package org.subshare.local;

import co.codewizards.cloudstore.core.Uid;
import co.codewizards.cloudstore.core.auth.SignatureException;
import co.codewizards.cloudstore.core.config.Config;
import co.codewizards.cloudstore.core.dto.ConfigPropSetDto;
import co.codewizards.cloudstore.core.dto.RepoFileDto;
import co.codewizards.cloudstore.core.dto.jaxb.ConfigPropSetDtoIo;
import co.codewizards.cloudstore.core.oio.File;
import co.codewizards.cloudstore.core.repo.local.LocalRepoTransaction;
import co.codewizards.cloudstore.core.util.AssertUtil;
import co.codewizards.cloudstore.core.util.ISO8601;
import co.codewizards.cloudstore.core.util.PropertiesUtil;
import co.codewizards.cloudstore.core.util.StringUtil;
import co.codewizards.cloudstore.local.dto.RepoFileDtoConverter;
import co.codewizards.cloudstore.local.persistence.Directory;
import co.codewizards.cloudstore.local.persistence.RemoteRepository;
import co.codewizards.cloudstore.local.persistence.RemoteRepositoryDao;
import co.codewizards.cloudstore.local.persistence.RepoFile;
import co.codewizards.cloudstore.local.persistence.RepoFileDao;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import javax.jdo.JDOHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.subshare.core.AccessDeniedException;
import org.subshare.core.DataKey;
import org.subshare.core.GrantAccessDeniedException;
import org.subshare.core.ReadAccessDeniedException;
import org.subshare.core.ReadUserIdentityAccessDeniedException;
import org.subshare.core.WriteAccessDeniedException;
import org.subshare.core.crypto.CryptoConfigUtil;
import org.subshare.core.dto.CollisionPrivateDto;
import org.subshare.core.dto.CryptoKeyPart;
import org.subshare.core.dto.CryptoKeyRole;
import org.subshare.core.dto.CryptoKeyType;
import org.subshare.core.dto.PermissionType;
import org.subshare.core.dto.PlainHistoCryptoRepoFileDto;
import org.subshare.core.dto.SignatureDto;
import org.subshare.core.dto.SsRepoFileDto;
import org.subshare.core.repo.local.CollisionFilter;
import org.subshare.core.sign.Signable;
import org.subshare.core.sign.WriteProtected;
import org.subshare.core.user.UserRepoKey;
import org.subshare.crypto.CipherOperationMode;
import org.subshare.local.PlainCryptoKeyFactory;
import org.subshare.local.dto.CollisionDtoConverter;
import org.subshare.local.dto.CollisionPrivateDtoConverter;
import org.subshare.local.dto.HistoCryptoRepoFileDtoConverter;
import org.subshare.local.persistence.Collision;
import org.subshare.local.persistence.CollisionDao;
import org.subshare.local.persistence.CollisionPrivate;
import org.subshare.local.persistence.CollisionPrivateDao;
import org.subshare.local.persistence.CryptoConfigPropSet;
import org.subshare.local.persistence.CryptoConfigPropSetDao;
import org.subshare.local.persistence.CryptoKey;
import org.subshare.local.persistence.CryptoKeyDao;
import org.subshare.local.persistence.CryptoKeyDeactivation;
import org.subshare.local.persistence.CryptoLink;
import org.subshare.local.persistence.CryptoLinkDao;
import org.subshare.local.persistence.CryptoRepoFile;
import org.subshare.local.persistence.CryptoRepoFileDao;
import org.subshare.local.persistence.CurrentHistoCryptoRepoFile;
import org.subshare.local.persistence.CurrentHistoCryptoRepoFileDao;
import org.subshare.local.persistence.HistoCryptoRepoFile;
import org.subshare.local.persistence.HistoCryptoRepoFileDao;
import org.subshare.local.persistence.HistoFrame;
import org.subshare.local.persistence.HistoFrameDao;
import org.subshare.local.persistence.InvitationUserRepoKeyPublicKey;
import org.subshare.local.persistence.Permission;
import org.subshare.local.persistence.PermissionDao;
import org.subshare.local.persistence.PermissionSet;
import org.subshare.local.persistence.PermissionSetDao;
import org.subshare.local.persistence.PermissionSetInheritance;
import org.subshare.local.persistence.PlainHistoCryptoRepoFile;
import org.subshare.local.persistence.PlainHistoCryptoRepoFileDao;
import org.subshare.local.persistence.PreliminaryDeletion;
import org.subshare.local.persistence.PreliminaryDeletionDao;
import org.subshare.local.persistence.UserIdentityLinkDao;
import org.subshare.local.persistence.UserRepoKeyPublicKey;
import org.subshare.local.persistence.UserRepoKeyPublicKeyDao;
import org.subshare.local.persistence.UserRepoKeyPublicKeyReplacementRequestDao;

/* loaded from: input_file:org/subshare/local/CryptreeNode.class */
public class CryptreeNode {
    private static final Logger logger = LoggerFactory.getLogger(CryptreeNode.class);
    private static final Map<CryptoKeyRole, Class<? extends PlainCryptoKeyFactory>> cryptoKeyRole2PlainCryptoKeyFactory;
    private final CryptreeContext context;
    private CryptreeNode parent;
    private RepoFile repoFile;
    private CryptoRepoFile cryptoRepoFile;
    private PermissionSet permissionSet;
    private RepoFileDtoConverter repoFileDtoConverter;
    private final List<CryptreeNode> children;
    private boolean childrenLoaded;
    private final Set<Permission> permissionsBeingCheckedNow;
    private final Set<Permission> permissionsAlreadyCheckedOk;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.subshare.local.CryptreeNode$1, reason: invalid class name */
    /* loaded from: input_file:org/subshare/local/CryptreeNode$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$subshare$core$dto$CryptoKeyType;
        static final /* synthetic */ int[] $SwitchMap$org$subshare$core$dto$PermissionType = new int[PermissionType.values().length];

        static {
            try {
                $SwitchMap$org$subshare$core$dto$PermissionType[PermissionType.grant.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$subshare$core$dto$PermissionType[PermissionType.write.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$subshare$core$dto$PermissionType[PermissionType.read.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$subshare$core$dto$PermissionType[PermissionType.readUserIdentity.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$subshare$core$dto$CryptoKeyType = new int[CryptoKeyType.values().length];
            try {
                $SwitchMap$org$subshare$core$dto$CryptoKeyType[CryptoKeyType.asymmetric.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$subshare$core$dto$CryptoKeyType[CryptoKeyType.symmetric.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public CryptreeNode(CryptreeContext cryptreeContext, RepoFile repoFile) {
        this(cryptreeContext, repoFile, null);
    }

    public CryptreeNode(CryptreeContext cryptreeContext, CryptoRepoFile cryptoRepoFile) {
        this(cryptreeContext, null, cryptoRepoFile);
    }

    private CryptreeNode(CryptreeContext cryptreeContext, RepoFile repoFile, CryptoRepoFile cryptoRepoFile) {
        this(null, null, cryptreeContext, repoFile, cryptoRepoFile);
    }

    public CryptreeNode(CryptreeNode cryptreeNode, CryptreeNode cryptreeNode2, CryptreeContext cryptreeContext, RepoFile repoFile, CryptoRepoFile cryptoRepoFile) {
        this.children = new ArrayList(0);
        this.childrenLoaded = false;
        this.permissionsBeingCheckedNow = new HashSet();
        this.permissionsAlreadyCheckedOk = new HashSet();
        if (cryptreeNode == null && cryptreeNode2 == null && cryptreeContext == null) {
            throw new IllegalArgumentException("parent == null && child == null && context == null");
        }
        if (repoFile == null && cryptoRepoFile == null) {
            throw new IllegalArgumentException("repoFile == null && cryptoRepoFile == null");
        }
        this.parent = cryptreeNode;
        this.context = cryptreeContext != null ? cryptreeContext : cryptreeNode != null ? cryptreeNode.getContext() : cryptreeNode2.getContext();
        this.repoFile = repoFile != null ? repoFile : cryptoRepoFile.getRepoFile();
        this.cryptoRepoFile = cryptoRepoFile;
        if (cryptreeNode2 != null) {
            this.children.add(cryptreeNode2);
        }
    }

    public CryptreeContext getContext() {
        return this.context;
    }

    public RepoFile getRepoFile() {
        if (this.repoFile == null) {
            this.repoFile = getCryptoRepoFile().getRepoFile();
            if (this.repoFile == null) {
                getRepoFileDto();
            } else {
                this.context.registerCryptreeNode(this.repoFile, this);
            }
        }
        return this.repoFile;
    }

    public RepoFileDto getRepoFileDto() throws AccessDeniedException {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        if (cryptoRepoFile == null) {
            return null;
        }
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(cryptoRepoFile.getCryptoKey());
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("The CryptoRepoFile with cryptoRepoFileId=%s could not be decrypted! Access rights missing?!", cryptoRepoFile.getCryptoRepoFileId()));
        }
        return (RepoFileDto) this.context.repoFileDtoIo.deserializeWithGz((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.decrypt(cryptoRepoFile.getRepoFileDtoData(), plainCryptoKeyForDecrypting), "decrypt(...)"));
    }

    public RepoFileDto getHistoCryptoRepoFileRepoFileDto(HistoCryptoRepoFile histoCryptoRepoFile) throws AccessDeniedException {
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile");
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(histoCryptoRepoFile.getCryptoKey());
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("The HistoCryptoRepoFile with histoCryptoRepoFileId=%s could not be decrypted! Access rights missing?!", histoCryptoRepoFile.getHistoCryptoRepoFileId()));
        }
        return (RepoFileDto) this.context.repoFileDtoIo.deserializeWithGz((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.decrypt(histoCryptoRepoFile.getRepoFileDtoData(), plainCryptoKeyForDecrypting), "decrypt(...)"));
    }

    public RepoFileDto getRepoFileDtoOnServer() throws AccessDeniedException {
        CurrentHistoCryptoRepoFile currentHistoCryptoRepoFile = getCurrentHistoCryptoRepoFile();
        if (currentHistoCryptoRepoFile == null) {
            return null;
        }
        HistoCryptoRepoFile histoCryptoRepoFile = currentHistoCryptoRepoFile.getHistoCryptoRepoFile();
        AssertUtil.assertNotNull(histoCryptoRepoFile, "currentHistoCryptoRepoFile.histoCryptoRepoFile");
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(histoCryptoRepoFile.getCryptoKey());
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("The HistoCryptoRepoFile with cryptoRepoFileId=%s could not be decrypted! Access rights missing?!", histoCryptoRepoFile.getCryptoRepoFile().getCryptoRepoFileId()));
        }
        return (RepoFileDto) this.context.repoFileDtoIo.deserializeWithGz((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.decrypt(histoCryptoRepoFile.getRepoFileDtoData(), plainCryptoKeyForDecrypting), "decrypt(...)"));
    }

    public CryptoRepoFile getCryptoRepoFile() {
        if (this.cryptoRepoFile == null) {
            if (this.repoFile == null) {
                throw new IllegalStateException("repoFile == null && cryptoRepoFile == null");
            }
            CryptoRepoFileDao cryptoRepoFileDao = (CryptoRepoFileDao) this.context.transaction.getDao(CryptoRepoFileDao.class);
            this.cryptoRepoFile = cryptoRepoFileDao.getCryptoRepoFile(this.repoFile);
            CryptreeNode parent = getParent();
            if (parent != null && this.cryptoRepoFile == null) {
                this.cryptoRepoFile = cryptoRepoFileDao.getChildCryptoRepoFile(parent.getCryptoRepoFile(), this.repoFile.getName());
            }
            if (this.cryptoRepoFile != null) {
                this.context.registerCryptreeNode(this.cryptoRepoFile, this);
            }
        }
        return this.cryptoRepoFile;
    }

    public CryptoRepoFile getCryptoRepoFileOrCreate(boolean z) {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        if (cryptoRepoFile == null || z) {
            CryptoRepoFileDao cryptoRepoFileDao = (CryptoRepoFileDao) this.context.transaction.getDao(CryptoRepoFileDao.class);
            if (cryptoRepoFile == null) {
                cryptoRepoFile = new CryptoRepoFile();
                cryptoRepoFile.setSignature(new SignatureDto(new Date(0L), new Uid(0L, 0L), new byte[]{7}));
            } else {
                cryptoRepoFile.setDeleted(null);
                cryptoRepoFile.setDeletedByIgnoreRule(false);
                deletePreliminaryDeletions();
            }
            cryptoRepoFile.setRepoFile((RepoFile) AssertUtil.assertNotNull(this.repoFile, "repoFile"));
            cryptoRepoFile.setDirectory(this.repoFile instanceof Directory);
            CryptoRepoFile cryptoRepoFile2 = (CryptoRepoFile) cryptoRepoFileDao.makePersistent(cryptoRepoFile);
            cryptoRepoFile = cryptoRepoFile2;
            this.cryptoRepoFile = cryptoRepoFile2;
            PlainCryptoKey activePlainCryptoKeyOrCreate = getActivePlainCryptoKeyOrCreate(CryptoKeyRole.dataKey, CipherOperationMode.ENCRYPT);
            cryptoRepoFile.setCryptoKey((CryptoKey) AssertUtil.assertNotNull(((PlainCryptoKey) AssertUtil.assertNotNull(activePlainCryptoKeyOrCreate, "plainCryptoKey")).getCryptoKey(), "plainCryptoKey.cryptoKey"));
            CryptreeNode parent = getParent();
            cryptoRepoFile.setParent(parent == null ? null : parent.getCryptoRepoFile());
            cryptoRepoFile.setRepoFileDtoData((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.encrypt(createRepoFileDtoDataForCryptoRepoFile(false), activePlainCryptoKeyOrCreate), "encrypt(...)"));
            cryptoRepoFile.setLastSyncFromRepositoryId(null);
            sign(cryptoRepoFile);
            this.context.transaction.flush();
            updateCryptoConfigPropSetIfConfigFile();
        }
        return cryptoRepoFile;
    }

    public CryptoConfigPropSet updateCryptoConfigPropSetIfConfigFile() {
        if (!Config.PROPERTIES_FILE_NAME_FOR_DIRECTORY.equals(((CryptoRepoFile) AssertUtil.assertNotNull(getCryptoRepoFile(), "cryptoRepoFile")).getLocalName())) {
            return null;
        }
        CryptreeNode cryptreeNode = (CryptreeNode) AssertUtil.assertNotNull(getParent(), "parent");
        CryptoRepoFile cryptoRepoFileOrCreate = cryptreeNode.getCryptoRepoFileOrCreate(false);
        CryptoConfigPropSetDao cryptoConfigPropSetDao = (CryptoConfigPropSetDao) this.context.transaction.getDao(CryptoConfigPropSetDao.class);
        CryptoConfigPropSet cryptoConfigPropSet = cryptoConfigPropSetDao.getCryptoConfigPropSet(cryptoRepoFileOrCreate);
        if (cryptoConfigPropSet == null) {
            cryptoConfigPropSet = new CryptoConfigPropSet(cryptoRepoFileOrCreate);
        }
        PlainCryptoKey activePlainCryptoKeyOrCreate = cryptreeNode.getActivePlainCryptoKeyOrCreate(CryptoKeyRole.dataKey, CipherOperationMode.ENCRYPT);
        cryptoConfigPropSet.setCryptoKey((CryptoKey) AssertUtil.assertNotNull(((PlainCryptoKey) AssertUtil.assertNotNull(activePlainCryptoKeyOrCreate, "plainCryptoKey")).getCryptoKey(), "plainCryptoKey.cryptoKey"));
        byte[] createConfigPropSetDtoDataFromFile = createConfigPropSetDtoDataFromFile();
        cryptoConfigPropSet.setConfigPropSetDtoData(createConfigPropSetDtoDataFromFile == null ? null : CryptreeNodeUtil.encrypt(createConfigPropSetDtoDataFromFile, activePlainCryptoKeyOrCreate));
        cryptoConfigPropSet.setLastSyncFromRepositoryId(null);
        cryptreeNode.sign(cryptoConfigPropSet);
        CryptoConfigPropSet cryptoConfigPropSet2 = (CryptoConfigPropSet) cryptoConfigPropSetDao.makePersistent(cryptoConfigPropSet);
        this.context.transaction.flush();
        return cryptoConfigPropSet2;
    }

    private byte[] createConfigPropSetDtoDataFromFile() {
        ConfigPropSetDto createConfigPropSetDtoFromFile = createConfigPropSetDtoFromFile();
        if (createConfigPropSetDtoFromFile == null) {
            return null;
        }
        return new ConfigPropSetDtoIo().serializeWithGz(createConfigPropSetDtoFromFile);
    }

    private ConfigPropSetDto createConfigPropSetDtoFromFile() {
        if (getCryptoRepoFile().getDeleted() != null) {
            return null;
        }
        File file = ((RepoFile) AssertUtil.assertNotNull(getRepoFile(), "repoFile")).getFile(this.context.transaction.getLocalRepoManager().getLocalRoot());
        if (!file.isFile()) {
            logger.warn("createConfigPropSetDtoFromFile: configFile not existing (deleted after local-sync?!): {}", file);
            return null;
        }
        try {
            return new ConfigPropSetDto(PropertiesUtil.load(file));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public CurrentHistoCryptoRepoFile getCurrentHistoCryptoRepoFile() {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        if (cryptoRepoFile == null) {
            return null;
        }
        return ((CurrentHistoCryptoRepoFileDao) this.context.transaction.getDao(CurrentHistoCryptoRepoFileDao.class)).getCurrentHistoCryptoRepoFile(cryptoRepoFile);
    }

    public HistoCryptoRepoFile createHistoCryptoRepoFileIfNeeded() {
        CryptoRepoFile cryptoRepoFileOrCreate = getCryptoRepoFileOrCreate(false);
        AssertUtil.assertNotNull(cryptoRepoFileOrCreate, "cryptoRepoFile");
        CurrentHistoCryptoRepoFileDao currentHistoCryptoRepoFileDao = (CurrentHistoCryptoRepoFileDao) this.context.transaction.getDao(CurrentHistoCryptoRepoFileDao.class);
        HistoCryptoRepoFileDao histoCryptoRepoFileDao = (HistoCryptoRepoFileDao) this.context.transaction.getDao(HistoCryptoRepoFileDao.class);
        HistoFrame unsealedHistoFrameOrFail = ((HistoFrameDao) this.context.transaction.getDao(HistoFrameDao.class)).getUnsealedHistoFrameOrFail(this.context.localRepositoryId);
        CurrentHistoCryptoRepoFile currentHistoCryptoRepoFile = currentHistoCryptoRepoFileDao.getCurrentHistoCryptoRepoFile(cryptoRepoFileOrCreate);
        if (currentHistoCryptoRepoFile == null) {
            currentHistoCryptoRepoFile = new CurrentHistoCryptoRepoFile();
            currentHistoCryptoRepoFile.setCryptoRepoFile(cryptoRepoFileOrCreate);
        }
        HistoCryptoRepoFile histoCryptoRepoFile = currentHistoCryptoRepoFile.getHistoCryptoRepoFile();
        HistoCryptoRepoFile histoCryptoRepoFile2 = null;
        for (HistoCryptoRepoFile histoCryptoRepoFile3 : histoCryptoRepoFileDao.getHistoCryptoRepoFiles(cryptoRepoFileOrCreate)) {
            if (unsealedHistoFrameOrFail.equals(histoCryptoRepoFile3.getHistoFrame())) {
                histoCryptoRepoFile2 = histoCryptoRepoFile3;
            }
        }
        if (histoCryptoRepoFile2 == null) {
            HistoCryptoRepoFile histoCryptoRepoFile4 = new HistoCryptoRepoFile();
            histoCryptoRepoFile4.setCryptoRepoFile(cryptoRepoFileOrCreate);
            histoCryptoRepoFile4.setPreviousHistoCryptoRepoFile(histoCryptoRepoFile);
            histoCryptoRepoFile4.setHistoFrame(unsealedHistoFrameOrFail);
            Date deleted = cryptoRepoFileOrCreate.getDeleted();
            histoCryptoRepoFile4.setDeleted(deleted);
            histoCryptoRepoFile4.setDeletedByIgnoreRule(cryptoRepoFileOrCreate.isDeletedByIgnoreRule());
            PlainCryptoKey activePlainCryptoKeyOrCreate = getActivePlainCryptoKeyOrCreate(CryptoKeyRole.dataKey, CipherOperationMode.ENCRYPT);
            CryptoKey cryptoKey = ((PlainCryptoKey) AssertUtil.assertNotNull(activePlainCryptoKeyOrCreate, "plainCryptoKey")).getCryptoKey();
            histoCryptoRepoFile4.setCryptoKey((CryptoKey) AssertUtil.assertNotNull(cryptoKey, "plainCryptoKey.cryptoKey"));
            if (!cryptoKey.equals(cryptoRepoFileOrCreate.getCryptoKey())) {
                throw new IllegalStateException(String.format("cryptoKey != cryptoRepoFile.cryptoKey :: %s != %s", cryptoKey, cryptoRepoFileOrCreate.getCryptoKey()));
            }
            histoCryptoRepoFile4.setRepoFileDtoData((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.encrypt(deleted != null ? this.context.repoFileDtoIo.serializeWithGz(AssertUtil.assertNotNull(getRepoFileDto(), "getRepoFileDto()")) : createRepoFileDtoDataForCryptoRepoFile(true), activePlainCryptoKeyOrCreate), "encrypt(...)"));
            histoCryptoRepoFile4.setLastSyncFromRepositoryId(null);
            sign(histoCryptoRepoFile4);
            histoCryptoRepoFile2 = (HistoCryptoRepoFile) histoCryptoRepoFileDao.makePersistent(histoCryptoRepoFile4);
        }
        currentHistoCryptoRepoFile.setHistoCryptoRepoFile(histoCryptoRepoFile2);
        currentHistoCryptoRepoFile.setLastSyncFromRepositoryId(null);
        sign(currentHistoCryptoRepoFile);
        currentHistoCryptoRepoFileDao.makePersistent(currentHistoCryptoRepoFile);
        updatePlainHistoCryptoRepoFile(histoCryptoRepoFile2);
        this.context.transaction.flush();
        return histoCryptoRepoFile2;
    }

    public Collision createCollisionIfNeeded(CryptoRepoFile cryptoRepoFile, String str, boolean z) {
        LocalRepoTransaction localRepoTransaction = this.context.transaction;
        CryptoRepoFile cryptoRepoFile2 = getCryptoRepoFile();
        CollisionDao collisionDao = (CollisionDao) localRepoTransaction.getDao(CollisionDao.class);
        Collection<HistoCryptoRepoFile> histoCryptoRepoFiles = ((HistoCryptoRepoFileDao) localRepoTransaction.getDao(HistoCryptoRepoFileDao.class)).getHistoCryptoRepoFiles(cryptoRepoFile2);
        HistoCryptoRepoFile lastHistoCryptoRepoFile = getLastHistoCryptoRepoFile(histoCryptoRepoFiles, false);
        HistoCryptoRepoFile lastHistoCryptoRepoFile2 = getLastHistoCryptoRepoFile(histoCryptoRepoFiles, true);
        if (lastHistoCryptoRepoFile != null) {
            if (lastHistoCryptoRepoFile.getHistoFrame().getSealed() != null && !z) {
                throw new IllegalStateException("Why is the local HistoFrame already sealed?!???!!!");
            }
            if (lastHistoCryptoRepoFile.getHistoFrame().getSealed() == null && z) {
                throw new IllegalStateException("Why is the local HistoFrame not yet sealed?!???!!!");
            }
        }
        HistoCryptoRepoFile histoCryptoRepoFile = lastHistoCryptoRepoFile;
        HistoCryptoRepoFile histoCryptoRepoFile2 = lastHistoCryptoRepoFile2;
        if (histoCryptoRepoFile == null) {
            histoCryptoRepoFile = histoCryptoRepoFile2;
            histoCryptoRepoFile2 = null;
        }
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile1", "cryptoRepoFile=%s duplicateCryptoRepoFile=%s localPath=%s localHistoCryptoRepoFile=%s remoteHistoCryptoRepoFile=%s", new Object[]{cryptoRepoFile2, cryptoRepoFile, str, lastHistoCryptoRepoFile, lastHistoCryptoRepoFile2});
        if (cryptoRepoFile != null) {
            if (cryptoRepoFile.getCryptoRepoFileId().equals(getCryptoRepoFileId(histoCryptoRepoFile))) {
                histoCryptoRepoFile = histoCryptoRepoFile2;
                histoCryptoRepoFile2 = null;
            } else if (histoCryptoRepoFile2 == null || cryptoRepoFile.getCryptoRepoFileId().equals(getCryptoRepoFileId(histoCryptoRepoFile2))) {
                histoCryptoRepoFile2 = null;
            } else {
                if (histoCryptoRepoFile.getSignature().getSignatureCreated().before(histoCryptoRepoFile2.getSignature().getSignatureCreated())) {
                    histoCryptoRepoFile = histoCryptoRepoFile2;
                }
                histoCryptoRepoFile2 = null;
            }
            if (cryptoRepoFile.getCryptoRepoFileId().equals(getCryptoRepoFileId(histoCryptoRepoFile))) {
                throw new IllegalStateException("duplicateCryptoRepoFile matches histoCryptoRepoFile1!\nduplicateCryptoRepoFile=" + cryptoRepoFile + "\nhistoCryptoRepoFile1=" + histoCryptoRepoFile + "\nhistoCryptoRepoFile2=" + histoCryptoRepoFile2);
            }
        } else {
            AssertUtil.assertNotNull(histoCryptoRepoFile2, "histoCryptoRepoFile2");
        }
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile1");
        Uid cryptoRepoFileId = cryptoRepoFile == null ? null : cryptoRepoFile.getCryptoRepoFileId();
        Collision collision = collisionDao.getCollision(histoCryptoRepoFile, histoCryptoRepoFile2, cryptoRepoFileId);
        if (collision == null) {
            Collision collision2 = new Collision();
            collision2.setHistoCryptoRepoFile1(histoCryptoRepoFile);
            collision2.setHistoCryptoRepoFile2(histoCryptoRepoFile2);
            collision2.setDuplicateCryptoRepoFileId(cryptoRepoFileId);
            putCollisionPrivateDto(collision2, new CollisionPrivateDto());
            collision = (Collision) collisionDao.makePersistent(collision2);
            logger.info("createCollisionIfNeeded: localPath='{}' histoCryptoRepoFile1={} histoCryptoRepoFile2={} duplicateCryptoRepoFileId={} localRevision={}", new Object[]{str, histoCryptoRepoFile, histoCryptoRepoFile2, cryptoRepoFileId, Long.valueOf(collision.getLocalRevision())});
        }
        updateCollisionPrivate(collision);
        this.context.transaction.flush();
        return collision;
    }

    public void putCollisionPrivateDto(Collision collision, CollisionPrivateDto collisionPrivateDto) {
        AssertUtil.assertNotNull(collision, "collision");
        AssertUtil.assertNotNull(collisionPrivateDto, "collisionPrivateDto");
        if (collisionPrivateDto.getCollisionId() == null) {
            collisionPrivateDto.setCollisionId(collision.getCollisionId());
        } else if (!collisionPrivateDto.getCollisionId().equals(collision.getCollisionId())) {
            throw new IllegalArgumentException("collisionPrivateDto.collisionId != collision.collisionId");
        }
        PlainCryptoKey activePlainCryptoKeyOrCreate = getActivePlainCryptoKeyOrCreate(CryptoKeyRole.dataKey, CipherOperationMode.ENCRYPT);
        collision.setCryptoKey((CryptoKey) AssertUtil.assertNotNull(((PlainCryptoKey) AssertUtil.assertNotNull(activePlainCryptoKeyOrCreate, "plainCryptoKey")).getCryptoKey(), "plainCryptoKey.cryptoKey"));
        collision.setCollisionPrivateDtoData((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.encrypt(this.context.collisionPrivateDtoIo.serializeWithGz(collisionPrivateDto), activePlainCryptoKeyOrCreate), "encrypt(...)"));
        sign(collision);
        updateCollisionPrivate(collision);
    }

    public CollisionPrivateDto getCollisionPrivateDto(Collision collision) {
        AssertUtil.assertNotNull(collision, "collision");
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(collision.getCryptoKey());
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("The Collision with collisionId=%s could not be decrypted! Access rights missing?!", collision.getCollisionId()));
        }
        return (CollisionPrivateDto) this.context.collisionPrivateDtoIo.deserializeWithGz((byte[]) AssertUtil.assertNotNull(CryptreeNodeUtil.decrypt(collision.getCollisionPrivateDtoData(), plainCryptoKeyForDecrypting), "decrypt(...)"));
    }

    private static Uid getCryptoRepoFileId(HistoCryptoRepoFile histoCryptoRepoFile) {
        if (histoCryptoRepoFile == null) {
            return null;
        }
        return histoCryptoRepoFile.getCryptoRepoFile().getCryptoRepoFileId();
    }

    private HistoCryptoRepoFile getLastHistoCryptoRepoFile(Collection<HistoCryptoRepoFile> collection, boolean z) {
        AssertUtil.assertNotNull(collection, "histoCryptoRepoFiles");
        UUID repositoryId = this.context.transaction.getLocalRepoManager().getRepositoryId();
        HistoCryptoRepoFile histoCryptoRepoFile = null;
        for (HistoCryptoRepoFile histoCryptoRepoFile2 : collection) {
            HistoFrame histoFrame = histoCryptoRepoFile2.getHistoFrame();
            if (z) {
                if (!repositoryId.equals(histoFrame.getFromRepositoryId())) {
                    if (histoCryptoRepoFile != null || histoCryptoRepoFile.getSignature().getSignatureCreated().compareTo(histoCryptoRepoFile2.getSignature().getSignatureCreated()) < 0) {
                        histoCryptoRepoFile = histoCryptoRepoFile2;
                    }
                }
            } else if (repositoryId.equals(histoFrame.getFromRepositoryId())) {
                if (histoCryptoRepoFile != null) {
                }
                histoCryptoRepoFile = histoCryptoRepoFile2;
            }
        }
        return histoCryptoRepoFile;
    }

    public CollisionPrivate updateCollisionPrivate(Collision collision) {
        AssertUtil.assertNotNull(collision, "collision");
        if (!getCryptoRepoFile().equals(collision.getHistoCryptoRepoFile1().getCryptoRepoFile())) {
            throw new IllegalArgumentException("this.cryptoRepoFile != collision.histoCryptoRepoFile1.cryptoRepoFile");
        }
        CollisionPrivateDao collisionPrivateDao = (CollisionPrivateDao) getContext().transaction.getDao(CollisionPrivateDao.class);
        CollisionPrivate collisionPrivate = collisionPrivateDao.getCollisionPrivate(collision);
        CollisionPrivateDto tryDecryptCollisionPrivateDto = tryDecryptCollisionPrivateDto(collision);
        if (tryDecryptCollisionPrivateDto != null) {
            collisionPrivate = CollisionPrivateDtoConverter.create(getContext().transaction).putCollisionPrivateDto(collision, tryDecryptCollisionPrivateDto);
        } else if (collisionPrivate != null) {
            collisionPrivateDao.deletePersistent(collisionPrivate);
        }
        updatePlainHistoCryptoRepoFile(collision.getHistoCryptoRepoFile1());
        if (collision.getHistoCryptoRepoFile2() != null) {
            getContext().getCryptreeNodeOrCreate(collision.getHistoCryptoRepoFile2().getCryptoRepoFile().getCryptoRepoFileId()).updatePlainHistoCryptoRepoFile(collision.getHistoCryptoRepoFile2());
        }
        return collisionPrivate;
    }

    public PlainHistoCryptoRepoFile updatePlainHistoCryptoRepoFile(HistoCryptoRepoFile histoCryptoRepoFile) {
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile");
        PlainHistoCryptoRepoFileDao plainHistoCryptoRepoFileDao = (PlainHistoCryptoRepoFileDao) getContext().transaction.getDao(PlainHistoCryptoRepoFileDao.class);
        PlainHistoCryptoRepoFile plainHistoCryptoRepoFile = plainHistoCryptoRepoFileDao.getPlainHistoCryptoRepoFile(histoCryptoRepoFile);
        if (plainHistoCryptoRepoFile == null) {
            plainHistoCryptoRepoFile = new PlainHistoCryptoRepoFile();
            plainHistoCryptoRepoFile.setHistoCryptoRepoFile(histoCryptoRepoFile);
        }
        plainHistoCryptoRepoFile.setPlainHistoCryptoRepoFileDto(createPlainHistoCryptoRepoFileDto(histoCryptoRepoFile));
        return (PlainHistoCryptoRepoFile) plainHistoCryptoRepoFileDao.makePersistent(plainHistoCryptoRepoFile);
    }

    private PlainHistoCryptoRepoFileDto createPlainHistoCryptoRepoFileDto(HistoCryptoRepoFile histoCryptoRepoFile) {
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile");
        HistoCryptoRepoFileDtoConverter create = HistoCryptoRepoFileDtoConverter.create(getContext().transaction);
        PlainHistoCryptoRepoFileDto plainHistoCryptoRepoFileDto = new PlainHistoCryptoRepoFileDto();
        plainHistoCryptoRepoFileDto.setHistoCryptoRepoFileDto(create.toHistoCryptoRepoFileDto(histoCryptoRepoFile));
        plainHistoCryptoRepoFileDto.setCryptoRepoFileId(histoCryptoRepoFile.getCryptoRepoFile().getCryptoRepoFileId());
        CryptoRepoFile parent = histoCryptoRepoFile.getCryptoRepoFile().getParent();
        plainHistoCryptoRepoFileDto.setParentCryptoRepoFileId(parent == null ? null : parent.getCryptoRepoFileId());
        plainHistoCryptoRepoFileDto.setRepoFileDto(tryDecryptHistoCryptoRepoFile(histoCryptoRepoFile));
        if (histoCryptoRepoFile.getDeleted() != null) {
            plainHistoCryptoRepoFileDto.setAction(PlainHistoCryptoRepoFileDto.Action.DELETE);
        } else if (histoCryptoRepoFile.getPreviousHistoCryptoRepoFile() == null || histoCryptoRepoFile.getPreviousHistoCryptoRepoFile().getDeleted() != null) {
            plainHistoCryptoRepoFileDto.setAction(PlainHistoCryptoRepoFileDto.Action.ADD);
        } else {
            plainHistoCryptoRepoFileDto.setAction(PlainHistoCryptoRepoFileDto.Action.MODIFY);
        }
        populateCollisionDtos(plainHistoCryptoRepoFileDto, histoCryptoRepoFile);
        return plainHistoCryptoRepoFileDto;
    }

    private void populateCollisionDtos(PlainHistoCryptoRepoFileDto plainHistoCryptoRepoFileDto, HistoCryptoRepoFile histoCryptoRepoFile) {
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile");
        CollisionDao collisionDao = (CollisionDao) getContext().transaction.getDao(CollisionDao.class);
        CollisionPrivateDao collisionPrivateDao = (CollisionPrivateDao) getContext().transaction.getDao(CollisionPrivateDao.class);
        CollisionDtoConverter create = CollisionDtoConverter.create(getContext().transaction);
        CollisionPrivateDtoConverter create2 = CollisionPrivateDtoConverter.create(getContext().transaction);
        CollisionFilter collisionFilter = new CollisionFilter();
        collisionFilter.setHistoCryptoRepoFileId(histoCryptoRepoFile.getHistoCryptoRepoFileId());
        for (Collision collision : collisionDao.getCollisions(collisionFilter)) {
            plainHistoCryptoRepoFileDto.getCollisionDtos().add(create.toCollisionDto(collision));
            CollisionPrivate collisionPrivate = collisionPrivateDao.getCollisionPrivate(collision);
            if (collisionPrivate != null) {
                plainHistoCryptoRepoFileDto.getCollisionPrivateDtos().add(create2.toCollisionPrivateDto(collisionPrivate));
            }
        }
    }

    private RepoFileDto tryDecryptHistoCryptoRepoFile(HistoCryptoRepoFile histoCryptoRepoFile) {
        AssertUtil.assertNotNull(histoCryptoRepoFile, "histoCryptoRepoFile");
        RepoFileDto repoFileDto = null;
        try {
            repoFileDto = getHistoCryptoRepoFileRepoFileDto(histoCryptoRepoFile);
        } catch (ReadAccessDeniedException e) {
            if (logger.isDebugEnabled()) {
                logger.info("tryDecryptHistoCryptoRepoFile: " + e, e);
            } else {
                logger.info("tryDecryptHistoCryptoRepoFile: " + e);
            }
        }
        return repoFileDto;
    }

    private CollisionPrivateDto tryDecryptCollisionPrivateDto(Collision collision) {
        AssertUtil.assertNotNull(collision, "collision");
        CollisionPrivateDto collisionPrivateDto = null;
        try {
            collisionPrivateDto = getCollisionPrivateDto(collision);
        } catch (ReadAccessDeniedException e) {
            if (logger.isDebugEnabled()) {
                logger.info("tryDecryptCollisionPrivateDto: " + e, e);
            } else {
                logger.info("tryDecryptCollisionPrivateDto: " + e);
            }
        }
        return collisionPrivateDto;
    }

    private void grantReadPermission(UserRepoKey.PublicKey publicKey) {
        AssertUtil.assertNotNull(publicKey, "publicKey");
        if (containsFromUserRepoKeyId(((CryptoLinkDao) this.context.transaction.getDao(CryptoLinkDao.class)).getActiveCryptoLinks(getCryptoRepoFileOrCreate(false), CryptoKeyRole.clearanceKey, CryptoKeyPart.privateKey), Collections.singleton(publicKey.getUserRepoKeyId()))) {
            return;
        }
        CryptreeNodeUtil.createCryptoLink(this, getUserRepoKeyPublicKeyOrCreate(publicKey), getActivePlainCryptoKeyOrCreate(CryptoKeyRole.clearanceKey, CipherOperationMode.DECRYPT));
    }

    private RepoFileDtoConverter getRepoFileDtoConverter() {
        if (this.repoFileDtoConverter == null) {
            this.repoFileDtoConverter = RepoFileDtoConverter.create(this.context.transaction);
        }
        this.repoFileDtoConverter.setExcludeLocalIds(false);
        this.repoFileDtoConverter.setExcludeMutableData(false);
        return this.repoFileDtoConverter;
    }

    private byte[] createRepoFileDtoDataForCryptoRepoFile(boolean z) {
        RepoFileDtoConverter repoFileDtoConverter = getRepoFileDtoConverter();
        repoFileDtoConverter.setExcludeLocalIds(true);
        repoFileDtoConverter.setExcludeMutableData(!z);
        SsRepoFileDto repoFileDto = repoFileDtoConverter.toRepoFileDto(this.repoFile, z ? Integer.MAX_VALUE : 0);
        repoFileDto.setParentName((String) null);
        if (repoFileDto.getSignature() != null) {
            throw new IllegalStateException("repoFileDto.signature != null");
        }
        if (this.cryptoRepoFile.getLocalName() == null || this.repoFile.getParent() != null) {
            this.cryptoRepoFile.setLocalName(repoFileDto.getName());
        } else {
            repoFileDto.setName(this.cryptoRepoFile.getLocalName());
        }
        return this.context.repoFileDtoIo.serializeWithGz(repoFileDto);
    }

    private void revokeReadPermission(Set<Uid> set) {
        CryptoRepoFile cryptoRepoFile;
        AssertUtil.assertNotNull(set, "userRepoKeyIds");
        if (set.isEmpty() || (cryptoRepoFile = getCryptoRepoFile()) == null) {
            return;
        }
        CryptoLinkDao cryptoLinkDao = (CryptoLinkDao) this.context.transaction.getDao(CryptoLinkDao.class);
        Collection<CryptoLink> activeCryptoLinks = cryptoLinkDao.getActiveCryptoLinks(cryptoRepoFile, CryptoKeyRole.clearanceKey, CryptoKeyPart.privateKey);
        if (containsFromUserRepoKeyId(activeCryptoLinks, set)) {
            HashSet hashSet = new HashSet();
            Iterator<CryptoLink> it = activeCryptoLinks.iterator();
            while (it.hasNext()) {
                deactivateCryptoKeyAndDescendants(it.next().getToCryptoKey(), hashSet);
            }
            this.context.transaction.flush();
            PlainCryptoKey plainCryptoKey = null;
            Iterator<CryptoLink> it2 = activeCryptoLinks.iterator();
            while (it2.hasNext()) {
                UserRepoKeyPublicKey fromUserRepoKeyPublicKey = it2.next().getFromUserRepoKeyPublicKey();
                Uid userRepoKeyId = fromUserRepoKeyPublicKey == null ? null : fromUserRepoKeyPublicKey.getUserRepoKeyId();
                if (userRepoKeyId != null && !set.contains(userRepoKeyId)) {
                    if (plainCryptoKey == null) {
                        plainCryptoKey = getActivePlainCryptoKeyOrCreate(CryptoKeyRole.clearanceKey, CipherOperationMode.DECRYPT);
                    }
                    if (fromUserRepoKeyPublicKey == null || cryptoLinkDao.getActiveCryptoLinks(cryptoRepoFile, CryptoKeyRole.clearanceKey, CryptoKeyPart.privateKey, fromUserRepoKeyPublicKey).isEmpty()) {
                        CryptreeNodeUtil.createCryptoLink(this, fromUserRepoKeyPublicKey, plainCryptoKey);
                    }
                }
            }
            if (plainCryptoKey != null) {
                createBacklinkKeyForFile();
            }
            createSubdirKeyAndBacklinkKeyIfNeededChildrenRecursively();
        }
    }

    private void createBacklinkKeyForFile() {
        if (isDirectory()) {
            return;
        }
        getActivePlainCryptoKeyOrCreate(CryptoKeyRole.backlinkKey, CipherOperationMode.DECRYPT);
    }

    private void deactivateCryptoKeyAndDescendants(CryptoKey cryptoKey, Set<CryptoKey> set) {
        if (set.add(cryptoKey)) {
            if (cryptoKey.getCryptoKeyDeactivation() == null) {
                deactivateCryptoKey(cryptoKey);
            }
            Iterator<CryptoLink> it = cryptoKey.getOutCryptoLinks().iterator();
            while (it.hasNext()) {
                deactivateCryptoKeyAndDescendants(it.next().getToCryptoKey(), set);
            }
        }
    }

    private void deactivateCryptoKey(CryptoKey cryptoKey) {
        CryptoKeyDeactivation cryptoKeyDeactivation = new CryptoKeyDeactivation();
        cryptoKeyDeactivation.setCryptoKey(cryptoKey);
        sign(cryptoKeyDeactivation);
        cryptoKey.setCryptoKeyDeactivation(cryptoKeyDeactivation);
        cryptoKey.setLastSyncFromRepositoryId(null);
    }

    private void createSubdirKeyAndBacklinkKeyIfNeededChildrenRecursively() {
        if (isDirectory()) {
            getActivePlainCryptoKeyOrCreate(CryptoKeyRole.subdirKey, CipherOperationMode.DECRYPT);
            getActivePlainCryptoKeyOrCreate(CryptoKeyRole.backlinkKey, CipherOperationMode.DECRYPT);
            Iterator<CryptreeNode> it = getChildren().iterator();
            while (it.hasNext()) {
                it.next().createSubdirKeyAndBacklinkKeyIfNeededChildrenRecursively();
            }
        }
    }

    private boolean containsFromUserRepoKeyId(Collection<CryptoLink> collection, Set<Uid> set) {
        AssertUtil.assertNotNull(collection, "cryptoLinks");
        AssertUtil.assertNotNull(set, "fromUserRepoKeyIds");
        Iterator<CryptoLink> it = collection.iterator();
        while (it.hasNext()) {
            UserRepoKeyPublicKey fromUserRepoKeyPublicKey = it.next().getFromUserRepoKeyPublicKey();
            Uid userRepoKeyId = fromUserRepoKeyPublicKey == null ? null : fromUserRepoKeyPublicKey.getUserRepoKeyId();
            if (userRepoKeyId != null && set.contains(userRepoKeyId)) {
                return true;
            }
        }
        return false;
    }

    public Collection<CryptreeNode> getChildren() {
        if (!this.childrenLoaded) {
            if (this.cryptoRepoFile != null) {
                Iterator<CryptoRepoFile> it = ((CryptoRepoFileDao) this.context.transaction.getDao(CryptoRepoFileDao.class)).getChildCryptoRepoFiles(this.cryptoRepoFile).iterator();
                while (it.hasNext()) {
                    this.children.add(this.context.getCryptreeNodeOrCreate(this, null, null, it.next()));
                }
            } else {
                if (this.repoFile == null) {
                    throw new IllegalStateException("repoFile == null && cryptoRepoFile == null");
                }
                Iterator it2 = ((RepoFileDao) this.context.transaction.getDao(RepoFileDao.class)).getChildRepoFiles(this.repoFile).iterator();
                while (it2.hasNext()) {
                    this.children.add(this.context.getCryptreeNodeOrCreate(this, null, (RepoFile) it2.next(), null));
                }
            }
            this.childrenLoaded = true;
        }
        return Collections.unmodifiableList(this.children);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isDirectory() {
        return this.repoFile != null ? this.repoFile instanceof Directory : this.cryptoRepoFile.isDirectory();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PlainCryptoKey getActivePlainCryptoKey(CryptoKeyRole cryptoKeyRole, CipherOperationMode cipherOperationMode) {
        AssertUtil.assertNotNull(cryptoKeyRole, "toCryptoKeyRole");
        AssertUtil.assertNotNull(cipherOperationMode, "cipherOperationMode");
        logger.debug("getActivePlainCryptoKey: cryptoRepoFile={} repoFile={} toCryptoKeyRole={} cipherOperationMode={}", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoKeyRole, cipherOperationMode});
        CryptoLinkDao cryptoLinkDao = (CryptoLinkDao) this.context.transaction.getDao(CryptoLinkDao.class);
        for (CryptoKeyPart cryptoKeyPart : cryptoKeyRole.getCryptoKeyParts(cipherOperationMode)) {
            PlainCryptoKey plainCryptoKey = getPlainCryptoKey(cryptoLinkDao.getActiveCryptoLinks(getCryptoRepoFile(), cryptoKeyRole, cryptoKeyPart), cryptoKeyPart);
            if (plainCryptoKey != null) {
                return plainCryptoKey;
            }
        }
        return null;
    }

    public PlainCryptoKey getPlainCryptoKeyForDecrypting(CryptoKey cryptoKey) {
        AssertUtil.assertNotNull(cryptoKey, "cryptoKey");
        logger.debug("getPlainCryptoKeyForDecrypting: cryptoRepoFile={} repoFile={} cryptoKey={}", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoKey});
        return getPlainCryptoKey(cryptoKey.getInCryptoLinks(), getCryptoKeyPartForDecrypting(cryptoKey));
    }

    private PlainCryptoKey getPlainCryptoKey(Collection<CryptoLink> collection, CryptoKeyPart cryptoKeyPart) {
        CryptoKey fromCryptoKey;
        AssertUtil.assertNotNull(collection, "cryptoLinks");
        AssertUtil.assertNotNull(cryptoKeyPart, "toCryptoKeyPart");
        for (CryptoLink cryptoLink : collection) {
            if (cryptoKeyPart == cryptoLink.getToCryptoKeyPart()) {
                UserRepoKeyPublicKey fromUserRepoKeyPublicKey = cryptoLink.getFromUserRepoKeyPublicKey();
                if (fromUserRepoKeyPublicKey != null) {
                    logger.debug("getPlainCryptoKey: >>> cryptoRepoFile={} repoFile={} cryptoLink={} fromUserRepoKeyPublicKey={}", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink, fromUserRepoKeyPublicKey});
                    UserRepoKey userRepoKey = this.context.userRepoKeyRing.getUserRepoKey(fromUserRepoKeyPublicKey.getUserRepoKeyId());
                    if (userRepoKey != null) {
                        logger.debug("getPlainCryptoKey: <<< cryptoRepoFile={} repoFile={} cryptoLink={} fromUserRepoKeyPublicKey={}: DECRYPTED!", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink, fromUserRepoKeyPublicKey});
                        return new PlainCryptoKey(cryptoLink.getToCryptoKey(), cryptoLink.getToCryptoKeyPart(), CryptreeNodeUtil.decryptLarge(cryptoLink.getToCryptoKeyData(), userRepoKey));
                    }
                    logger.debug("getPlainCryptoKey: <<< cryptoRepoFile={} repoFile={} cryptoLink={} fromUserRepoKeyPublicKey={}: FAILED TO DECRYPT!", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink, fromUserRepoKeyPublicKey});
                } else if (cryptoLink.getFromCryptoKey() == null) {
                    logger.debug("getPlainCryptoKey: *** cryptoRepoFile={} repoFile={} cryptoLink={}: PLAIN!", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink});
                    return new PlainCryptoKey(cryptoLink.getToCryptoKey(), cryptoLink.getToCryptoKeyPart(), cryptoLink.getToCryptoKeyData());
                }
            }
        }
        for (CryptoLink cryptoLink2 : collection) {
            if (cryptoKeyPart == cryptoLink2.getToCryptoKeyPart() && (fromCryptoKey = cryptoLink2.getFromCryptoKey()) != null) {
                logger.debug("getPlainCryptoKey: >>> cryptoRepoFile={} repoFile={} cryptoLink={} fromCryptoKey={}", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink2, fromCryptoKey});
                PlainCryptoKey plainCryptoKey = getPlainCryptoKey(fromCryptoKey.getInCryptoLinks(), getCryptoKeyPartForDecrypting(fromCryptoKey));
                if (plainCryptoKey != null) {
                    logger.debug("getPlainCryptoKey: <<< cryptoRepoFile={} repoFile={} cryptoLink={} fromCryptoKey={}: DECRYPTED!", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink2, fromCryptoKey});
                    return new PlainCryptoKey(cryptoLink2.getToCryptoKey(), cryptoLink2.getToCryptoKeyPart(), CryptreeNodeUtil.decrypt(cryptoLink2.getToCryptoKeyData(), plainCryptoKey));
                }
                logger.debug("getPlainCryptoKey: <<< cryptoRepoFile={} repoFile={} cryptoLink={} fromCryptoKey={}: FAILED TO DECRYPT!", new Object[]{this.cryptoRepoFile, this.repoFile, cryptoLink2, fromCryptoKey});
            }
        }
        return null;
    }

    private CryptoKeyPart getCryptoKeyPartForDecrypting(CryptoKey cryptoKey) {
        switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$CryptoKeyType[cryptoKey.getCryptoKeyType().ordinal()]) {
            case 1:
                return CryptoKeyPart.privateKey;
            case 2:
                return CryptoKeyPart.sharedSecret;
            default:
                throw new IllegalStateException("Unknown cryptoKey.cryptoKeyType: " + cryptoKey.getCryptoKeyType());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PlainCryptoKey getActivePlainCryptoKeyOrCreate(CryptoKeyRole cryptoKeyRole, CipherOperationMode cipherOperationMode) {
        AssertUtil.assertNotNull(cryptoKeyRole, "toCryptoKeyRole");
        AssertUtil.assertNotNull(cipherOperationMode, "cipherOperationMode");
        PlainCryptoKey activePlainCryptoKey = getActivePlainCryptoKey(cryptoKeyRole, cipherOperationMode);
        if (activePlainCryptoKey == null) {
            Class<? extends PlainCryptoKeyFactory> cls = cryptoKeyRole2PlainCryptoKeyFactory.get(cryptoKeyRole);
            AssertUtil.assertNotNull(cls, String.format("cryptoKeyRole2PlainCryptoKeyFactory[%s]", cryptoKeyRole));
            try {
                PlainCryptoKeyFactory newInstance = cls.newInstance();
                newInstance.setCryptreeNode(this);
                newInstance.setCipherOperationMode(cipherOperationMode);
                PlainCryptoKey createPlainCryptoKey = newInstance.createPlainCryptoKey();
                AssertUtil.assertNotNull(createPlainCryptoKey, cls.getName() + ".createPlainCryptoKey()");
                if (createPlainCryptoKey.getCryptoKey().getCryptoKeyRole() != cryptoKeyRole) {
                    throw new IllegalStateException(String.format("plainCryptoKey.cryptoKey.cryptoKeyRole != toCryptoKeyRole :: %s != %s", createPlainCryptoKey.getCryptoKey().getCryptoKeyRole(), cryptoKeyRole));
                }
                activePlainCryptoKey = new PlainCryptoKey((CryptoKey) ((CryptoKeyDao) this.context.transaction.getDao(CryptoKeyDao.class)).makePersistent(createPlainCryptoKey.getCryptoKey()), createPlainCryptoKey.getCryptoKeyPart(), createPlainCryptoKey.getCipherParameters());
            } catch (Exception e) {
                throw new RuntimeException(String.format("Creating new instance of class %s failed: %s", cls.getName(), e), e);
            }
        }
        return activePlainCryptoKey;
    }

    public DataKey getDataKeyOrFail() {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        AssertUtil.assertNotNull(cryptoRepoFile, "cryptoRepoFile");
        return getDataKeyOrFail(cryptoRepoFile.getCryptoKey());
    }

    public DataKey getDataKeyOrFail(Uid uid) {
        AssertUtil.assertNotNull(uid, "cryptoKeyId");
        return getDataKeyOrFail(((CryptoKeyDao) this.context.transaction.getDao(CryptoKeyDao.class)).getCryptoKeyOrFail(uid));
    }

    protected DataKey getDataKeyOrFail(CryptoKey cryptoKey) {
        AssertUtil.assertNotNull(cryptoKey, "cryptoKey");
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(cryptoKey);
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("Cannot decrypt dataKey for cryptoKeyID=%s (cryptoRepoFileId=%s)!", cryptoKey.getCryptoKeyId(), cryptoKey.getCryptoRepoFile().getCryptoRepoFileId()));
        }
        AssertUtil.assertNotNull(plainCryptoKeyForDecrypting.getCryptoKey(), "plainCryptoKey.cryptoKey");
        if (CryptoKeyRole.dataKey != plainCryptoKeyForDecrypting.getCryptoKey().getCryptoKeyRole()) {
            throw new IllegalStateException("CryptoKeyRole.dataKey != plainCryptoKey.getCryptoKey().getCryptoKeyRole()");
        }
        if (CryptoKeyPart.sharedSecret != plainCryptoKeyForDecrypting.getCryptoKeyPart()) {
            throw new IllegalStateException("CryptoKeyPart.sharedSecret != plainCryptoKey.getCryptoKeyPart()");
        }
        return new DataKey(cryptoKey.getCryptoKeyId(), plainCryptoKeyForDecrypting.getKeyParameterOrFail());
    }

    public CryptreeNode getParent() {
        if (this.parent == null) {
            if (this.repoFile != null && JDOHelper.isDeleted(this.repoFile)) {
                getCryptoRepoFile();
                AssertUtil.assertNotNull(this.cryptoRepoFile, "cryptoRepoFile");
            }
            RepoFile parent = (this.repoFile == null || JDOHelper.isDeleted(this.repoFile)) ? null : this.repoFile.getParent();
            CryptoRepoFile parent2 = this.cryptoRepoFile == null ? null : this.cryptoRepoFile.getParent();
            if (parent != null || parent2 != null) {
                this.parent = this.context.getCryptreeNodeOrCreate(null, this, parent, parent2);
            }
        }
        return this.parent;
    }

    public UserRepoKeyPublicKey getUserRepoKeyPublicKeyOrCreate(UserRepoKey userRepoKey) {
        AssertUtil.assertNotNull(userRepoKey, "userRepoKey");
        return getUserRepoKeyPublicKeyOrCreate((UserRepoKey.PublicKey) userRepoKey.getPublicKey());
    }

    public UserRepoKeyPublicKey getUserRepoKeyPublicKeyOrCreate(UserRepoKey.PublicKey publicKey) {
        AssertUtil.assertNotNull(publicKey, "publicKey");
        return new UserRepoKeyPublicKeyHelper(getContext()).getUserRepoKeyPublicKeyOrCreate(publicKey);
    }

    public void grantPermission(PermissionType permissionType, UserRepoKey.PublicKey publicKey) {
        CryptreeNode parent;
        AssertUtil.assertNotNull(permissionType, "permissionType");
        AssertUtil.assertNotNull(publicKey, "publicKey");
        if (isOwner(publicKey.getUserRepoKeyId())) {
            return;
        }
        if (PermissionType.readUserIdentity == permissionType && (parent = getParent()) != null) {
            parent.grantPermission(permissionType, publicKey);
            return;
        }
        if (permissionType == PermissionType.read || permissionType == PermissionType.write || permissionType == PermissionType.grant) {
            grantReadPermission(publicKey);
        }
        if (PermissionType.read == permissionType || this.context.getRepositoryOwnerOrFail().getUserRepoKeyPublicKey().getUserRepoKeyId().equals(publicKey.getUserRepoKeyId())) {
            return;
        }
        if (PermissionType.grant == permissionType) {
            grantPermission(PermissionType.write, publicKey);
            grantPermission(PermissionType.readUserIdentity, publicKey);
        }
        PermissionSet permissionSetOrCreate = getPermissionSetOrCreate();
        PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
        UserRepoKeyPublicKey userRepoKeyPublicKeyOrCreate = getUserRepoKeyPublicKeyOrCreate(publicKey);
        if (permissionDao.getNonRevokedPermissions(permissionSetOrCreate, permissionType, userRepoKeyPublicKeyOrCreate).isEmpty()) {
            Permission permission = new Permission();
            permission.setPermissionSet(permissionSetOrCreate);
            permission.setPermissionType(permissionType);
            permission.setUserRepoKeyPublicKey(userRepoKeyPublicKeyOrCreate);
            sign(permission);
            assertPermissionOk((Permission) permissionDao.makePersistent(permission));
        }
        if (PermissionType.grant == permissionType) {
            ensureParentHasAsymmetricActiveSubdirKey();
        }
        if (PermissionType.readUserIdentity == permissionType) {
            createUserIdentityLinksVisibleFor(userRepoKeyPublicKeyOrCreate);
        }
    }

    public void setPermissionsInherited(boolean z) {
        if (z == isPermissionsInherited()) {
            return;
        }
        PermissionSet permissionSetOrCreate = getPermissionSetOrCreate();
        if (z) {
            PermissionSetInheritance permissionSetInheritance = new PermissionSetInheritance();
            permissionSetInheritance.setPermissionSet(permissionSetOrCreate);
            sign(permissionSetInheritance);
            permissionSetOrCreate.getPermissionSetInheritances().add(permissionSetInheritance);
            return;
        }
        UserRepoKey.PublicKey publicKey = this.context.getRepositoryOwnerOrFail().getUserRepoKeyPublicKey().getPublicKey();
        grantReadPermission(publicKey);
        if (!(this.context.userRepoKeyRing.getUserRepoKey(publicKey.getUserRepoKeyId()) != null)) {
            logger.warn("This is not yet cleanly implemented and likely causes an error.", new UnsupportedOperationException("NYI"));
        }
        for (PermissionSetInheritance permissionSetInheritance2 : permissionSetOrCreate.getPermissionSetInheritances()) {
            if (permissionSetInheritance2.getRevoked() == null) {
                permissionSetInheritance2.setRevoked(new Date());
                sign(permissionSetInheritance2);
            }
        }
        Set<CryptoKey> hashSet = new HashSet<>();
        Iterator<CryptoKey> it = ((CryptoKeyDao) this.context.transaction.getDao(CryptoKeyDao.class)).getActiveCryptoKeys(getCryptoRepoFileOrCreate(false), CryptoKeyRole.subdirKey).iterator();
        while (it.hasNext()) {
            deactivateCryptoKeyAndDescendants(it.next(), hashSet);
        }
        createSubdirKeyAndBacklinkKeyIfNeededChildrenRecursively();
    }

    public boolean isPermissionsInherited() {
        PermissionSet permissionSet = getPermissionSet();
        if (permissionSet == null) {
            return true;
        }
        Iterator<PermissionSetInheritance> it = permissionSet.getPermissionSetInheritances().iterator();
        while (it.hasNext()) {
            if (it.next().getRevoked() == null) {
                return true;
            }
        }
        return false;
    }

    private void ensureParentHasAsymmetricActiveSubdirKey() {
        CryptreeNode parent = getParent();
        CryptoRepoFile cryptoRepoFileOrCreate = parent == null ? null : parent.getCryptoRepoFileOrCreate(false);
        if (cryptoRepoFileOrCreate == null) {
            return;
        }
        boolean z = false;
        for (CryptoKey cryptoKey : ((CryptoKeyDao) this.context.transaction.getDao(CryptoKeyDao.class)).getActiveCryptoKeys(cryptoRepoFileOrCreate, CryptoKeyRole.subdirKey)) {
            switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$CryptoKeyType[cryptoKey.getCryptoKeyType().ordinal()]) {
                case 1:
                    z = true;
                    break;
                case 2:
                    deactivateCryptoKey(cryptoKey);
                    break;
                default:
                    throw new IllegalStateException("Unknown CryptoKeyType: " + cryptoKey.getCryptoKeyType());
            }
        }
        if (z) {
            return;
        }
        parent.getActivePlainCryptoKeyOrCreate(CryptoKeyRole.subdirKey, CipherOperationMode.DECRYPT);
    }

    public void revokePermission(PermissionType permissionType, Set<Uid> set) {
        AssertUtil.assertNotNull(permissionType, "permissionType");
        AssertUtil.assertNotNull(set, "userRepoKeyIds");
        if (PermissionType.readUserIdentity == permissionType) {
            CryptreeNode parent = getParent();
            if (parent != null) {
                parent.revokePermission(permissionType, set);
                return;
            }
            revokeGrantPermissionOfAllCryptoRepoFiles(set);
        }
        if (PermissionType.read == permissionType) {
            revokePermission(PermissionType.write, set);
            revokeReadPermission(set);
            return;
        }
        if (PermissionType.write == permissionType) {
            revokePermission(PermissionType.grant, set);
        }
        PermissionSet permissionSet = getPermissionSet();
        if (permissionSet == null) {
            return;
        }
        for (Permission permission : ((PermissionDao) this.context.transaction.getDao(PermissionDao.class)).getNonRevokedPermissions(permissionSet, permissionType, set)) {
            this.permissionsAlreadyCheckedOk.remove(permission);
            permission.setRevoked(new Date());
            sign(permission);
            assertPermissionOk(permission);
        }
        if (PermissionType.readUserIdentity == permissionType && existsAtLeastOneUserIdentityLinkFor(set)) {
            new UserRepoKeyPublicKeyHelper(getContext()).removeUserIdentityLinksAfterRevokingReadUserIdentityPermission();
        }
    }

    public Set<PermissionType> getGrantedPermissionTypes(Uid uid) {
        AssertUtil.assertNotNull(uid, "userRepoKeyId");
        EnumSet noneOf = EnumSet.noneOf(PermissionType.class);
        if (isOwner(uid)) {
            noneOf.addAll(Arrays.asList(PermissionType.values()));
        } else {
            PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
            if (!permissionDao.getNonRevokedPermissions(PermissionType.readUserIdentity, uid).isEmpty()) {
                noneOf.add(PermissionType.readUserIdentity);
            }
            PermissionSet permissionSet = getPermissionSet();
            if (permissionSet != null) {
                if (!permissionDao.getNonRevokedPermissions(permissionSet, PermissionType.grant, uid).isEmpty()) {
                    noneOf.add(PermissionType.grant);
                }
                if (!permissionDao.getNonRevokedPermissions(permissionSet, PermissionType.write, uid).isEmpty()) {
                    noneOf.add(PermissionType.write);
                }
            }
            if (hasReadPermissionHere(uid)) {
                noneOf.add(PermissionType.read);
            }
        }
        return noneOf;
    }

    private boolean hasReadPermissionHereOrInherited(Uid uid) {
        CryptreeNode parent;
        if (hasReadPermissionHere(uid)) {
            return true;
        }
        if (!isPermissionsInherited() || (parent = getParent()) == null) {
            return false;
        }
        return parent.hasReadPermissionHereOrInherited(uid);
    }

    private boolean hasReadPermissionHere(Uid uid) {
        UserRepoKeyPublicKey userRepoKeyPublicKey;
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        return (cryptoRepoFile == null || (userRepoKeyPublicKey = ((UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class)).getUserRepoKeyPublicKey(uid)) == null || ((CryptoLinkDao) this.context.transaction.getDao(CryptoLinkDao.class)).getActiveCryptoLinks(cryptoRepoFile, CryptoKeyRole.clearanceKey, CryptoKeyPart.privateKey, userRepoKeyPublicKey).isEmpty()) ? false : true;
    }

    private void createUserIdentityLinksVisibleFor(UserRepoKeyPublicKey userRepoKeyPublicKey) {
    }

    private boolean existsAtLeastOneUserIdentityLinkFor(Set<Uid> set) {
        AssertUtil.assertNotNull(set, "userRepoKeyIds");
        UserRepoKeyPublicKeyDao userRepoKeyPublicKeyDao = (UserRepoKeyPublicKeyDao) getContext().transaction.getDao(UserRepoKeyPublicKeyDao.class);
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) getContext().transaction.getDao(UserIdentityLinkDao.class);
        Iterator<Uid> it = set.iterator();
        while (it.hasNext()) {
            if (!userIdentityLinkDao.getUserIdentityLinksFor(userRepoKeyPublicKeyDao.getUserRepoKeyPublicKeyOrFail(it.next())).isEmpty()) {
                return true;
            }
        }
        return false;
    }

    private void revokeGrantPermissionOfAllCryptoRepoFiles(Set<Uid> set) {
        AssertUtil.assertNotNull(set, "userRepoKeyIds");
        PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
        HashSet hashSet = new HashSet();
        Iterator<Permission> it = permissionDao.getNonRevokedPermissions(PermissionType.grant, set).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getPermissionSet().getCryptoRepoFile());
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            getContext().getCryptreeNodeOrCreate(((CryptoRepoFile) it2.next()).getCryptoRepoFileId()).revokePermission(PermissionType.grant, set);
        }
    }

    public void assertHasPermission(boolean z, Uid uid, PermissionType permissionType, Date date) throws AccessDeniedException {
        AssertUtil.assertNotNull(uid, "userRepoKeyId");
        AssertUtil.assertNotNull(permissionType, "permissionType");
        AssertUtil.assertNotNull(date, "timestamp");
        if (isOwner(uid)) {
            return;
        }
        String str = null;
        UserRepoKeyPublicKey userRepoKeyPublicKeyOrFail = ((UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class)).getUserRepoKeyPublicKeyOrFail(uid);
        if (userRepoKeyPublicKeyOrFail instanceof InvitationUserRepoKeyPublicKey) {
            InvitationUserRepoKeyPublicKey invitationUserRepoKeyPublicKey = (InvitationUserRepoKeyPublicKey) userRepoKeyPublicKeyOrFail;
            if (date.compareTo(invitationUserRepoKeyPublicKey.getValidTo()) <= 0) {
                if (((UserRepoKeyPublicKeyReplacementRequestDao) this.context.transaction.getDao(UserRepoKeyPublicKeyReplacementRequestDao.class)).getUserRepoKeyPublicKeyReplacementRequestsForOldKey(invitationUserRepoKeyPublicKey).isEmpty()) {
                    throwAccessDeniedException(permissionType, "There is no UserRepoKeyPublicKeyReplacementRequest for " + invitationUserRepoKeyPublicKey);
                }
                assertHasPermission(z, invitationUserRepoKeyPublicKey.getSignature().getSigningUserRepoKeyId(), permissionType, invitationUserRepoKeyPublicKey.getSignature().getSignatureCreated());
                return;
            }
            str = String.format("userRepoKeyPublicKey is an InvitationUserRepoKeyPublicKey, but it expired on '%s', which is before the given timestamp '%s'!", ISO8601.formatDate(invitationUserRepoKeyPublicKey.getValidTo()), ISO8601.formatDate(date));
        }
        HashSet hashSet = new HashSet();
        if (PermissionType.read != permissionType) {
            collectPermissions(hashSet, z, permissionType, uid, date);
            Set<Permission> extractPermissionsIndicatingBackdatedSignature = extractPermissionsIndicatingBackdatedSignature(hashSet);
            if (!hashSet.isEmpty()) {
                return;
            }
            if (!extractPermissionsIndicatingBackdatedSignature.isEmpty()) {
                throwAccessDeniedException(permissionType, String.format("Found '%s' permission(s) for userRepoKeyId=%s and timestamp=%s, but it (or they) indicates backdating outside of allowed range!", permissionType, uid, date));
            }
        } else {
            if (Math.abs(System.currentTimeMillis() - date.getTime()) > 300000) {
                throw new UnsupportedOperationException("assertHasPermission(...) does not yet support permissionType 'read' combined with a timestamp that is not *now*!");
            }
            if (hasReadPermissionHereOrInherited(uid)) {
                return;
            }
        }
        throwAccessDeniedException(permissionType, String.format("No '%s' permission found for userRepoKeyId=%s and timestamp=%s!", permissionType, uid, ISO8601.formatDate(date)) + (StringUtil.isEmpty(str) ? "" : " " + str));
    }

    private void throwAccessDeniedException(PermissionType permissionType, String str) throws AccessDeniedException {
        switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$PermissionType[permissionType.ordinal()]) {
            case 1:
                throw new GrantAccessDeniedException(str);
            case 2:
                throw new WriteAccessDeniedException(str);
            case 3:
                throw new ReadAccessDeniedException(str);
            case 4:
                throw new ReadUserIdentityAccessDeniedException(str);
            default:
                throw new IllegalArgumentException("Unknown permissionType: " + permissionType);
        }
    }

    private boolean isOwner(Uid uid) {
        AssertUtil.assertNotNull(uid, "userRepoKeyId");
        return uid.equals(this.context.getRepositoryOwnerOrFail().getUserRepoKeyPublicKey().getUserRepoKeyId());
    }

    private void collectPermissions(Set<Permission> set, boolean z, PermissionType permissionType, Uid uid, Date date) {
        CryptreeNode parent;
        AssertUtil.assertNotNull(permissionType, "permissionType");
        AssertUtil.assertNotNull(uid, "userRepoKeyId");
        AssertUtil.assertNotNull(date, "timestamp");
        switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$PermissionType[permissionType.ordinal()]) {
            case 1:
            case 2:
                break;
            case 3:
            default:
                throw new IllegalArgumentException("PermissionType unknown or not allowed here: " + permissionType);
            case 4:
                z = true;
                break;
        }
        PermissionSet permissionSet = z ? null : getPermissionSet();
        if (z || permissionSet != null) {
            PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
            HashSet hashSet = z ? new HashSet(permissionDao.getValidPermissions(permissionType, uid, date)) : new HashSet(permissionDao.getValidPermissions(permissionSet, permissionType, uid, date));
            hashSet.removeAll(this.permissionsBeingCheckedNow);
            if (!hashSet.isEmpty()) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    assertPermissionOk((Permission) it.next());
                }
            }
            set.addAll(hashSet);
        }
        if (z) {
            return;
        }
        if ((permissionSet == null || permissionSet.isPermissionsInherited(date)) && (parent = getParent()) != null) {
            parent.collectPermissions(set, z, permissionType, uid, date);
        }
    }

    private Set<Permission> extractPermissionsIndicatingBackdatedSignature(Set<Permission> set) {
        HashSet hashSet = new HashSet(set);
        Date date = null;
        if (getContext().isOnServer) {
            Iterator<Permission> it = set.iterator();
            while (it.hasNext()) {
                Permission next = it.next();
                if (next.getValidTo() != null) {
                    if (date == null) {
                        date = new Date(System.currentTimeMillis() - CryptoConfigUtil.getBackdatingMaxPermissionValidToAge(getContext().transaction.getLocalRepoManager().getLocalRoot()));
                    }
                    if (next.getValidTo().before(date)) {
                        hashSet.add(next);
                        it.remove();
                    }
                }
            }
        }
        return hashSet;
    }

    private void assertPermissionOk(Permission permission) throws SignatureException, AccessDeniedException {
        AssertUtil.assertNotNull(permission, "permission");
        if (this.permissionsAlreadyCheckedOk.contains(permission)) {
            return;
        }
        if (!this.permissionsBeingCheckedNow.add(permission)) {
            throw new IllegalStateException("Circular permission check! " + permission);
        }
        try {
            assertSignatureOk(permission);
            this.permissionsAlreadyCheckedOk.add(permission);
        } finally {
            this.permissionsBeingCheckedNow.remove(permission);
        }
    }

    public void assertSignatureOk(WriteProtected writeProtected) throws SignatureException, AccessDeniedException {
        AssertUtil.assertNotNull(writeProtected, "entity");
        Uid cryptoRepoFileIdControllingPermissions = writeProtected.getCryptoRepoFileIdControllingPermissions();
        if (cryptoRepoFileIdControllingPermissions == null) {
            assertSignatureOk(writeProtected, true, writeProtected.getPermissionTypeRequiredForWrite());
        } else if (cryptoRepoFileIdControllingPermissions.equals(getCryptoRepoFile().getCryptoRepoFileId())) {
            assertSignatureOk(writeProtected, false, writeProtected.getPermissionTypeRequiredForWrite());
        } else {
            this.context.getCryptreeNodeOrCreate(cryptoRepoFileIdControllingPermissions).assertSignatureOk(writeProtected, false, writeProtected.getPermissionTypeRequiredForWrite());
        }
    }

    public void assertSignatureOk(Signable signable, boolean z, PermissionType permissionType) throws SignatureException, AccessDeniedException {
        AssertUtil.assertNotNull(signable, "signable");
        this.context.signableVerifier.verify(signable);
        if (permissionType != null) {
            assertHasPermission(z, signable.getSignature().getSigningUserRepoKeyId(), permissionType, signable.getSignature().getSignatureCreated());
        }
    }

    public PermissionSet getPermissionSet() {
        if (this.permissionSet == null) {
            this.permissionSet = ((PermissionSetDao) this.context.transaction.getDao(PermissionSetDao.class)).getPermissionSet(getCryptoRepoFileOrCreate(false));
            if (this.permissionSet != null) {
                assertSignatureOk(this.permissionSet);
            }
        }
        return this.permissionSet;
    }

    public PermissionSet getPermissionSetOrCreate() {
        PermissionSet permissionSet = getPermissionSet();
        if (permissionSet == null) {
            PermissionSet permissionSet2 = new PermissionSet();
            permissionSet2.setCryptoRepoFile((CryptoRepoFile) AssertUtil.assertNotNull(getCryptoRepoFile(), "getCryptoRepoFile()"));
            sign(permissionSet2);
            PermissionSet permissionSet3 = (PermissionSet) ((PermissionSetDao) this.context.transaction.getDao(PermissionSetDao.class)).makePersistent(permissionSet2);
            permissionSet = permissionSet3;
            this.permissionSet = permissionSet3;
            setPermissionsInherited(true);
        }
        return permissionSet;
    }

    public void sign(WriteProtected writeProtected) throws AccessDeniedException {
        AssertUtil.assertNotNull(writeProtected, "writeProtectedEntity");
        Uid cryptoRepoFileIdControllingPermissions = writeProtected.getCryptoRepoFileIdControllingPermissions();
        this.context.getSignableSigner(cryptoRepoFileIdControllingPermissions == null ? getUserRepoKeyOrFail(true, writeProtected.getPermissionTypeRequiredForWrite()) : cryptoRepoFileIdControllingPermissions.equals(getCryptoRepoFile().getCryptoRepoFileId()) ? getUserRepoKeyOrFail(false, writeProtected.getPermissionTypeRequiredForWrite()) : this.context.getCryptreeNodeOrCreate(cryptoRepoFileIdControllingPermissions).getUserRepoKeyOrFail(false, writeProtected.getPermissionTypeRequiredForWrite())).sign(writeProtected);
    }

    public UserRepoKey getUserRepoKey(boolean z, PermissionType permissionType) {
        AssertUtil.assertNotNull(permissionType, "permissionType");
        switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$PermissionType[permissionType.ordinal()]) {
            case 1:
            case 2:
                Date date = new Date();
                for (UserRepoKey userRepoKey : this.context.userRepoKeyRing.getPermanentUserRepoKeys(this.context.serverRepositoryId)) {
                    boolean isOwner = isOwner(userRepoKey.getUserRepoKeyId());
                    HashSet hashSet = new HashSet();
                    if (!isOwner) {
                        collectPermissions(hashSet, z, permissionType, userRepoKey.getUserRepoKeyId(), date);
                    }
                    if (isOwner || !hashSet.isEmpty()) {
                        getUserRepoKeyPublicKeyOrCreate(userRepoKey);
                        return userRepoKey;
                    }
                }
                return null;
            default:
                throw new IllegalArgumentException("PermissionType unknown or not allowed here: " + permissionType);
        }
    }

    private UserRepoKey getUserRepoKeyOrFail(boolean z, PermissionType permissionType) {
        UserRepoKey userRepoKey = getUserRepoKey(z, permissionType);
        if (userRepoKey != null) {
            return userRepoKey;
        }
        Object[] objArr = new Object[2];
        objArr[0] = permissionType;
        objArr[1] = this.repoFile != null ? this.repoFile.getPath() : this.cryptoRepoFile;
        String format = String.format("No '%s' permission for any UserRepoKey of the current UserRepoKeyRing for: %s", objArr);
        switch (AnonymousClass1.$SwitchMap$org$subshare$core$dto$PermissionType[permissionType.ordinal()]) {
            case 1:
                throw new GrantAccessDeniedException(format);
            case 2:
                throw new WriteAccessDeniedException(format);
            case 3:
                throw new ReadAccessDeniedException(format);
            default:
                throw new IllegalArgumentException("Unknown PermissionType: " + permissionType);
        }
    }

    public void clearCryptoRepoFileDeleted() {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        AssertUtil.assertNotNull(cryptoRepoFile, "cryptoRepoFile");
        deletePreliminaryDeletions();
        if (cryptoRepoFile.getDeleted() != null) {
            cryptoRepoFile.setDeleted(null);
            cryptoRepoFile.setDeletedByIgnoreRule(false);
            cryptoRepoFile.setLastSyncFromRepositoryId(null);
            sign(cryptoRepoFile);
            updateCryptoConfigPropSetIfConfigFile();
        }
    }

    protected void deletePreliminaryDeletions() {
        CryptoRepoFile cryptoRepoFile = getCryptoRepoFile();
        AssertUtil.assertNotNull(cryptoRepoFile, "cryptoRepoFile");
        PreliminaryDeletionDao preliminaryDeletionDao = (PreliminaryDeletionDao) getContext().transaction.getDao(PreliminaryDeletionDao.class);
        PreliminaryDeletion preliminaryDeletion = preliminaryDeletionDao.getPreliminaryDeletion(cryptoRepoFile);
        if (preliminaryDeletion != null) {
            preliminaryDeletionDao.deletePersistent(preliminaryDeletion);
        }
    }

    public ConfigPropSetDto getParentConfigPropSetDtoIfNeeded() {
        Uid cryptoRepoFileIdForRemotePathPrefixOrFail = this.context.getCryptoRepoFileIdForRemotePathPrefixOrFail();
        if (!cryptoRepoFileIdForRemotePathPrefixOrFail.equals(getCryptoRepoFile().getCryptoRepoFileId())) {
            throw new IllegalStateException("cryptoRepoFileIdForRemotePathPrefix != cryptoRepoFile.cryptoRepoFileId :: " + cryptoRepoFileIdForRemotePathPrefixOrFail + " != " + getCryptoRepoFile().getCryptoRepoFileId());
        }
        List<CryptoConfigPropSet> cryptoConfigPropSetsAbove = getCryptoConfigPropSetsAbove();
        if (!isCryptoConfigPropSetModifiedAfterLastSync(cryptoConfigPropSetsAbove)) {
            return null;
        }
        Properties properties = null;
        Iterator<CryptoConfigPropSet> it = cryptoConfigPropSetsAbove.iterator();
        while (it.hasNext()) {
            ConfigPropSetDto configPropSetDto = getConfigPropSetDto(it.next());
            if (configPropSetDto != null) {
                Properties properties2 = configPropSetDto.toProperties();
                if (properties == null) {
                    properties = properties2;
                } else {
                    properties.putAll(properties2);
                }
            }
        }
        return properties == null ? new ConfigPropSetDto() : new ConfigPropSetDto(properties);
    }

    private ConfigPropSetDto getConfigPropSetDto(CryptoConfigPropSet cryptoConfigPropSet) {
        AssertUtil.assertNotNull(cryptoConfigPropSet, "cryptoConfigPropSet");
        PlainCryptoKey plainCryptoKeyForDecrypting = getPlainCryptoKeyForDecrypting(cryptoConfigPropSet.getCryptoKey());
        if (plainCryptoKeyForDecrypting == null) {
            throw new ReadAccessDeniedException(String.format("The CryptoConfigPropSet with cryptoRepoFileId=%s could not be decrypted! Access rights missing?!", cryptoConfigPropSet.getCryptoRepoFileId()));
        }
        byte[] configPropSetDtoData = cryptoConfigPropSet.getConfigPropSetDtoData();
        if (configPropSetDtoData == null || configPropSetDtoData.length == 0) {
            return null;
        }
        return (ConfigPropSetDto) new ConfigPropSetDtoIo().deserializeWithGz(CryptreeNodeUtil.decrypt(configPropSetDtoData, plainCryptoKeyForDecrypting));
    }

    private boolean isCryptoConfigPropSetModifiedAfterLastSync(List<CryptoConfigPropSet> list) {
        AssertUtil.assertNotNull(list, "cryptoConfigPropSets");
        RemoteRepository remoteRepositoryOrFail = ((RemoteRepositoryDao) this.context.transaction.getDao(RemoteRepositoryDao.class)).getRemoteRepositoryOrFail(this.context.remoteRepositoryId);
        Iterator<CryptoConfigPropSet> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getLocalRevision() > remoteRepositoryOrFail.getLocalRevision()) {
                return true;
            }
        }
        return false;
    }

    private List<CryptoConfigPropSet> getCryptoConfigPropSetsAbove() {
        CryptoConfigPropSetDao cryptoConfigPropSetDao = (CryptoConfigPropSetDao) this.context.transaction.getDao(CryptoConfigPropSetDao.class);
        ArrayList arrayList = new ArrayList();
        CryptoRepoFile cryptoRepoFile = (CryptoRepoFile) AssertUtil.assertNotNull(getCryptoRepoFile(), "cryptoRepoFile");
        while (true) {
            cryptoRepoFile = cryptoRepoFile.getParent();
            if (cryptoRepoFile == null) {
                Collections.reverse(arrayList);
                return arrayList;
            }
            CryptoConfigPropSet cryptoConfigPropSet = cryptoConfigPropSetDao.getCryptoConfigPropSet(cryptoRepoFile);
            if (cryptoConfigPropSet != null) {
                arrayList.add(cryptoConfigPropSet);
            }
        }
    }

    static {
        HashMap hashMap = new HashMap(5);
        hashMap.put(CryptoKeyRole.clearanceKey, PlainCryptoKeyFactory.ClearanceKeyPlainCryptoKeyFactory.class);
        hashMap.put(CryptoKeyRole.subdirKey, PlainCryptoKeyFactory.SubdirKeyPlainCryptoKeyFactory.class);
        hashMap.put(CryptoKeyRole.fileKey, PlainCryptoKeyFactory.FileKeyPlainCryptoKeyFactory.class);
        hashMap.put(CryptoKeyRole.backlinkKey, PlainCryptoKeyFactory.BacklinkKeyPlainCryptoKeyFactory.class);
        hashMap.put(CryptoKeyRole.dataKey, PlainCryptoKeyFactory.DataKeyPlainCryptoKeyFactory.class);
        cryptoKeyRole2PlainCryptoKeyFactory = Collections.unmodifiableMap(hashMap);
    }
}
