package org.subshare.local.persistence;

import co.codewizards.cloudstore.core.auth.SignatureException;
import co.codewizards.cloudstore.core.repo.local.AbstractLocalRepoTransactionListener;
import co.codewizards.cloudstore.local.persistence.LocalRepository;
import co.codewizards.cloudstore.local.persistence.LocalRepositoryDao;
import co.codewizards.cloudstore.local.persistence.RepoFileDao;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import javax.jdo.JDOHelper;
import javax.jdo.listener.InstanceLifecycleEvent;
import javax.jdo.listener.StoreLifecycleListener;
import org.subshare.core.Cryptree;
import org.subshare.core.GrantAccessDeniedException;
import org.subshare.core.ReadAccessDeniedException;
import org.subshare.core.WriteAccessDeniedException;
import org.subshare.core.sign.Signable;
import org.subshare.core.sign.SignableVerifier;
import org.subshare.core.sign.WriteProtected;
import org.subshare.local.CryptreeImpl;

/* loaded from: input_file:org/subshare/local/persistence/VerifySignableAndWriteProtectedEntityListener.class */
public class VerifySignableAndWriteProtectedEntityListener extends AbstractLocalRepoTransactionListener implements StoreLifecycleListener {
    private final Set<Signable> signables = new HashSet();
    private SignableVerifier signableVerifier;
    private LocalRepository localRepository;
    private LocalRepositoryType localRepositoryType;

    public int getPriority() {
        return -100;
    }

    public void onBegin() {
        getTransactionOrFail().getPersistenceManager().addInstanceLifecycleListener(this, new Class[]{Signable.class});
    }

    public void preStore(InstanceLifecycleEvent instanceLifecycleEvent) {
    }

    public void postStore(InstanceLifecycleEvent instanceLifecycleEvent) {
        this.signables.add((Signable) instanceLifecycleEvent.getPersistentInstance());
    }

    public void removeSignable(Signable signable) {
        Objects.requireNonNull(signable, "signable");
        this.signables.remove(signable);
    }

    public void onCommit() {
        assertAllRepoFilesAreSignedOnServer();
        while (!this.signables.isEmpty()) {
            Iterator<Signable> it = this.signables.iterator();
            Signable next = it.next();
            it.remove();
            assertSignableOk(next);
        }
    }

    private void assertAllRepoFilesAreSignedOnServer() {
        if (LocalRepositoryType.SERVER != getLocalRepositoryType()) {
            return;
        }
        SsLocalRepository ssLocalRepository = (SsLocalRepository) getLocalRepository();
        if (ssLocalRepository.isAssertedAllRepoFilesAreSigned()) {
            return;
        }
        RepoFileDao repoFileDao = (RepoFileDao) getTransactionOrFail().getDao(RepoFileDao.class);
        if (repoFileDao.getObjectsCount() < 2) {
            return;
        }
        for (SsRepoFile ssRepoFile : repoFileDao.getObjects()) {
            if (ssRepoFile.getSignature() == null) {
                throw new IllegalStateException("It seems, the root still has no signature! The root should be signed (i.e. uploaded *with* signature), before any other directory/file is uploaded to the server! repoFileMissingSignature: " + ssRepoFile);
            }
        }
        ssLocalRepository.setAssertedAllRepoFilesAreSigned(true);
    }

    private void assertSignableOk(Signable signable) {
        if (JDOHelper.isDeleted(signable)) {
            return;
        }
        if (signable.getSignature() == null) {
            if (LocalRepositoryType.SERVER == getLocalRepositoryType()) {
                throw new SignatureException(signable.toString() + ": Missing signature! On the server, every Signable must be signed!");
            }
            return;
        }
        CryptreeImpl cryptreeImpl = (Cryptree) getTransactionOrFail().getContextObject(Cryptree.class);
        if (cryptreeImpl != null) {
            try {
                if (signable instanceof WriteProtected) {
                    cryptreeImpl.assertSignatureOk((WriteProtected) signable);
                }
            } catch (WriteAccessDeniedException e) {
                throw new WriteAccessDeniedException(signable.toString() + ": " + e.getMessage(), e);
            } catch (SignatureException e2) {
                throw new SignatureException(signable.toString() + ": " + e2.getMessage(), e2);
            } catch (ReadAccessDeniedException e3) {
                throw new ReadAccessDeniedException(signable.toString() + ": " + e3.getMessage(), e3);
            } catch (GrantAccessDeniedException e4) {
                throw new GrantAccessDeniedException(signable.toString() + ": " + e4.getMessage(), e4);
            }
        }
        getSignableVerifier().verify(signable);
    }

    private SignableVerifier getSignableVerifier() {
        if (this.signableVerifier == null) {
            this.signableVerifier = new SignableVerifier(new UserRepoKeyPublicKeyLookupImpl(getTransactionOrFail()));
        }
        return this.signableVerifier;
    }

    private LocalRepository getLocalRepository() {
        if (this.localRepository == null) {
            this.localRepository = ((LocalRepositoryDao) getTransactionOrFail().getDao(LocalRepositoryDao.class)).getLocalRepositoryOrFail();
        }
        return this.localRepository;
    }

    private LocalRepositoryType getLocalRepositoryType() {
        if (this.localRepositoryType == null) {
            this.localRepositoryType = ((SsLocalRepository) getLocalRepository()).getLocalRepositoryType();
        }
        return this.localRepositoryType;
    }
}
