package com.tokera.ate.io.core;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.tokera.ate.common.MapTools;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.dto.msg.MessageSecurityCastleDto;
import com.tokera.ate.dto.msg.MessageSecurityGateDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.io.api.ISecurityCastleFactory;
import com.tokera.ate.io.repo.DataPartition;
import com.tokera.ate.security.SecurityCastleContext;
import java.util.Collections;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/tokera/ate/io/core/DefaultSecurityCastleFactory.class */
public class DefaultSecurityCastleFactory implements ISecurityCastleFactory {
    private AteDelegate d = AteDelegate.get();
    private static Cache<String, byte[]> secretCache = CacheBuilder.newBuilder().maximumSize(20000).expireAfterWrite(5, TimeUnit.MINUTES).build();

    private byte[] computeKeyFromCastle(MessageSecurityCastleDto messageSecurityCastleDto, Iterable<PrivateKeyWithSeedDto> iterable) {
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : iterable) {
            String str = (String) MapTools.getOrNull(messageSecurityCastleDto.getLookup(), privateKeyWithSeedDto.publicHash());
            if (str != null) {
                try {
                    return (byte[]) secretCache.get(privateKeyWithSeedDto.privateHash() + str, () -> {
                        return this.d.encryptor.decrypt(privateKeyWithSeedDto.key(), Base64.decodeBase64(str));
                    });
                } catch (ExecutionException e) {
                    throw new WebApplicationException("Failed to retrieve AES secret [castle=" + messageSecurityCastleDto.getIdOrThrow() + ", key=" + privateKeyWithSeedDto.publicHash() + "] while processing data object [id" + messageSecurityCastleDto.getId() + "].", e, Response.Status.UNAUTHORIZED);
                }
            }
        }
        return null;
    }

    @Override // com.tokera.ate.io.api.ISecurityCastleFactory
    public byte[] getSecret(IPartitionKey iPartitionKey, UUID uuid, Iterable<PrivateKeyWithSeedDto> iterable) {
        MessageSecurityCastleDto castle = this.d.io.backend().getChain(iPartitionKey, true).getCastle(uuid);
        if (castle == null) {
            return null;
        }
        return computeKeyFromCastle(castle, iterable);
    }

    @Override // com.tokera.ate.io.api.ISecurityCastleFactory
    public SecurityCastleContext findContext(IPartitionKey iPartitionKey, String str, PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        byte[] computeKeyFromCastle;
        MessageSecurityCastleDto castleByHash = this.d.storageFactory.get().backend().getChain(iPartitionKey, true).getCastleByHash(str);
        if (castleByHash == null || (computeKeyFromCastle = computeKeyFromCastle(castleByHash, Collections.singleton(privateKeyWithSeedDto))) == null) {
            return null;
        }
        return new SecurityCastleContext(castleByHash.getIdOrThrow(), computeKeyFromCastle);
    }

    @Override // com.tokera.ate.io.api.ISecurityCastleFactory
    public void putSecret(IPartitionKey iPartitionKey, UUID uuid, byte[] bArr, Iterable<MessagePublicKeyDto> iterable) {
        DataPartition orCreatePartition = this.d.io.backend().getOrCreatePartition(iPartitionKey);
        MessageSecurityCastleDto messageSecurityCastleDto = new MessageSecurityCastleDto(uuid);
        for (MessagePublicKeyDto messagePublicKeyDto : iterable) {
            messageSecurityCastleDto.getGates().add(new MessageSecurityGateDto(messagePublicKeyDto.getPublicKeyHash(), this.d.encryptor.encrypt(messagePublicKeyDto, bArr)));
        }
        orCreatePartition.write(messageSecurityCastleDto, this.d.genericLogger);
    }

    @Override // com.tokera.ate.io.api.ISecurityCastleFactory
    public boolean exists(IPartitionKey iPartitionKey, UUID uuid, String str) {
        MessageSecurityCastleDto castle = this.d.storageFactory.get().backend().getChain(iPartitionKey, true).getCastle(uuid);
        if (castle == null) {
            return false;
        }
        return castle.getLookup().containsKey(str);
    }

    @Override // com.tokera.ate.io.api.ISecurityCastleFactory
    public boolean exists(IPartitionKey iPartitionKey, UUID uuid) {
        return this.d.storageFactory.get().backend().getChain(iPartitionKey, true).getCastle(uuid) != null;
    }
}
