package io.javadog.cws.core.services;

import io.javadog.cws.api.common.Action;
import io.javadog.cws.api.common.CredentialType;
import io.javadog.cws.api.common.MemberRole;
import io.javadog.cws.api.common.ReturnCode;
import io.javadog.cws.api.common.TrustLevel;
import io.javadog.cws.api.requests.ProcessMemberRequest;
import io.javadog.cws.api.responses.ProcessMemberResponse;
import io.javadog.cws.core.enums.KeyAlgorithm;
import io.javadog.cws.core.enums.Permission;
import io.javadog.cws.core.exceptions.AuthenticationException;
import io.javadog.cws.core.exceptions.AuthorizationException;
import io.javadog.cws.core.exceptions.CWSException;
import io.javadog.cws.core.exceptions.IdentificationException;
import io.javadog.cws.core.exceptions.IllegalActionException;
import io.javadog.cws.core.exceptions.VerificationException;
import io.javadog.cws.core.jce.CWSKeyPair;
import io.javadog.cws.core.jce.IVSalt;
import io.javadog.cws.core.jce.SecretCWSKey;
import io.javadog.cws.core.model.MemberDao;
import io.javadog.cws.core.model.Settings;
import io.javadog.cws.core.model.entities.MemberEntity;
import io.javadog.cws.core.model.entities.TrusteeEntity;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.EnumSet;
import java.util.Objects;
import java.util.UUID;
import javax.persistence.EntityManager;

/* loaded from: input_file:io/javadog/cws/core/services/ProcessMemberService.class */
public final class ProcessMemberService extends Serviceable<MemberDao, ProcessMemberResponse, ProcessMemberRequest> {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.javadog.cws.core.services.ProcessMemberService$1, reason: invalid class name */
    /* loaded from: input_file:io/javadog/cws/core/services/ProcessMemberService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$javadog$cws$api$common$Action = new int[Action.values().length];

        static {
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.INVITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.LOGIN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.LOGOUT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.ALTER.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.UPDATE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.INVALIDATE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$io$javadog$cws$api$common$Action[Action.DELETE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public ProcessMemberService(Settings settings, EntityManager entityManager) {
        super(settings, new MemberDao(entityManager));
    }

    @Override // io.javadog.cws.core.services.Serviceable
    public ProcessMemberResponse perform(ProcessMemberRequest processMemberRequest) {
        ProcessMemberResponse processActions;
        if (processMemberRequest == null) {
            throw new VerificationException("Cannot Process a NULL Object.");
        }
        if (processMemberRequest.getCredentialType() == CredentialType.SIGNATURE) {
            verify(processMemberRequest);
            byte[] newCredential = processMemberRequest.getNewCredential();
            if (newCredential == null || newCredential.length == 0) {
                throw new VerificationException("The newCredential is missing in Request.");
            }
            processActions = processInvitation(processMemberRequest);
        } else {
            verifyRequest(processMemberRequest, Permission.PROCESS_MEMBER);
            Arrays.fill(processMemberRequest.getCredential(), (byte) 0);
            processActions = processActions(processMemberRequest);
        }
        return processActions;
    }

    private ProcessMemberResponse processActions(ProcessMemberRequest processMemberRequest) {
        ProcessMemberResponse deleteMember;
        switch (AnonymousClass1.$SwitchMap$io$javadog$cws$api$common$Action[processMemberRequest.getAction().ordinal()]) {
            case 1:
                deleteMember = createMember(processMemberRequest);
                break;
            case 2:
                deleteMember = inviteMember(processMemberRequest);
                break;
            case 3:
                deleteMember = loginMember(processMemberRequest);
                break;
            case 4:
                deleteMember = logoutMember();
                break;
            case 5:
                deleteMember = alterMember(processMemberRequest);
                break;
            case 6:
                deleteMember = updateMember(processMemberRequest);
                break;
            case 7:
                deleteMember = invalidate(processMemberRequest);
                break;
            case 8:
                deleteMember = deleteMember(processMemberRequest);
                break;
            default:
                throw new IllegalActionException("Unsupported Action.");
        }
        return deleteMember;
    }

    private ProcessMemberResponse createMember(ProcessMemberRequest processMemberRequest) {
        if (this.member.getMemberRole() != MemberRole.ADMIN) {
            throw new AuthorizationException("Members are not permitted to create new Accounts.");
        }
        String trim = processMemberRequest.getNewAccountName().trim();
        if (((MemberDao) this.dao).findMemberByName(trim) != null) {
            throw new CWSException(ReturnCode.IDENTIFICATION_WARNING, "An Account with the requested AccountName already exist.");
        }
        MemberEntity createNewAccount = createNewAccount(trim, whichRole(processMemberRequest), processMemberRequest.getNewCredential());
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse(theMember(createNewAccount) + " was successfully added to CWS.");
        processMemberResponse.setMemberId(createNewAccount.getExternalId());
        return processMemberResponse;
    }

    private ProcessMemberResponse inviteMember(ProcessMemberRequest processMemberRequest) {
        if (this.member.getMemberRole() != MemberRole.ADMIN) {
            throw new IllegalActionException("Members are not permitted to invite new Members.");
        }
        String trim = processMemberRequest.getNewAccountName().trim();
        if (((MemberDao) this.dao).findMemberByName(trim) != null) {
            throw new CWSException(ReturnCode.CONSTRAINT_ERROR, "Cannot create an invitation, as the account already exists.");
        }
        String uuid = UUID.randomUUID().toString();
        byte[] sign = this.crypto.sign(this.keyPair.getPrivate().getKey(), this.crypto.stringToBytes(uuid));
        MemberEntity memberEntity = new MemberEntity();
        memberEntity.setName(trim);
        memberEntity.setSalt(this.crypto.encryptWithMasterKey(uuid));
        memberEntity.setPbeAlgorithm(this.settings.getPasswordAlgorithm());
        memberEntity.setRsaAlgorithm(this.settings.getSignatureAlgorithm());
        memberEntity.setPrivateKey(CredentialType.SIGNATURE.name());
        memberEntity.setPublicKey(Base64.getEncoder().encodeToString(sign));
        memberEntity.setMemberRole(whichRole(processMemberRequest));
        ((MemberDao) this.dao).persist(memberEntity);
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse("An invitation was successfully issued for '" + trim + "'.");
        processMemberResponse.setMemberId(memberEntity.getExternalId());
        processMemberResponse.setSignature(sign);
        return processMemberResponse;
    }

    private static MemberRole whichRole(ProcessMemberRequest processMemberRequest) {
        return processMemberRequest.getMemberRole() != null ? processMemberRequest.getMemberRole() : MemberRole.STANDARD;
    }

    private ProcessMemberResponse loginMember(ProcessMemberRequest processMemberRequest) {
        byte[] newCredential = processMemberRequest.getNewCredential();
        byte[] encryptWithMasterKey = this.crypto.encryptWithMasterKey(newCredential);
        Arrays.fill(newCredential, (byte) 0);
        SecretCWSKey generatePasswordKey = this.crypto.generatePasswordKey(this.member.getPbeAlgorithm(), encryptWithMasterKey, this.crypto.decryptWithMasterKey(this.member.getSalt()));
        String armoringPrivateKey = this.crypto.armoringPrivateKey(generatePasswordKey, this.keyPair.getPrivate().getKey());
        this.member.setSessionChecksum(this.crypto.generateChecksum(encryptWithMasterKey));
        this.member.setSessionCrypto(armoringPrivateKey);
        this.member.setSessionExpire(calculateSessionExpiration());
        ((MemberDao) this.dao).persist(this.member);
        generatePasswordKey.destroy();
        return new ProcessMemberResponse(theMember(this.member) + " has successfully logged in.");
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [java.time.ZonedDateTime] */
    private Date calculateSessionExpiration() {
        return Date.from(LocalDateTime.now().plusMinutes(this.settings.getSessionTimeout().intValue()).atZone(ZoneId.systemDefault()).toInstant());
    }

    private ProcessMemberResponse logoutMember() {
        ((MemberDao) this.dao).removeSession(this.member);
        return new ProcessMemberResponse();
    }

    private ProcessMemberResponse alterMember(ProcessMemberRequest processMemberRequest) {
        if (this.member.getMemberRole() != MemberRole.ADMIN) {
            throw new AuthorizationException("Only Administrators may update the Role of a member.");
        }
        if (this.member.getExternalId().equals(processMemberRequest.getMemberId())) {
            throw new IllegalActionException("It is not permitted to alter own account.");
        }
        String memberId = processMemberRequest.getMemberId();
        MemberEntity memberEntity = (MemberEntity) ((MemberDao) this.dao).find(MemberEntity.class, memberId);
        memberEntity.setMemberRole(processMemberRequest.getMemberRole());
        ((MemberDao) this.dao).persist(memberEntity);
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse(theMember(memberEntity) + " has successfully been given the new role '" + processMemberRequest.getMemberRole() + "'.");
        processMemberResponse.setMemberId(memberId);
        return processMemberResponse;
    }

    private ProcessMemberResponse updateMember(ProcessMemberRequest processMemberRequest) {
        updateOwnAccountName(trim(processMemberRequest.getNewAccountName()));
        updateOwnCredential(processMemberRequest);
        updateOwnPublicKey(processMemberRequest);
        ((MemberDao) this.dao).persist(this.member);
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse(theMember(this.member) + " was successfully updated.");
        processMemberResponse.setMemberId(this.member.getExternalId());
        return processMemberResponse;
    }

    private void updateOwnAccountName(String str) {
        if (isEmpty(str)) {
            return;
        }
        if (((MemberDao) this.dao).findMemberByName(str) != null) {
            throw new CWSException(ReturnCode.CONSTRAINT_ERROR, "The new Account Name already exists.");
        }
        this.member.setName(str);
    }

    private void updateOwnCredential(ProcessMemberRequest processMemberRequest) {
        byte[] newCredential = processMemberRequest.getNewCredential();
        if (newCredential != null) {
            if (processMemberRequest.getCredentialType() != CredentialType.PASSPHRASE) {
                throw new CWSException(ReturnCode.VERIFICATION_WARNING, "It is only permitted to update the credentials when authenticating with Passphrase.");
            }
            CWSKeyPair updateMemberPassword = updateMemberPassword(this.member, newCredential);
            Arrays.fill(newCredential, (byte) 0);
            for (TrusteeEntity trusteeEntity : ((MemberDao) this.dao).findTrusteesByMember(this.member, EnumSet.allOf(TrustLevel.class))) {
                trusteeEntity.setCircleKey(this.crypto.encryptAndArmorCircleKey(updateMemberPassword.getPublic(), this.crypto.extractCircleKey(trusteeEntity.getKey().getAlgorithm(), this.keyPair.getPrivate(), trusteeEntity.getCircleKey())));
                ((MemberDao) this.dao).persist(trusteeEntity);
            }
        }
    }

    private void updateOwnPublicKey(ProcessMemberRequest processMemberRequest) {
        if (processMemberRequest.getPublicKey() != null) {
            this.member.setMemberKey(processMemberRequest.getPublicKey());
        }
    }

    private ProcessMemberResponse invalidate(ProcessMemberRequest processMemberRequest) {
        if (this.member.getMemberRole() == MemberRole.ADMIN) {
            throw new IllegalActionException("The System Administrator Account may not be invalidated.");
        }
        ((MemberDao) this.dao).removeSession(this.member);
        updateMemberPassword(this.member, processMemberRequest.getCredential());
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse();
        processMemberResponse.setReturnMessage(theMember(this.member) + " has been Invalidated.");
        return processMemberResponse;
    }

    private ProcessMemberResponse deleteMember(ProcessMemberRequest processMemberRequest) {
        ProcessMemberResponse processMemberResponse;
        if (processMemberRequest.getMemberId() == null) {
            ((MemberDao) this.dao).delete(this.member);
            processMemberResponse = new ProcessMemberResponse(ReturnCode.SUCCESS, theMember(this.member) + " has been successfully deleted.");
        } else {
            if (this.member.getMemberRole() != MemberRole.ADMIN) {
                throw new IllegalActionException("Members are not permitted to delete Accounts.");
            }
            processMemberResponse = processDeleteAsAdmin(processMemberRequest);
        }
        return processMemberResponse;
    }

    private ProcessMemberResponse processDeleteAsAdmin(ProcessMemberRequest processMemberRequest) {
        MemberEntity memberEntity = (MemberEntity) ((MemberDao) this.dao).find(MemberEntity.class, processMemberRequest.getMemberId());
        if (memberEntity == null) {
            throw new IdentificationException("No such Account exist.");
        }
        if (Objects.equals(this.member.getId(), memberEntity.getId())) {
            throw new IllegalActionException("It is not permitted to delete yourself.");
        }
        ((MemberDao) this.dao).delete(memberEntity);
        return new ProcessMemberResponse(ReturnCode.SUCCESS, theMember(memberEntity) + " has successfully been deleted.");
    }

    private ProcessMemberResponse processInvitation(ProcessMemberRequest processMemberRequest) {
        MemberEntity findMemberByName = ((MemberDao) this.dao).findMemberByName(processMemberRequest.getAccountName());
        if (findMemberByName == null) {
            throw new IdentificationException("Account does not exist.");
        }
        if (!Objects.equals(findMemberByName.getPrivateKey(), CredentialType.SIGNATURE.name())) {
            throw new VerificationException("Account does not have an invitation pending.");
        }
        if (!this.crypto.verify(this.crypto.dearmoringPublicKey(((MemberDao) this.dao).findMemberByName("admin").getPublicKey()), this.crypto.stringToBytes(this.crypto.decryptWithMasterKey(findMemberByName.getSalt())), processMemberRequest.getCredential())) {
            throw new AuthenticationException("The given signature is invalid.");
        }
        KeyAlgorithm passwordAlgorithm = this.settings.getPasswordAlgorithm();
        IVSalt iVSalt = new IVSalt();
        byte[] newCredential = processMemberRequest.getNewCredential();
        CWSKeyPair generateAsymmetricKey = this.crypto.generateAsymmetricKey(this.settings.getAsymmetricAlgorithm());
        SecretCWSKey generatePasswordKey = this.crypto.generatePasswordKey(passwordAlgorithm, newCredential, iVSalt.getArmored());
        generatePasswordKey.setSalt(iVSalt);
        findMemberByName.setSalt(this.crypto.encryptWithMasterKey(iVSalt.getArmored()));
        findMemberByName.setPbeAlgorithm(passwordAlgorithm);
        findMemberByName.setRsaAlgorithm(generateAsymmetricKey.getAlgorithm());
        findMemberByName.setMemberKey(processMemberRequest.getPublicKey());
        findMemberByName.setPublicKey(this.crypto.armoringPublicKey(generateAsymmetricKey.getPublic().getKey()));
        findMemberByName.setPrivateKey(this.crypto.armoringPrivateKey(generatePasswordKey, generateAsymmetricKey.getPrivate().getKey()));
        ((MemberDao) this.dao).persist(findMemberByName);
        ProcessMemberResponse processMemberResponse = new ProcessMemberResponse("The invitation was successfully processed for '" + findMemberByName.getName() + "'.");
        processMemberResponse.setMemberId(findMemberByName.getExternalId());
        return processMemberResponse;
    }

    private static String theMember(MemberEntity memberEntity) {
        return "The Member '" + memberEntity.getName() + "'";
    }
}
