key(), iRoles);
        String publicHash = trustOfPublicRead.publicHash();
        if (!$assertionsDisabled && publicHash == null) {
            throw new AssertionError("@AssumeAssertion(nullness): Must not be null");
        }
        iRoles.getTrustAllowRead().put("public", publicHash);
    }

    public void authorizeWrite(MessagePublicKeyDto messagePublicKeyDto, IRoles iRoles) {
        ensureKeyIsThere(messagePublicKeyDto, iRoles);
        if (iRoles.getTrustAllowWrite().values().contains(messagePublicKeyDto.getPublicKeyHash())) {
            return;
        }
        iRoles.getTrustAllowWrite().put(messagePublicKeyDto.getAliasOrHash(), messagePublicKeyDto.getPublicKeyHash());
    }

    public PrivateKeyWithSeedDto getImplicitRightToWrite(IRights iRights) {
        String rightsAlias = iRights.getRightsAlias();
        return iRights.getRightsWrite().stream().filter(privateKeyWithSeedDto -> {
            return rightsAlias.equals(privateKeyWithSeedDto.aliasOrHash());
        }).filter(privateKeyWithSeedDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicWrite()));
        }).findFirst().orElse(null);
    }

    public PrivateKeyWithSeedDto getOrCreateImplicitRightToWrite(IRights iRights) {
        String rightsAlias = iRights.getRightsAlias();
        PrivateKeyWithSeedDto orElse = iRights.getRightsWrite().stream().filter(privateKeyWithSeedDto -> {
            return rightsAlias.equals(privateKeyWithSeedDto.aliasOrHash());
        }).filter(privateKeyWithSeedDto2 -> {
            return !this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto2).equals(this.d.encryptor.getPublicKeyHash(this.d.encryptor.getTrustOfPublicWrite()));
        }).findFirst().orElse(null);
        if (orElse == null) {
            if (iRights.readOnly()) {
                throw new WebApplicationException("Unable to create an implicit right to write for this entity as it is read only.", Response.Status.BAD_REQUEST);
            }
            orElse = new PrivateKeyWithSeedDto(PrivateKeyType.write, Encryptor.AES_KEY_SIZE, rightsAlias);
            iRights.getRightsWrite().add(orElse);
            ensureKeyIsThere(orElse.key(), iRights);
        }
        return orElse;
    }

    public void authorizeEntityWrite(IRights iRights, IRoles iRoles) {
        PrivateKeyWithSeedDto orCreateImplicitRightToWrite = getOrCreateImplicitRightToWrite(iRights);
        authorizeEntityWrite(orCreateImplicitRightToWrite.key(), iRoles);
        ensureKeyIsThere(orCreateImplicitRightToWrite.key(), iRoles);
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull != null && iRights.getId().equals(tokenOrNull.getUserIdOrNull())) {
            this.d.eventTokenScopeChanged.fire(new TokenScopeChangedEvent(tokenOrNull));
            this.d.eventNewAccessRights.fire(new NewAccessRightsEvent());
            this.d.eventTokenChanged.fire(new TokenStateChangedEvent());
            this.d.eventRightsValidation.fire(new RightsValidationEvent());
        }
        iRights.onAddRight(iRoles);
    }

    public void authorizeEntityWrite(PrivateKeyWithSeedDto privateKeyWithSeedDto, IRoles iRoles) {
        authorizeEntityWrite(privateKeyWithSeedDto.key(), iRoles);
    }

    public void authorizeEntityWrite(MessagePublicKeyDto messagePublicKeyDto, IRoles iRoles) {
        String publicKeyHash = this.d.encryptor.getPublicKeyHash(messagePublicKeyDto);
        ensureKeyIsThere(messagePublicKeyDto, iRoles);
        String aliasOrHash = messagePublicKeyDto.getAliasOrHash();
        if (iRoles.getTrustAllowWrite().containsKey(aliasOrHash) && publicKeyHash.equals(iRoles.getTrustAllowWrite().get(aliasOrHash))) {
            return;
        }
        iRoles.getTrustAllowWrite().put(aliasOrHash, this.d.encryptor.getPublicKeyHash(messagePublicKeyDto));
    }

    public void authorizeEntityPublicWrite(IRoles iRoles) {
        PrivateKeyWithSeedDto trustOfPublicWrite = this.d.encryptor.getTrustOfPublicWrite();
        ensureKeyIsThere(trustOfPublicWrite.key(), iRoles);
        String publicHash = trustOfPublicWrite.publicHash();
        if (!$assertionsDisabled && publicHash == null) {
            throw new AssertionError("@AssumeAssertion(nullness): Must not be null");
        }
        iRoles.getTrustAllowWrite().put("public", publicHash);
    }

    public void unauthorizeEntity(IRights iRights, IRoles iRoles) {
        unauthorizeEntityRead(iRights, iRoles);
        unauthorizeEntityWrite(iRights, iRoles);
    }

    public void unauthorizeEntityRead(IRights iRights, IRoles iRoles) {
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : (List) iRights.getRightsRead().stream().collect(Collectors.toList())) {
            Map.Entry<String, String> orElse = iRoles.getTrustAllowRead().entrySet().stream().filter(entry -> {
                return ((String) entry.getValue()).equals(this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto));
            }).findFirst().orElse(null);
            if (orElse != null) {
                iRoles.getTrustAllowRead().remove(orElse.getKey());
            }
        }
        iRights.onRemoveRight(iRoles);
    }

    public void unauthorizeEntityWrite(IRights iRights, IRoles iRoles) {
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : (List) iRights.getRightsWrite().stream().collect(Collectors.toList())) {
            Map.Entry<String, String> orElse = iRoles.getTrustAllowWrite().entrySet().stream().filter(entry -> {
                return ((String) entry.getValue()).equals(this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto));
            }).findFirst().orElse(null);
            if (orElse != null) {
                iRoles.getTrustAllowWrite().remove(orElse.getKey());
            }
        }
    }

    public void unauthorizeAlias(IRoles iRoles, String str) {
        unauthorizeAliasRead(iRoles, str);
        unauthorizeAliasWrite(iRoles, str);
    }

    public void unauthorizeAliasRead(IRoles iRoles, String str) {
        iRoles.getTrustAllowRead().remove(str);
    }

    public void unauthorizeAliasWrite(IRoles iRoles, String str) {
        iRoles.getTrustAllowWrite().remove(str);
    }

    public void unauthorizeAlias(IRights iRights, String str) {
        unauthorizeAliasRead(iRights, str);
        unauthorizeAliasWrite(iRights, str);
    }

    public void unauthorizeAliasRead(IRights iRights, String str) {
        Iterator it = ((List) iRights.getRightsRead().stream().filter(privateKeyWithSeedDto -> {
            return str.equals(this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto)) || str.equals(privateKeyWithSeedDto.publicHash());
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            iRights.getRightsRead().remove((PrivateKeyWithSeedDto) it.next());
        }
    }

    public void unauthorizeAliasWrite(IRights iRights, String str) {
        Iterator it = ((List) iRights.getRightsWrite().stream().filter(privateKeyWithSeedDto -> {
            return str.equals(this.d.encryptor.getPublicKeyHash(privateKeyWithSeedDto)) || str.equals(privateKeyWithSeedDto.publicHash());
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            iRights.getRightsWrite().remove((PrivateKeyWithSeedDto) it.next());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void ensureKeyIsThere(MessagePublicKeyDto messagePublicKeyDto, IRoles iRoles) {
        IPartitionKey partitionKey;
        if (!(iRoles instanceof BaseDao) || (partitionKey = ((BaseDao) iRoles).partitionKey(false)) == null) {
            return;
        }
        ensureKeyIsThere(partitionKey, messagePublicKeyDto);
    }

    public boolean authorize(String str, String str2, String str3, IRoles iRoles) {
        if (str2 == null) {
            throw new WebApplicationException("Failed to authorize (" + str + ") - the read role hash is null.");
        }
        if (str3 == null) {
            throw new WebApplicationException("Failed to authorize (" + str + ") - the write role hash is null.");
        }
        boolean z = false;
        if (!iRoles.getTrustAllowRead().containsKey(str)) {
            iRoles.getTrustAllowRead().put(str, str2);
            z = true;
        }
        if (!iRoles.getTrustAllowWrite().containsKey(str)) {
            iRoles.getTrustAllowWrite().put(str, str3);
            z = true;
        }
        return z;
    }

    public boolean unauthorize(String str, IRoles iRoles) {
        boolean z = false;
        if (iRoles.getTrustAllowRead().remove(str) != null) {
            z = true;
        }
        if (iRoles.getTrustAllowWrite().remove(str) != null) {
            z = true;
        }
        return z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void ensureKeyIsThere(MessagePublicKeyDto messagePublicKeyDto, IRights iRights) {
        if (iRights instanceof BaseDao) {
            IPartitionKey partitionKey = ((BaseDao) iRights).partitionKey(false);
            if (partitionKey != null) {
                ensureKeyIsThere(partitionKey, messagePublicKeyDto);
                return;
            }
            return;
        }
        IPartitionKey resolveOrNull = this.d.io.partitionResolver().resolveOrNull(iRights);
        if (resolveOrNull != null) {
            ensureKeyIsThere(resolveOrNull, messagePublicKeyDto);
        }
    }

    public void ensureKeyIsThere(MessagePublicKeyDto messagePublicKeyDto) {
        IPartitionKey partitionKeyScopeOrNull = this.d.requestContext.getPartitionKeyScopeOrNull();
        if (partitionKeyScopeOrNull != null) {
            ensureKeyIsThere(partitionKeyScopeOrNull, messagePublicKeyDto);
        }
    }

    public void ensureKeyIsThere(IPartitionKey iPartitionKey, MessagePublicKeyDto messagePublicKeyDto) {
        if (this.d.io.publicKeyOrNull(iPartitionKey, messagePublicKeyDto.getPublicKeyHash()) == null && this.d.requestContext.currentTransaction().findSavedPublicKey(iPartitionKey, messagePublicKeyDto.getPublicKeyHash()) == null) {
            this.d.io.write(iPartitionKey, messagePublicKeyDto);
        }
    }

    public String createToken(Map<String, List<String>> map, int i) {
        return this.tokenSerializer.createToken(map, i).getBase64();
    }

    public void validateToken(String str) {
        this.tokenSerializer.validateToken(new TokenDto(str));
    }

    public ImmutalizableArrayList<ClaimDto> extractTokenClaims(String str) {
        return this.tokenSerializer.extractTokenClaims(new TokenDto(str));
    }

    static {
        $assertionsDisabled = !AuthorizationDelegate.class.desiredAssertionStatus();
    }
}
