package io.scalecube.organization.operation;

import io.scalecube.account.api.AddOrganizationApiKeyRequest;
import io.scalecube.account.api.GetOrganizationResponse;
import io.scalecube.account.api.OrganizationServiceException;
import io.scalecube.account.api.Role;
import io.scalecube.account.api.Token;
import io.scalecube.organization.repository.OrganizationsRepository;
import io.scalecube.organization.repository.exception.AccessPermissionException;
import io.scalecube.organization.tokens.TokenVerifier;
import io.scalecube.organization.tokens.store.ApiKeyBuilder;
import io.scalecube.organization.tokens.store.KeyStore;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.EnumSet;
import java.util.UUID;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/scalecube/organization/operation/AddOrganizationApiKey.class */
public class AddOrganizationApiKey extends ServiceOperation<AddOrganizationApiKeyRequest, GetOrganizationResponse> {
    private final KeyPairGenerator keyPairGenerator;
    private final KeyStore keyStore;

    /* loaded from: input_file:io/scalecube/organization/operation/AddOrganizationApiKey$Builder.class */
    public static class Builder {
        private TokenVerifier tokenVerifier;
        private OrganizationsRepository repository;
        private KeyPairGenerator keyPairGenerator;
        private KeyStore keyStore;

        public Builder tokenVerifier(TokenVerifier tokenVerifier) {
            this.tokenVerifier = tokenVerifier;
            return this;
        }

        public Builder repository(OrganizationsRepository organizationsRepository) {
            this.repository = organizationsRepository;
            return this;
        }

        public Builder keyPairGenerator(KeyPairGenerator keyPairGenerator) {
            this.keyPairGenerator = keyPairGenerator;
            return this;
        }

        public Builder keyStore(KeyStore keyStore) {
            this.keyStore = keyStore;
            return this;
        }

        public AddOrganizationApiKey build() {
            return new AddOrganizationApiKey(this);
        }
    }

    private AddOrganizationApiKey(Builder builder) {
        super(builder.tokenVerifier, builder.repository);
        this.keyPairGenerator = builder.keyPairGenerator;
        this.keyStore = builder.keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.scalecube.organization.operation.ServiceOperation
    public Mono<GetOrganizationResponse> process(AddOrganizationApiKeyRequest addOrganizationApiKeyRequest, OperationServiceContext operationServiceContext) {
        return getOrganization(addOrganizationApiKeyRequest.organizationId()).doOnNext(organization -> {
            String str;
            checkSuperUserAccess(organization, operationServiceContext.profile());
            Role role = getRole(operationServiceContext.profile().userId(), organization);
            if (addOrganizationApiKeyRequest.claims() != null && (str = (String) addOrganizationApiKeyRequest.claims().get("role")) != null) {
                if (EnumSet.allOf(Role.class).stream().noneMatch(role2 -> {
                    return role2.name().equals(str);
                })) {
                    throw new OrganizationServiceException(String.format("Role '%s' is invalid", str));
                }
                Role valueOf = Role.valueOf(str);
                if (valueOf.isHigherThan(role)) {
                    throw new AccessPermissionException(String.format("user: '%s', name: '%s', role: '%s' cannot add api key with higher role '%s'", operationServiceContext.profile().userId(), operationServiceContext.profile().name(), role, valueOf));
                }
            }
            String uuid = UUID.randomUUID().toString();
            organization.addApiKey(ApiKeyBuilder.build(generateKeyPair(uuid).getPrivate(), organization.id(), uuid, addOrganizationApiKeyRequest));
        }).flatMap(organization2 -> {
            return operationServiceContext.repository().save(organization2.id(), organization2);
        }).map(organization3 -> {
            return getOrganizationResponse(organization3, apiKeyFilterBy(getRole(operationServiceContext.profile().userId(), organization3)));
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.scalecube.organization.operation.ServiceOperation
    public Mono<Void> validate(AddOrganizationApiKeyRequest addOrganizationApiKeyRequest, OperationServiceContext operationServiceContext) {
        return Mono.fromRunnable(() -> {
            requireNonNullOrEmpty(addOrganizationApiKeyRequest.organizationId(), "organizationId is a required argument");
            requireNonNullOrEmpty(addOrganizationApiKeyRequest.apiKeyName(), "apiKeyName is a required argument");
        }).then(Mono.defer(() -> {
            return getOrganization(addOrganizationApiKeyRequest.organizationId());
        })).flatMapMany(organization -> {
            return Flux.fromIterable(organization.apiKeys());
        }).filter(apiKey -> {
            return apiKey.name().equals(addOrganizationApiKeyRequest.apiKeyName());
        }).doOnNext(apiKey2 -> {
            throw new IllegalArgumentException("apiKey name:'" + apiKey2.name() + "' already exists");
        }).then();
    }

    private KeyPair generateKeyPair(String str) {
        KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
        this.keyStore.store(str, generateKeyPair);
        return generateKeyPair;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.scalecube.organization.operation.ServiceOperation
    public Token getToken(AddOrganizationApiKeyRequest addOrganizationApiKeyRequest) {
        return addOrganizationApiKeyRequest.token();
    }

    public static Builder builder() {
        return new Builder();
    }
}
