package com.tokera.ate.io.repo;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.tokera.ate.common.Immutalizable;
import com.tokera.ate.common.LoggerHook;
import com.tokera.ate.common.MapTools;
import com.tokera.ate.dao.IRights;
import com.tokera.ate.dao.IRoles;
import com.tokera.ate.dao.base.BaseDao;
import com.tokera.ate.dao.base.BaseDaoInternal;
import com.tokera.ate.dao.enumerations.PermissionPhase;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.EffectivePermissions;
import com.tokera.ate.dto.PrivateKeyWithSeedDto;
import com.tokera.ate.dto.msg.MessageBaseDto;
import com.tokera.ate.dto.msg.MessageDataDigestDto;
import com.tokera.ate.dto.msg.MessageDataDto;
import com.tokera.ate.dto.msg.MessageDataHeaderDto;
import com.tokera.ate.dto.msg.MessageDataMetaDto;
import com.tokera.ate.dto.msg.MessagePrivateKeyDto;
import com.tokera.ate.dto.msg.MessagePublicKeyDto;
import com.tokera.ate.io.api.IPartitionKey;
import com.tokera.ate.scopes.Startup;
import com.tokera.ate.security.EffectivePermissionBuilder;
import com.tokera.ate.security.SecurityCastleContext;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
@Startup
/* loaded from: input_file:com/tokera/ate/io/repo/DataSerializer.class */
public class DataSerializer {
    private AteDelegate d = AteDelegate.get();

    @Inject
    private LoggerHook LOG;
    private static Cache<String, BaseDao> decryptCacheObj = CacheBuilder.newBuilder().maximumSize(1000).expireAfterWrite(10, TimeUnit.MINUTES).build();
    private static Cache<String, byte[]> decryptCacheData = CacheBuilder.newBuilder().maximumSize(10000).expireAfterWrite(10, TimeUnit.MINUTES).build();

    @PostConstruct
    public void init() {
        this.LOG.setLogClazz(DataSerializer.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void writeRightPublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        DataPartitionChain chain = dataPartition.getChain(true);
        if (baseDao instanceof IRights) {
            IRights iRights = (IRights) baseDao;
            for (PrivateKeyWithSeedDto privateKeyWithSeedDto : iRights.getRightsRead()) {
                if (!chain.hasPublicKey(privateKeyWithSeedDto.publicHash())) {
                    dataPartition.write(new MessagePublicKeyDto(privateKeyWithSeedDto), this.LOG);
                }
            }
            for (PrivateKeyWithSeedDto privateKeyWithSeedDto2 : iRights.getRightsWrite()) {
                String publicHash = privateKeyWithSeedDto2.publicHash();
                if (publicHash != null && !chain.hasPublicKey(publicHash)) {
                    dataPartition.write(new MessagePublicKeyDto(privateKeyWithSeedDto2), this.LOG);
                }
            }
        }
    }

    private void writeRolePublicKeys(Collection<String> collection, DataPartition dataPartition) {
        MessagePublicKeyDto publicKeyOrNull;
        DataPartitionChain chain = dataPartition.getChain(true);
        for (String str : collection) {
            if (!chain.hasPublicKey(str) && (publicKeyOrNull = this.d.io.publicKeyOrNull(dataPartition.partitionKey(), str)) != null) {
                dataPartition.write(publicKeyOrNull, this.LOG);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void writeRolePublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        if (baseDao instanceof IRoles) {
            IRoles iRoles = (IRoles) baseDao;
            writeRolePublicKeys(iRoles.getTrustAllowWrite().values(), dataPartition);
            writeRolePublicKeys(iRoles.getTrustAllowRead().values(), dataPartition);
        }
    }

    private void writePermissionPublicKeysForDataObject(DataPartition dataPartition) {
        DataPartitionChain chain = dataPartition.getChain(true);
        for (MessagePrivateKeyDto messagePrivateKeyDto : this.d.requestContext.currentTransaction().findPrivateKeys(dataPartition.partitionKey())) {
            if (!chain.hasPublicKey(messagePrivateKeyDto.getPublicKeyHash())) {
                dataPartition.write(new MessagePublicKeyDto(messagePrivateKeyDto), this.LOG);
            }
        }
        for (MessagePublicKeyDto messagePublicKeyDto : this.d.requestContext.currentTransaction().findPublicKeys(dataPartition.partitionKey())) {
            if (!chain.hasPublicKey(messagePublicKeyDto.getPublicKeyHash())) {
                dataPartition.write(messagePublicKeyDto, this.LOG);
            }
        }
    }

    private void writePublicKeysForDataObject(BaseDao baseDao, DataPartition dataPartition) {
        writeRightPublicKeysForDataObject(baseDao, dataPartition);
        writeRolePublicKeysForDataObject(baseDao, dataPartition);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void updateHeaderWithRolesForDataObject(BaseDao baseDao, MessageDataHeaderDto messageDataHeaderDto) {
        boolean z = true;
        boolean z2 = true;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (baseDao instanceof IRoles) {
            IRoles iRoles = (IRoles) baseDao;
            z = iRoles.getTrustInheritRead();
            z2 = iRoles.getTrustInheritWrite();
            hashSet.addAll(iRoles.getTrustAllowRead().values());
            hashSet2.addAll(iRoles.getTrustAllowWrite().values());
        }
        messageDataHeaderDto.setInheritRead(z);
        messageDataHeaderDto.setInheritWrite(z2);
        messageDataHeaderDto.setAllowRead(hashSet);
        messageDataHeaderDto.setAllowWrite(hashSet2);
    }

    private void updateHeaderWithImplicitAuthority(BaseDao baseDao, MessageDataHeaderDto messageDataHeaderDto) {
        HashSet hashSet = new HashSet();
        Field field = (Field) MapTools.getOrNull(this.d.daoParents.getAllowedDynamicImplicitAuthority(), baseDao.getClass());
        if (field != null) {
            try {
                Object obj = field.get(baseDao);
                if (obj != null) {
                    hashSet.add(obj.toString());
                }
            } catch (IllegalAccessException e) {
                this.d.genericLogger.warn(e);
            }
        }
        messageDataHeaderDto.setImplicitAuthority(hashSet);
    }

    public MessageDataHeaderDto buildHeaderForDataObject(BaseDao baseDao, UUID uuid, UUID uuid2) {
        MessageDataHeaderDto messageDataHeaderDto = new MessageDataHeaderDto(baseDao.getId(), uuid, uuid2, BaseDaoInternal.getPreviousVersion(baseDao), baseDao.getClass());
        updateHeaderWithRolesForDataObject(baseDao, messageDataHeaderDto);
        updateHeaderWithImplicitAuthority(baseDao, messageDataHeaderDto);
        UUID parentId = baseDao.getParentId();
        if (parentId != null) {
            messageDataHeaderDto.setParentId(parentId);
        }
        Set<UUID> mergesVersions = BaseDaoInternal.getMergesVersions(baseDao);
        if (mergesVersions != null) {
            messageDataHeaderDto.getMerges().copyFrom(mergesVersions);
        }
        return messageDataHeaderDto;
    }

    public MessageBaseDto toDataMessageDelete(MessageDataHeaderDto messageDataHeaderDto, DataPartition dataPartition) {
        IPartitionKey partitionKey = dataPartition.partitionKey();
        EffectivePermissions build = new EffectivePermissionBuilder(messageDataHeaderDto.getPayloadClazzOrThrow(), partitionKey, messageDataHeaderDto.getIdOrThrow()).withAvoidIoReads(true).withPhase(PermissionPhase.BeforeMerge).build();
        writeRolePublicKeys(build.rolesWrite, dataPartition);
        MessageDataHeaderDto messageDataHeaderDto2 = new MessageDataHeaderDto(messageDataHeaderDto);
        MessageDataDigestDto signDataMessage = this.d.dataSignatureBuilder.signDataMessage(partitionKey, messageDataHeaderDto2, null, build.rolesWrite);
        if (signDataMessage == null) {
            throw this.d.authorization.buildWriteException(build.rolesWrite, build, false);
        }
        writePermissionPublicKeysForDataObject(dataPartition);
        return new MessageDataDto(messageDataHeaderDto2, signDataMessage, null);
    }

    public MessageBaseDto toDataMessage(BaseDao baseDao, DataPartition dataPartition) {
        IPartitionKey partitionKey = dataPartition.partitionKey();
        UUID randomUUID = UUID.randomUUID();
        writePublicKeysForDataObject(baseDao, dataPartition);
        EffectivePermissions build = new EffectivePermissionBuilder(BaseDaoInternal.getType(baseDao), partitionKey, baseDao.getId()).withSuppliedObject(baseDao).withPhase(PermissionPhase.AfterMerge).build();
        if (build.rolesRead.size() <= 0) {
            throw this.d.authorization.buildReadException("Saving this object without any read roles would orphan it, consider deleting it instead.", build, false);
        }
        SecurityCastleContext makeCastle = this.d.securityCastleManager.makeCastle(partitionKey, build.rolesRead);
        build.castleId = makeCastle.id;
        MessageDataHeaderDto buildHeaderForDataObject = buildHeaderForDataObject(baseDao, makeCastle.id, randomUUID);
        byte[] serializeObj = this.d.os.serializeObj(baseDao);
        byte[] encryptAes = this.d.encryptor.encryptAes(makeCastle.key, serializeObj);
        EffectivePermissions build2 = new EffectivePermissionBuilder(BaseDaoInternal.getType(baseDao), partitionKey, baseDao.getId()).withSuppliedObject(baseDao).withPhase(PermissionPhase.DynamicChain).build();
        if (build2.rolesWrite.size() <= 0) {
            throw this.d.authorization.buildWriteException("Failed to write the object as there are no valid roles for this data object or its not connected to a parent.", build2.rolesWrite, build2, false);
        }
        MessageDataDigestDto signDataMessage = this.d.dataSignatureBuilder.signDataMessage(partitionKey, buildHeaderForDataObject, encryptAes, build2.rolesWrite);
        if (signDataMessage == null) {
            throw this.d.authorization.buildWriteException(build2.rolesWrite, build2, false);
        }
        if (serializeObj != null) {
            decryptCacheData.put(this.d.encryptor.hashMd5AndEncode(makeCastle.key, signDataMessage.getDigestBytesOrThrow()), serializeObj);
        }
        writePermissionPublicKeysForDataObject(dataPartition);
        MessageDataDto messageDataDto = new MessageDataDto(buildHeaderForDataObject, signDataMessage, encryptAes);
        BaseDaoInternal.pushVersion(baseDao, randomUUID);
        return messageDataDto;
    }

    public BaseDao fromDataMessage(IPartitionKey iPartitionKey, MessageDataMetaDto messageDataMetaDto, boolean z) {
        if (messageDataMetaDto == null) {
            return null;
        }
        return fromDataMessage(iPartitionKey, messageDataMetaDto.getData(), z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseDao fromDataMessage(IPartitionKey iPartitionKey, MessageDataDto messageDataDto, boolean z) {
        if (messageDataDto == null) {
            return null;
        }
        return readObjectFromDataMessage(iPartitionKey, messageDataDto, z);
    }

    private <T extends BaseDao> T lintDataObject(T t, MessageDataDto messageDataDto) {
        if (t == null) {
            return null;
        }
        MessageDataHeaderDto header = messageDataDto.getHeader();
        Field field = (Field) MapTools.getOrNull(this.d.daoParents.getAllowedDynamicImplicitAuthoritySimple(), header.getPayloadClazzOrThrow());
        if (field != null) {
            try {
                field.set(t, header.getImplicitAuthority().stream().findFirst().orElse(null));
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            }
        }
        return t;
    }

    protected BaseDao readObjectFromDataMessage(IPartitionKey iPartitionKey, MessageDataDto messageDataDto, boolean z) {
        byte[] aesKeyForHeader;
        if (!messageDataDto.hasPayload() || (aesKeyForHeader = getAesKeyForHeader(iPartitionKey, messageDataDto.getHeader(), z)) == null) {
            return null;
        }
        MessageDataDigestDto digest = messageDataDto.getDigest();
        byte[] digestBytesOrThrow = digest != null ? digest.getDigestBytesOrThrow() : messageDataDto.getPayloadBytes();
        if (digestBytesOrThrow == null) {
            return null;
        }
        String hashMd5AndEncode = this.d.encryptor.hashMd5AndEncode(aesKeyForHeader, digestBytesOrThrow);
        try {
            BaseDao lintDataObject = lintDataObject(this.d.io.clone((BaseDao) decryptCacheObj.get(hashMd5AndEncode, () -> {
                BaseDao readObjectFromDataMessageInternal = readObjectFromDataMessageInternal(hashMd5AndEncode, aesKeyForHeader, messageDataDto, iPartitionKey);
                if (readObjectFromDataMessageInternal == null) {
                    throw new RuntimeException("Failed to deserialize the data object.");
                }
                if (readObjectFromDataMessageInternal instanceof Immutalizable) {
                    readObjectFromDataMessageInternal.immutalize();
                }
                return readObjectFromDataMessageInternal;
            })), messageDataDto);
            validateObjectAfterRead(lintDataObject, messageDataDto);
            return lintDataObject;
        } catch (ExecutionException e) {
            BaseDao lintDataObject2 = lintDataObject(readObjectFromDataMessageInternal(hashMd5AndEncode, aesKeyForHeader, messageDataDto, iPartitionKey), messageDataDto);
            validateObjectAfterRead(lintDataObject2, messageDataDto);
            return lintDataObject2;
        }
    }

    private byte[] readDataFromDataMessageInternal(byte[] bArr, MessageDataDto messageDataDto) {
        byte[] payloadBytes = messageDataDto.getPayloadBytes();
        if (payloadBytes == null) {
            return null;
        }
        return this.d.encryptor.decryptAes(bArr, payloadBytes);
    }

    private BaseDao readObjectFromDataMessageInternal(String str, byte[] bArr, MessageDataDto messageDataDto, IPartitionKey iPartitionKey) {
        byte[] readDataFromDataMessageInternal;
        try {
            readDataFromDataMessageInternal = (byte[]) decryptCacheData.get(str, () -> {
                byte[] readDataFromDataMessageInternal2 = readDataFromDataMessageInternal(bArr, messageDataDto);
                if (readDataFromDataMessageInternal2 == null) {
                    throw new RuntimeException("Failed to recode the bytes from the stream.");
                }
                return readDataFromDataMessageInternal2;
            });
        } catch (ExecutionException e) {
            readDataFromDataMessageInternal = readDataFromDataMessageInternal(bArr, messageDataDto);
        }
        if (readDataFromDataMessageInternal == null) {
            return null;
        }
        BaseDao deserializeObj = this.d.os.deserializeObj(readDataFromDataMessageInternal, this.d.serializableObjectsExtension.findClass(messageDataDto.getHeader().getPayloadClazzOrThrow(), BaseDao.class));
        BaseDaoInternal.setPartitionKey(deserializeObj, iPartitionKey);
        BaseDaoInternal.setPreviousVersion(deserializeObj, messageDataDto.getHeader().getPreviousVersion());
        BaseDaoInternal.setMergesVersions(deserializeObj, messageDataDto.getHeader().getMerges());
        return deserializeObj;
    }

    private void validateObjectAfterRead(BaseDao baseDao, MessageDataDto messageDataDto) {
        MessageDataHeaderDto header = messageDataDto.getHeader();
        UUID idOrThrow = header.getIdOrThrow();
        if (!idOrThrow.equals(baseDao.getId())) {
            throw new RuntimeException("Read access denied (id does not match) - ID=" + idOrThrow);
        }
        if (!header.getPayloadClazzOrThrow().equals(BaseDaoInternal.getType(baseDao))) {
            throw new RuntimeException("Read access denied (payload types do not match) - ID=" + idOrThrow);
        }
        if (!Objects.equals(BaseDaoInternal.getPreviousVersion(baseDao), messageDataDto.getHeader().getPreviousVersion())) {
            throw new RuntimeException("Read access denied (previousVersion does not match)");
        }
    }

    private byte[] getAesKeyForHeader(IPartitionKey iPartitionKey, MessageDataHeaderDto messageDataHeaderDto, boolean z) {
        SecurityCastleContext enterCastle = this.d.securityCastleManager.enterCastle(iPartitionKey, messageDataHeaderDto.getCastleId(), this.d.currentRights.getRightsRead());
        if (enterCastle != null) {
            return enterCastle.key;
        }
        if (!z) {
            return null;
        }
        throw this.d.authorization.buildReadException(this.d.authorization.perms(messageDataHeaderDto.getPayloadClazz(), iPartitionKey, messageDataHeaderDto.getIdOrThrow(), PermissionPhase.BeforeMerge), true);
    }
}
