package com.tokera.ate.delegates;

import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.TokenDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.events.NewAccessRightsEvent;
import com.tokera.ate.events.RightsDiscoverEvent;
import com.tokera.ate.io.api.IPartitionKey;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.event.Observes;
import javax.ws.rs.WebApplicationException;

@RequestScoped
/* loaded from: input_file:com/tokera/ate/delegates/CurrentRightsDelegate.class */
public class CurrentRightsDelegate implements IRights {
    private AteDelegate d = AteDelegate.get();
    private RightsDiscoverEvent currentRights = new RightsDiscoverEvent();
    private Set<PrivateKeyWithSeedDto> rightsReadCache = null;
    private Set<PrivateKeyWithSeedDto> rightsWriteCache = null;
    private final Set<PrivateKeyWithSeedDto> impersonateRead = new HashSet();
    private final Set<PrivateKeyWithSeedDto> impersonateWrite = new HashSet();
    private String readRightsHash = null;

    public void init(@Observes NewAccessRightsEvent newAccessRightsEvent) {
        this.rightsReadCache = null;
        this.rightsWriteCache = null;
        this.currentRights = new RightsDiscoverEvent();
        this.d.eventRightsDiscover.fire(this.currentRights);
        clearRightsCache();
    }

    public void clearRightsCache() {
        this.rightsReadCache = null;
        this.rightsWriteCache = null;
        this.readRightsHash = null;
    }

    public void clearImpersonation() {
        this.impersonateRead.clear();
        this.impersonateWrite.clear();
        clearRightsCache();
    }

    public void impersonate(IPartitionKey iPartitionKey, IRights iRights) {
        this.d.requestContext.pushPartitionKey(iPartitionKey);
        try {
            this.d.authorization.getOrCreateImplicitRightToRead(iRights);
            this.d.authorization.getOrCreateImplicitRightToWrite(iRights);
            Iterator<PrivateKeyWithSeedDto> it = iRights.getRightsRead().iterator();
            while (it.hasNext()) {
                this.impersonateRead.add(it.next());
            }
            Iterator<PrivateKeyWithSeedDto> it2 = iRights.getRightsWrite().iterator();
            while (it2.hasNext()) {
                this.impersonateWrite.add(it2.next());
            }
            clearRightsCache();
        } finally {
            this.d.requestContext.popPartitionKey();
        }
    }

    public void impersonateRead(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        this.impersonateRead.add(privateKeyWithSeedDto);
        clearRightsCache();
    }

    public void impersonateWrite(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        this.impersonateWrite.add(privateKeyWithSeedDto);
        clearRightsCache();
    }

    public boolean unimpersonateRead(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        boolean remove = this.impersonateRead.remove(privateKeyWithSeedDto);
        clearRightsCache();
        return remove;
    }

    public boolean unimpersonateWrite(PrivateKeyWithSeedDto privateKeyWithSeedDto) {
        boolean remove = this.impersonateWrite.remove(privateKeyWithSeedDto);
        clearRightsCache();
        return remove;
    }

    public void impersonate(IRights iRights) {
        impersonate(this.d.io.partitionResolver().resolveOrThrow(iRights), iRights);
    }

    @Override // com.tokera.ate.dao.IRights
    public UUID getId() {
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull == null) {
            throw new WebApplicationException("There is no current user in the request.");
        }
        return tokenOrNull.getUserId();
    }

    @Override // com.tokera.ate.dao.IRights
    public Set<PrivateKeyWithSeedDto> getRightsRead() {
        if (this.rightsReadCache != null) {
            return this.rightsReadCache;
        }
        boolean z = true;
        HashSet hashSet = new HashSet();
        if (this.d.currentToken.getWithinTokenScope()) {
            hashSet.addAll(this.d.tokenSecurity.getRightsRead());
        }
        hashSet.addAll(this.currentRights.getRightsRead());
        PrivateKeyWithSeedDto currentUserTrustRead = this.currentRights.getCurrentUserTrustRead();
        if (currentUserTrustRead != null) {
            hashSet.add(currentUserTrustRead);
        } else {
            z = false;
        }
        if (this.impersonateRead != null) {
            hashSet.addAll(this.impersonateRead);
        } else {
            z = false;
        }
        hashSet.add(new PrivateKeyWithSeedDto(this.d.encryptor.getTrustOfPublicRead()));
        if (z) {
            this.rightsReadCache = hashSet;
        }
        return hashSet;
    }

    @Override // com.tokera.ate.dao.IRights
    public Set<PrivateKeyWithSeedDto> getRightsWrite() {
        if (this.rightsWriteCache != null) {
            return this.rightsWriteCache;
        }
        boolean z = true;
        HashSet hashSet = new HashSet();
        if (this.d.currentToken.getWithinTokenScope()) {
            hashSet.addAll(this.d.tokenSecurity.getRightsWrite());
        }
        hashSet.addAll(this.currentRights.getRightsWrite());
        PrivateKeyWithSeedDto currentUserTrustWrite = this.currentRights.getCurrentUserTrustWrite();
        if (currentUserTrustWrite != null) {
            hashSet.add(currentUserTrustWrite);
        } else {
            z = false;
        }
        if (this.impersonateWrite != null) {
            hashSet.addAll(this.impersonateWrite);
        } else {
            z = false;
        }
        hashSet.add(new PrivateKeyWithSeedDto(this.d.encryptor.getTrustOfPublicWrite()));
        if (z) {
            this.rightsWriteCache = hashSet;
        }
        return hashSet;
    }

    public String computeReadRightsHash() {
        if (this.readRightsHash != null) {
            return this.readRightsHash;
        }
        this.readRightsHash = this.d.encryptor.hashMd5AndEncode((Iterable<byte[]>) getRightsRead().stream().map(privateKeyWithSeedDto -> {
            return privateKeyWithSeedDto.seed().getBytes();
        }).collect(Collectors.toList()));
        return this.readRightsHash;
    }

    public MessagePublicKeyDto findKeyAndConvertToPublic(String str) {
        PrivateKeyWithSeedDto findKey = findKey(str);
        if (findKey == null) {
            return null;
        }
        return new MessagePublicKeyDto(findKey);
    }

    public PrivateKeyWithSeedDto findKey(String str) {
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto : getRightsRead()) {
            if (str.equals(privateKeyWithSeedDto.publicHash())) {
                return privateKeyWithSeedDto;
            }
        }
        for (PrivateKeyWithSeedDto privateKeyWithSeedDto2 : getRightsWrite()) {
            if (str.equals(privateKeyWithSeedDto2.publicHash())) {
                return privateKeyWithSeedDto2;
            }
        }
        return null;
    }

    @Override // com.tokera.ate.dao.IRights
    public String getRightsAlias() {
        TokenDto tokenOrNull = this.d.currentToken.getTokenOrNull();
        if (tokenOrNull == null) {
            throw new UnsupportedOperationException("No token attached to this session.");
        }
        return tokenOrNull.getUsername();
    }

    @Override // com.tokera.ate.dao.IRights
    public void onAddRight(IRoles iRoles) {
    }

    @Override // com.tokera.ate.dao.IRights
    public void onRemoveRight(IRoles iRoles) {
    }

    @Override // com.tokera.ate.dao.IRights
    public boolean readOnly() {
        return true;
    }

    public PrivateKeyWithSeedDto findReadKey(String str) {
        return getRightsRead().stream().filter(privateKeyWithSeedDto -> {
            return str.equals(privateKeyWithSeedDto.publicHash());
        }).findFirst().orElse(null);
    }

    public PrivateKeyWithSeedDto findWriteKey(String str) {
        return getRightsWrite().stream().filter(privateKeyWithSeedDto -> {
            return str.equals(privateKeyWithSeedDto.publicHash());
        }).findFirst().orElse(null);
    }
}
