package org.rostore.service.apikey;

import io.quarkus.runtime.Startup;
import io.quarkus.vertx.ConsumeEvent;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;
import org.rostore.entity.Record;
import org.rostore.entity.StringKeyList;
import org.rostore.entity.apikey.ApiKeyDefinition;
import org.rostore.entity.apikey.ApiKeyPermissions;
import org.rostore.entity.apikey.Permission;
import org.rostore.entity.media.ContainerListProperties;
import org.rostore.entity.media.ContainerMeta;
import org.rostore.service.ContainerAdminService;
import org.rostore.service.RoStoreAccessor;
import org.rostore.service.RoStoreState;
import org.rostore.v2.container.DataWithRecord;
import org.rostore.v2.container.async.AsyncContainer;

@Startup
@ApplicationScoped
/* loaded from: input_file:org/rostore/service/apikey/ApiKeyManager.class */
public class ApiKeyManager {
    private static final Logger logger = Logger.getLogger(ContainerAdminService.class.getName());
    public static final String APIKEY_CONTAINER_NAME = "_rostore.internal.api-keys";
    private static final long CACHE_MILLIS = 900000;
    private static final int APIKEY_CONTAINER_SHARD_NUMBER = 2;
    private static final int APIKEY_CONTAINER_MAX_SIZE = 5242880;

    @Inject
    RoStoreAccessor roStoreAccessor;

    @Inject
    @ConfigProperty(name = "rootApiKey")
    String rootApiKey;

    @Inject
    ApiKeyRequestContext apiKeyRequestContext;
    private AsyncContainer apiKeyPool;
    private Map<String, DataWithRecord<ApiKeyDefinition>> keyCache = new HashMap();

    @ConsumeEvent("state-change")
    public void init(RoStoreState roStoreState) {
        try {
            if (roStoreState == RoStoreState.OPENED) {
                boolean z = false;
                logger.debugf("Opening an api-key container '%s'", APIKEY_CONTAINER_NAME);
                this.apiKeyPool = this.roStoreAccessor.getAsyncContainerMedia().getAsyncContainers().get(APIKEY_CONTAINER_NAME);
                if (this.apiKeyPool == null) {
                    z = true;
                    ContainerMeta containerMeta = new ContainerMeta();
                    containerMeta.setShardNumber(2);
                    containerMeta.setMaxSize(ContainerListProperties.LIST_MAX_SIZE_DEFAULT);
                    logger.debugf("Creating a new api-key container '%s'", APIKEY_CONTAINER_NAME);
                    this.apiKeyPool = this.roStoreAccessor.getAsyncContainerMedia().getAsyncContainers().create(APIKEY_CONTAINER_NAME, containerMeta);
                    logger.infof("A new api-key container '%s' has been created.", APIKEY_CONTAINER_NAME);
                } else {
                    logger.infof("An existing api-key container '%s' has been opened", APIKEY_CONTAINER_NAME);
                }
                if (z) {
                    repairRootApiKeyEntry();
                }
            }
        } catch (Exception e) {
            logger.error("Error in the api key manager initialization", e);
        }
    }

    public void checkContainerPermission(String str, Set<Permission> set) {
        ApiKeyDefinition andCheckKey = getAndCheckKey();
        if (andCheckKey.getApiKeyPermissions().getStorePermissions().contains(Permission.SUPER)) {
            return;
        }
        Set<Permission> containerPermissions = andCheckKey.getApiKeyPermissions().getContainerPermissions(str);
        if (containerPermissions == null || !containerPermissions.containsAll(set)) {
            throw new PermissionDeniedException("No access to the container " + str + " with set of permissions " + set.toString());
        }
    }

    public void checkStorePermission(Set<Permission> set) {
        if (set.contains(Permission.SUPER) && isRootApiKey()) {
            return;
        }
        Set<Permission> storePermissions = getAndCheckKey().getApiKeyPermissions().getStorePermissions();
        if (!storePermissions.contains(Permission.SUPER) && !storePermissions.containsAll(set)) {
            throw new PermissionDeniedException("No access to the storage with set of permissions " + String.valueOf(set));
        }
    }

    public boolean isRootApiKey() {
        return this.rootApiKey.equals(this.apiKeyRequestContext.getApiKey());
    }

    public DataWithRecord<ApiKeyDefinition> repairRootApiKeyEntry() {
        ApiKeyPermissions apiKeyPermissions = new ApiKeyPermissions();
        apiKeyPermissions.setStorePermissions(EnumSet.of(Permission.SUPER));
        ApiKeyDefinition apiKeyDefinition = new ApiKeyDefinition(this.rootApiKey, apiKeyPermissions);
        Record record = new Record();
        update(apiKeyDefinition, record);
        logger.info("Primary Root api key is updated: " + apiKeyDefinition.toString());
        return new DataWithRecord<>(record, apiKeyDefinition);
    }

    private void checkInitialized() {
        this.roStoreAccessor.getState().checkContainerRequestsAllowed();
        if (this.apiKeyPool == null) {
            throw new PermissionDeniedException("The store security mechanism is down.");
        }
    }

    public DataWithRecord<ApiKeyDefinition> create(ApiKeyPermissions apiKeyPermissions, Record record) {
        checkInitialized();
        String uuid = UUID.randomUUID().toString();
        this.apiKeyPool.put(0, uuid, (String) apiKeyPermissions, record);
        ApiKeyDefinition apiKeyDefinition = new ApiKeyDefinition(uuid, apiKeyPermissions);
        synchronized (this) {
            this.keyCache.put(uuid, new DataWithRecord<>(record, apiKeyDefinition));
        }
        return new DataWithRecord<>(record, apiKeyDefinition);
    }

    public void update(ApiKeyDefinition apiKeyDefinition, Record record) {
        checkInitialized();
        this.apiKeyPool.put(0, apiKeyDefinition.getKey(), (String) apiKeyDefinition.getApiKeyPermissions(), record);
        synchronized (this) {
            this.keyCache.put(apiKeyDefinition.getKey(), new DataWithRecord<>(record, apiKeyDefinition));
        }
    }

    public void remove(String str, Record record) {
        checkInitialized();
        this.apiKeyPool.remove(0, str, record);
    }

    public synchronized DataWithRecord<ApiKeyDefinition> get(String str) {
        checkInitialized();
        DataWithRecord<ApiKeyDefinition> dataWithRecord = this.keyCache.get(str);
        if (dataWithRecord != null && dataWithRecord.getData().getLastUpdate() + CACHE_MILLIS > System.currentTimeMillis()) {
            return dataWithRecord;
        }
        DataWithRecord dataWithRecord2 = this.apiKeyPool.get(0, str, ApiKeyPermissions.class);
        if (dataWithRecord2 == null) {
            this.keyCache.remove(str);
            return null;
        }
        DataWithRecord<ApiKeyDefinition> dataWithRecord3 = new DataWithRecord<>(dataWithRecord2.getRecord(), new ApiKeyDefinition(str, (ApiKeyPermissions) dataWithRecord2.getData()));
        this.keyCache.put(str, dataWithRecord3);
        return dataWithRecord3;
    }

    public synchronized StringKeyList list(String str) {
        checkInitialized();
        return this.apiKeyPool.list(0, str, (String) null, 100, 10485760);
    }

    public ApiKeyDefinition getAndCheckKey() {
        String apiKey = this.apiKeyRequestContext.getApiKey();
        if (apiKey == null) {
            throw new PermissionDeniedException("No Api-Key provided in the request and No public key configured on the store.");
        }
        DataWithRecord<ApiKeyDefinition> dataWithRecord = get(apiKey);
        if (dataWithRecord != null) {
            return dataWithRecord.getData();
        }
        if (this.apiKeyRequestContext.isDefaultApiKeyUsed()) {
            throw new PermissionDeniedException("Default Api Key is not associated with any resource.");
        }
        throw new PermissionDeniedException("Api key " + apiKey + " is not known or expired.");
    }
}
