package io.javadog.cws.core.services;

import io.javadog.cws.api.common.MemberRole;
import io.javadog.cws.api.common.ReturnCode;
import io.javadog.cws.api.requests.Authentication;
import io.javadog.cws.api.requests.MasterKeyRequest;
import io.javadog.cws.api.responses.MasterKeyResponse;
import io.javadog.cws.core.enums.StandardSetting;
import io.javadog.cws.core.exceptions.AuthenticationException;
import io.javadog.cws.core.exceptions.CryptoException;
import io.javadog.cws.core.exceptions.IllegalActionException;
import io.javadog.cws.core.jce.MasterKey;
import io.javadog.cws.core.jce.SecretCWSKey;
import io.javadog.cws.core.model.CommonDao;
import io.javadog.cws.core.model.Settings;
import io.javadog.cws.core.model.entities.MemberEntity;
import io.javadog.cws.core.model.entities.SettingEntity;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.logging.Logger;
import javax.persistence.EntityManager;

/* loaded from: input_file:io/javadog/cws/core/services/MasterKeyService.class */
public final class MasterKeyService extends Serviceable<CommonDao, MasterKeyResponse, MasterKeyRequest> {
    private static final Logger LOG = Logger.getLogger(MasterKeyService.class.getName());

    public MasterKeyService(Settings settings, EntityManager entityManager) {
        super(settings, new CommonDao(entityManager));
    }

    @Override // io.javadog.cws.core.services.Serviceable
    public MasterKeyResponse perform(MasterKeyRequest masterKeyRequest) {
        verify(masterKeyRequest);
        if (Objects.equals(masterKeyRequest.getAccountName(), "admin")) {
            return checkRequest(masterKeyRequest);
        }
        throw new AuthenticationException("Given Account is not permitted to perform this request.");
    }

    private MasterKeyResponse checkRequest(MasterKeyRequest masterKeyRequest) {
        MasterKeyResponse masterKeyResponse;
        MasterKey masterKey = MasterKey.getInstance(this.settings);
        SecretCWSKey key = masterKey.getKey();
        SecretCWSKey prepareNewMasterKey = prepareNewMasterKey(masterKey, masterKeyRequest);
        MemberEntity findAdmin = findAdmin(masterKeyRequest);
        if (checkCredentials(prepareNewMasterKey, findAdmin, masterKeyRequest.getCredential())) {
            masterKey.setKey(prepareNewMasterKey);
            masterKeyResponse = new MasterKeyResponse(ReturnCode.SUCCESS, "MasterKey unlocked.");
        } else {
            if (!checkCredentials(key, findAdmin, masterKeyRequest.getCredential())) {
                throw new AuthenticationException("Invalid credentials.");
            }
            if (this.dao.countMembers().longValue() != 1) {
                throw new IllegalActionException("Cannot alter the MasterKey, as Member Accounts exists.");
            }
            masterKey.setKey(prepareNewMasterKey);
            updateMemberPassword(findAdmin, masterKeyRequest.getCredential());
            masterKeyResponse = new MasterKeyResponse(ReturnCode.SUCCESS, "MasterKey updated.");
        }
        return masterKeyResponse;
    }

    private SecretCWSKey prepareNewMasterKey(MasterKey masterKey, MasterKeyRequest masterKeyRequest) {
        byte[] secret = masterKeyRequest.getSecret();
        if (secret == null) {
            secret = MasterKey.readMasterKeySecretFromUrl(masterKeyRequest.getUrl());
            updateMasterKeySetting(masterKeyRequest.getUrl());
        } else {
            updateMasterKeySetting("");
        }
        return masterKey.generateMasterKey(secret);
    }

    private void updateMasterKeySetting(String str) {
        SettingEntity findSettingByKey = this.dao.findSettingByKey(StandardSetting.MASTERKEY_URL);
        if (findSettingByKey == null) {
            findSettingByKey = new SettingEntity();
            findSettingByKey.setName(StandardSetting.MASTERKEY_URL.getKey());
        }
        findSettingByKey.setSetting(str);
        this.dao.persist(findSettingByKey);
    }

    private boolean checkCredentials(SecretCWSKey secretCWSKey, MemberEntity memberEntity, byte[] bArr) {
        boolean z = false;
        try {
            String bytesToString = this.crypto.bytesToString(this.crypto.decrypt(secretCWSKey, Base64.getDecoder().decode(memberEntity.getSalt())));
            SecretCWSKey generatePasswordKey = this.crypto.generatePasswordKey(memberEntity.getPbeAlgorithm(), bArr, bytesToString);
            this.crypto.extractAsymmetricKey(memberEntity.getRsaAlgorithm(), generatePasswordKey, bytesToString, memberEntity.getPublicKey(), memberEntity.getPrivateKey());
            generatePasswordKey.destroy();
            z = true;
        } catch (CryptoException e) {
            LOG.log(Settings.DEBUG, "Decrypting the System Administrator Account failed: " + e.getMessage(), (Throwable) e);
        }
        return z;
    }

    private MemberEntity findAdmin(Authentication authentication) {
        List<MemberEntity> findMemberByRole = this.dao.findMemberByRole(MemberRole.ADMIN);
        return findMemberByRole.isEmpty() ? createNewAccount("admin", MemberRole.ADMIN, authentication.getCredential()) : findMemberByRole.get(0);
    }
}
