package io.javadog.cws.core.services;

import io.javadog.cws.api.common.CredentialType;
import io.javadog.cws.api.common.MemberRole;
import io.javadog.cws.api.common.ReturnCode;
import io.javadog.cws.api.common.TrustLevel;
import io.javadog.cws.api.common.Utilities;
import io.javadog.cws.api.dtos.Circle;
import io.javadog.cws.api.requests.Authentication;
import io.javadog.cws.api.requests.CircleIdRequest;
import io.javadog.cws.api.requests.Verifiable;
import io.javadog.cws.api.responses.CwsResponse;
import io.javadog.cws.core.enums.KeyAlgorithm;
import io.javadog.cws.core.enums.Permission;
import io.javadog.cws.core.exceptions.AuthenticationException;
import io.javadog.cws.core.exceptions.AuthorizationException;
import io.javadog.cws.core.exceptions.CWSException;
import io.javadog.cws.core.exceptions.CryptoException;
import io.javadog.cws.core.exceptions.VerificationException;
import io.javadog.cws.core.jce.CWSKeyPair;
import io.javadog.cws.core.jce.Crypto;
import io.javadog.cws.core.jce.IVSalt;
import io.javadog.cws.core.jce.SecretCWSKey;
import io.javadog.cws.core.model.CommonDao;
import io.javadog.cws.core.model.Settings;
import io.javadog.cws.core.model.entities.CircleEntity;
import io.javadog.cws.core.model.entities.DataEntity;
import io.javadog.cws.core.model.entities.MemberEntity;
import io.javadog.cws.core.model.entities.TrusteeEntity;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:io/javadog/cws/core/services/Serviceable.class */
public abstract class Serviceable<D extends CommonDao, R extends CwsResponse, A extends Authentication> {
    protected final Settings settings;
    protected final Crypto crypto;
    protected final D dao;
    protected List<TrusteeEntity> trustees = new ArrayList(0);
    protected MemberEntity member = null;
    protected CWSKeyPair keyPair = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public Serviceable(Settings settings, D d) {
        this.crypto = new Crypto(settings);
        this.settings = settings;
        this.dao = d;
    }

    public abstract R perform(A a);

    public void destroy() {
        if (this.keyPair != null) {
            this.keyPair.getPrivate().destroy();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void verifyRequest(A a, Permission permission) {
        if (!this.settings.isReady()) {
            throw new CWSException(ReturnCode.DATABASE_ERROR, "The Database is invalid, CWS neither can nor will work correctly until resolved.");
        }
        String str = null;
        if (a instanceof CircleIdRequest) {
            str = ((CircleIdRequest) a).getCircleId();
        }
        verify(a);
        if (a.getCredentialType() == CredentialType.SESSION) {
            verifySession(a, str);
        } else {
            verifyAccount(a, str);
            checkCredentials(this.member, a.getCredential(), this.member.getPrivateKey());
        }
        checkAuthorization(permission, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void verify(Verifiable verifiable) {
        if (verifiable == null) {
            throw new VerificationException("Cannot Process a NULL Object.");
        }
        Map validate = verifiable.validate();
        if (validate.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder(validate.size() * 75);
        for (Map.Entry entry : validate.entrySet()) {
            sb.append("\nKey: ");
            sb.append((String) entry.getKey());
            sb.append(", Error: ");
            sb.append((String) entry.getValue());
        }
        throw new VerificationException("Request Object contained errors:" + ((Object) sb));
    }

    private void verifySession(A a, String str) {
        byte[] encryptWithMasterKey = this.crypto.encryptWithMasterKey(a.getCredential());
        MemberEntity findMemberByChecksum = this.dao.findMemberByChecksum(this.crypto.generateChecksum(encryptWithMasterKey));
        if (findMemberByChecksum == null) {
            throw new AuthenticationException("No Session could be found.");
        }
        if (!Utilities.newDate().before(findMemberByChecksum.getSessionExpire())) {
            this.dao.removeSession(findMemberByChecksum);
            throw new AuthenticationException("The Session has expired.");
        }
        checkCredentials(findMemberByChecksum, encryptWithMasterKey, findMemberByChecksum.getSessionCrypto());
        checkMemberAccount(findMemberByChecksum, str);
    }

    private void verifyAccount(A a, String str) {
        String trim = trim(a.getAccountName());
        MemberEntity findMemberByName = this.dao.findMemberByName(trim);
        if (findMemberByName == null) {
            if (!Objects.equals("admin", trim)) {
                throw new AuthenticationException("Could not uniquely identify an account for '" + trim + "'.");
            }
            findMemberByName = createNewAccount("admin", MemberRole.ADMIN, a.getCredential());
        }
        checkMemberAccount(findMemberByName, str);
    }

    private void checkMemberAccount(MemberEntity memberEntity, String str) {
        if (str == null || memberEntity.getMemberRole() == MemberRole.ADMIN) {
            this.member = memberEntity;
        } else {
            this.member = this.dao.findMemberByNameAndCircleId(memberEntity.getName(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final MemberEntity createNewAccount(String str, MemberRole memberRole, byte[] bArr) {
        MemberEntity memberEntity = new MemberEntity();
        memberEntity.setName(str);
        memberEntity.setMemberRole(memberRole);
        updateMemberPassword(memberEntity, bArr);
        return memberEntity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CWSKeyPair updateMemberPassword(MemberEntity memberEntity, byte[] bArr) {
        KeyAlgorithm passwordAlgorithm = this.settings.getPasswordAlgorithm();
        KeyAlgorithm asymmetricAlgorithm = this.settings.getAsymmetricAlgorithm();
        IVSalt iVSalt = new IVSalt();
        SecretCWSKey generatePasswordKey = this.crypto.generatePasswordKey(passwordAlgorithm, bArr, iVSalt.getArmored());
        generatePasswordKey.setSalt(iVSalt);
        CWSKeyPair generateAsymmetricKey = this.crypto.generateAsymmetricKey(asymmetricAlgorithm);
        String armoringPublicKey = this.crypto.armoringPublicKey(generateAsymmetricKey.getPublic().getKey());
        String armoringPrivateKey = this.crypto.armoringPrivateKey(generatePasswordKey, generateAsymmetricKey.getPrivate().getKey());
        memberEntity.setSalt(this.crypto.encryptWithMasterKey(iVSalt.getArmored()));
        memberEntity.setPbeAlgorithm(passwordAlgorithm);
        memberEntity.setRsaAlgorithm(asymmetricAlgorithm);
        memberEntity.setPrivateKey(armoringPrivateKey);
        memberEntity.setPublicKey(armoringPublicKey);
        this.dao.persist(memberEntity);
        return generateAsymmetricKey;
    }

    private void checkCredentials(MemberEntity memberEntity, byte[] bArr, String str) {
        try {
            String decryptWithMasterKey = this.crypto.decryptWithMasterKey(memberEntity.getSalt());
            SecretCWSKey generatePasswordKey = this.crypto.generatePasswordKey(memberEntity.getPbeAlgorithm(), bArr, decryptWithMasterKey);
            this.keyPair = this.crypto.extractAsymmetricKey(memberEntity.getRsaAlgorithm(), generatePasswordKey, decryptWithMasterKey, memberEntity.getPublicKey(), str);
            generatePasswordKey.destroy();
        } catch (CryptoException e) {
            throw new AuthenticationException("Cannot authenticate the Account from the given Credentials.", e);
        }
    }

    private void checkAuthorization(Permission permission, String str) {
        if (permission.getTrustLevel() == TrustLevel.SYSOP && this.member.getMemberRole() != MemberRole.ADMIN) {
            throw new AuthorizationException("Cannot complete this request, as it is only allowed for the System Administrator.");
        }
        this.trustees = findTrustees(this.member, str, TrustLevel.getLevels(permission.getTrustLevel()));
        if (this.member.getMemberRole() != MemberRole.ADMIN && permission.getTrustLevel() != TrustLevel.ALL && this.trustees.isEmpty()) {
            throw new AuthorizationException("The requesting Account is not permitted to " + permission.getDescription());
        }
    }

    private SecretCWSKey extractCircleKey(DataEntity dataEntity) {
        return this.crypto.extractCircleKey(dataEntity.getKey().getAlgorithm(), this.keyPair.getPrivate(), findTrustee(dataEntity.getMetadata().getCircle().getExternalId()).getCircleKey());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] decryptData(DataEntity dataEntity) {
        String decryptWithMasterKey = this.crypto.decryptWithMasterKey(dataEntity.getInitialVector());
        SecretCWSKey extractCircleKey = extractCircleKey(dataEntity);
        extractCircleKey.setSalt(new IVSalt(decryptWithMasterKey));
        return this.crypto.decrypt(extractCircleKey, dataEntity.getData());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] encryptExternalKey(SecretCWSKey secretCWSKey, String str) {
        byte[] bArr = null;
        if (str != null) {
            secretCWSKey.setSalt(new IVSalt(this.settings.getSalt()));
            bArr = this.crypto.encrypt(secretCWSKey, this.crypto.stringToBytes(str));
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String decryptExternalKey(TrusteeEntity trusteeEntity) {
        byte[] circleKey = trusteeEntity.getCircle().getCircleKey();
        String str = null;
        if (circleKey != null) {
            SecretCWSKey extractCircleKey = this.crypto.extractCircleKey(trusteeEntity.getKey().getAlgorithm(), this.keyPair.getPrivate(), trusteeEntity.getCircleKey());
            extractCircleKey.setSalt(new IVSalt(this.settings.getSalt()));
            str = this.crypto.bytesToString(this.crypto.decrypt(extractCircleKey, circleKey));
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Circle convert(CircleEntity circleEntity, String str) {
        Circle circle = new Circle();
        circle.setCircleId(circleEntity.getExternalId());
        circle.setCircleName(circleEntity.getName());
        circle.setCircleKey(str);
        circle.setAdded(circleEntity.getAdded());
        return circle;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TrusteeEntity findTrustee(String str) {
        TrusteeEntity trusteeEntity = null;
        for (TrusteeEntity trusteeEntity2 : this.trustees) {
            if (Objects.equals(trusteeEntity2.getCircle().getExternalId(), str)) {
                trusteeEntity = trusteeEntity2;
            }
        }
        if (trusteeEntity == null) {
            throw new CWSException(ReturnCode.AUTHORIZATION_WARNING, "The current Account is not allowed to perform the given action.");
        }
        return trusteeEntity;
    }

    private List<TrusteeEntity> findTrustees(MemberEntity memberEntity, String str, Set<TrustLevel> set) {
        return str != null ? this.dao.findTrusteesByMemberAndCircle(memberEntity, str, set) : this.dao.findTrusteesByMember(memberEntity, set);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String trim(String str) {
        return str != null ? str.trim() : "";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }
}
