package org.subshare.local;

import co.codewizards.cloudstore.core.Uid;
import co.codewizards.cloudstore.core.util.DateUtil;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.subshare.core.ReadUserIdentityAccessDeniedException;
import org.subshare.core.crypto.KeyFactory;
import org.subshare.core.dto.PermissionType;
import org.subshare.core.dto.UserIdentityPayloadDto;
import org.subshare.core.dto.jaxb.UserIdentityPayloadDtoIo;
import org.subshare.core.pgp.MissingSigningPgpKeyException;
import org.subshare.core.pgp.PgpKeyId;
import org.subshare.core.user.User;
import org.subshare.core.user.UserRegistry;
import org.subshare.core.user.UserRepoKey;
import org.subshare.core.user.UserRepoKeyPublicKeyDtoWithSignatureConverter;
import org.subshare.core.user.UserRepoKeyRing;
import org.subshare.local.persistence.InvitationUserRepoKeyPublicKey;
import org.subshare.local.persistence.Permission;
import org.subshare.local.persistence.PermissionDao;
import org.subshare.local.persistence.RepositoryOwner;
import org.subshare.local.persistence.UserIdentity;
import org.subshare.local.persistence.UserIdentityDao;
import org.subshare.local.persistence.UserIdentityLink;
import org.subshare.local.persistence.UserIdentityLinkDao;
import org.subshare.local.persistence.UserRepoKeyPublicKey;
import org.subshare.local.persistence.UserRepoKeyPublicKeyDao;

/* loaded from: input_file:org/subshare/local/UserRepoKeyPublicKeyHelper.class */
public class UserRepoKeyPublicKeyHelper {
    private static final Logger logger = LoggerFactory.getLogger(UserRepoKeyPublicKeyHelper.class);
    private final CryptreeContext context;

    public UserRepoKeyPublicKeyHelper(CryptreeContext cryptreeContext) {
        this.context = (CryptreeContext) Objects.requireNonNull(cryptreeContext, "context");
    }

    public CryptreeContext getContext() {
        return this.context;
    }

    public UserRepoKeyPublicKey getUserRepoKeyPublicKeyOrCreate(UserRepoKey.PublicKey publicKey) {
        Objects.requireNonNull(publicKey, "publicKey");
        UserRepoKeyPublicKey userRepoKeyPublicKey = ((UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class)).getUserRepoKeyPublicKey(publicKey.getUserRepoKeyId());
        if (userRepoKeyPublicKey == null) {
            userRepoKeyPublicKey = createUserRepoKeyPublicKey(publicKey);
        }
        return userRepoKeyPublicKey;
    }

    private UserRepoKeyPublicKey createUserRepoKeyPublicKey(UserRepoKey.PublicKey publicKey) {
        Objects.requireNonNull(publicKey, "publicKey");
        UserRepoKeyPublicKeyDao userRepoKeyPublicKeyDao = (UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class);
        UserRepoKeyPublicKey userRepoKeyPublicKey = publicKey.isInvitation() ? (UserRepoKeyPublicKey) userRepoKeyPublicKeyDao.makePersistent(new InvitationUserRepoKeyPublicKey((UserRepoKey.PublicKeyWithSignature) publicKey)) : (UserRepoKeyPublicKey) userRepoKeyPublicKeyDao.makePersistent(new UserRepoKeyPublicKey(publicKey));
        createUserIdentities(userRepoKeyPublicKey);
        return userRepoKeyPublicKey;
    }

    public void createMissingUserIdentities() {
        boolean z;
        try {
            getUserRepoKeyWithReadUserIdentityPermissionOrFail();
            z = true;
        } catch (ReadUserIdentityAccessDeniedException e) {
            z = false;
        }
        for (UserRepoKeyPublicKey userRepoKeyPublicKey : ((UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class)).getObjects()) {
            if (z || getContext().userRepoKeyRing.getUserRepoKey(userRepoKeyPublicKey.getUserRepoKeyId()) != null) {
                createUserIdentities(userRepoKeyPublicKey);
            }
        }
    }

    protected void createUserIdentities(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(userRepoKeyPublicKey, "userRepoKeyPublicKey");
        Iterator<UserRepoKeyPublicKey> it = getForUserRepoKeyPublicKeysForUserIdentityLinkCreation(userRepoKeyPublicKey).iterator();
        while (it.hasNext()) {
            getUserIdentityLinkOrCreate(userRepoKeyPublicKey, it.next());
        }
    }

    private Set<UserRepoKeyPublicKey> getForUserRepoKeyPublicKeysForUserIdentityLinkCreation(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
        HashSet<UserRepoKeyPublicKey> hashSet = new HashSet();
        Iterator<Permission> it = permissionDao.getNonRevokedPermissions(PermissionType.readUserIdentity).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getUserRepoKeyPublicKey());
        }
        RepositoryOwner repositoryOwner = this.context.getRepositoryOwner();
        if (repositoryOwner != null) {
            hashSet.add(repositoryOwner.getUserRepoKeyPublicKey());
        }
        hashSet.add(userRepoKeyPublicKey);
        LinkedHashSet linkedHashSet = new LinkedHashSet(hashSet.size());
        for (UserRepoKeyPublicKey userRepoKeyPublicKey2 : hashSet) {
            if (this.context.userRepoKeyRing.getUserRepoKey(userRepoKeyPublicKey2.getUserRepoKeyId()) != null) {
                linkedHashSet.add(userRepoKeyPublicKey2);
            }
        }
        linkedHashSet.addAll(hashSet);
        return linkedHashSet;
    }

    public UserIdentityLink getUserIdentityLinkOrCreate(UserRepoKeyPublicKey userRepoKeyPublicKey, UserRepoKeyPublicKey userRepoKeyPublicKey2) {
        Objects.requireNonNull(userRepoKeyPublicKey, "ofUserRepoKeyPublicKey");
        Objects.requireNonNull(userRepoKeyPublicKey2, "forUserRepoKeyPublicKey");
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) this.context.transaction.getDao(UserIdentityLinkDao.class);
        Collection<UserIdentityLink> userIdentityLinks = userIdentityLinkDao.getUserIdentityLinks(userRepoKeyPublicKey, userRepoKeyPublicKey2);
        if (!userIdentityLinks.isEmpty()) {
            return userIdentityLinks.iterator().next();
        }
        PlainUserIdentity plainUserIdentityOrCreate = getPlainUserIdentityOrCreate(userRepoKeyPublicKey);
        if (userRepoKeyPublicKey.equals(userRepoKeyPublicKey2)) {
            Collection<UserIdentityLink> userIdentityLinks2 = userIdentityLinkDao.getUserIdentityLinks(userRepoKeyPublicKey, userRepoKeyPublicKey2);
            if (!userIdentityLinks2.isEmpty()) {
                return userIdentityLinks2.iterator().next();
            }
        }
        return createUserIdentityLink(plainUserIdentityOrCreate, userRepoKeyPublicKey2);
    }

    private UserIdentityLink createUserIdentityLink(PlainUserIdentity plainUserIdentity, UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(plainUserIdentity, "plainUserIdentity");
        Objects.requireNonNull(userRepoKeyPublicKey, "forUserRepoKeyPublicKey");
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) this.context.transaction.getDao(UserIdentityLinkDao.class);
        byte[] encrypt = CryptreeNodeUtil.encrypt(plainUserIdentity.getSharedSecret().getKey(), (CipherParameters) userRepoKeyPublicKey.getPublicKey().getPublicKey());
        UserRepoKey userRepoKey = getContext().userRepoKeyRing.getUserRepoKey(plainUserIdentity.getUserIdentity().getOfUserRepoKeyPublicKey().getUserRepoKeyId());
        UserRepoKey userRepoKeyWithReadUserIdentityPermissionOrFail = userRepoKey != null ? userRepoKey : getUserRepoKeyWithReadUserIdentityPermissionOrFail();
        UserIdentityLink userIdentityLink = new UserIdentityLink();
        userIdentityLink.setUserIdentity(plainUserIdentity.getUserIdentity());
        userIdentityLink.setForUserRepoKeyPublicKey(userRepoKeyPublicKey);
        userIdentityLink.setEncryptedUserIdentityKeyData(encrypt);
        this.context.getSignableSigner(userRepoKeyWithReadUserIdentityPermissionOrFail).sign(userIdentityLink);
        return (UserIdentityLink) userIdentityLinkDao.makePersistent(userIdentityLink);
    }

    private PlainUserIdentity getPlainUserIdentityOrCreate(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(userRepoKeyPublicKey, "ofUserRepoKeyPublicKey");
        Collection<UserIdentity> userIdentitiesOf = ((UserIdentityDao) this.context.transaction.getDao(UserIdentityDao.class)).getUserIdentitiesOf(userRepoKeyPublicKey);
        if (userIdentitiesOf.isEmpty()) {
            return createPlainUserIdentity(userRepoKeyPublicKey);
        }
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) this.context.transaction.getDao(UserIdentityLinkDao.class);
        for (UserIdentity userIdentity : userIdentitiesOf) {
            for (UserIdentityLink userIdentityLink : userIdentityLinkDao.getUserIdentityLinksOf(userIdentity)) {
                UserRepoKey userRepoKey = getContext().userRepoKeyRing.getUserRepoKey(userIdentityLink.getForUserRepoKeyPublicKey().getUserRepoKeyId());
                if (userRepoKey != null) {
                    return new PlainUserIdentity(userIdentity, new KeyParameter(CryptreeNodeUtil.decrypt(userIdentityLink.getEncryptedUserIdentityKeyData(), (CipherParameters) userRepoKey.getKeyPair().getPrivate())));
                }
            }
        }
        throw new ReadUserIdentityAccessDeniedException("No UserRepoKey found being able to decrypt the user-identities found: " + userIdentitiesOf);
    }

    private PlainUserIdentity createPlainUserIdentity(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(userRepoKeyPublicKey, "ofUserRepoKeyPublicKey");
        return createPlainUserIdentity(userRepoKeyPublicKey, createUserIdentityPayloadDtoData(userRepoKeyPublicKey));
    }

    private PlainUserIdentity createPlainUserIdentity(UserRepoKeyPublicKey userRepoKeyPublicKey, byte[] bArr) {
        UserIdentityDao userIdentityDao = (UserIdentityDao) this.context.transaction.getDao(UserIdentityDao.class);
        UserIdentity userIdentity = new UserIdentity();
        userIdentity.setOfUserRepoKeyPublicKey(userRepoKeyPublicKey);
        KeyParameter createSymmetricKey = KeyFactory.getInstance().createSymmetricKey();
        userIdentity.setEncryptedUserIdentityPayloadDtoData(CryptreeNodeUtil.encrypt(bArr, (CipherParameters) createSymmetricKey));
        UserRepoKey userRepoKey = getContext().userRepoKeyRing.getUserRepoKey(userRepoKeyPublicKey.getUserRepoKeyId());
        this.context.getSignableSigner(userRepoKey != null ? userRepoKey : getUserRepoKeyWithReadUserIdentityPermissionOrFail()).sign(userIdentity);
        PlainUserIdentity plainUserIdentity = new PlainUserIdentity((UserIdentity) userIdentityDao.makePersistent(userIdentity), createSymmetricKey);
        createUserIdentityLink(plainUserIdentity, userRepoKeyPublicKey);
        return plainUserIdentity;
    }

    private UserRepoKey getUserRepoKeyWithReadUserIdentityPermissionOrFail() {
        PermissionDao permissionDao = (PermissionDao) this.context.transaction.getDao(PermissionDao.class);
        for (UserRepoKey userRepoKey : this.context.userRepoKeyRing.getPermanentUserRepoKeys(this.context.serverRepositoryId)) {
            if (!isOwner(userRepoKey.getUserRepoKeyId()) && permissionDao.getValidPermissions(PermissionType.readUserIdentity, userRepoKey.getUserRepoKeyId(), DateUtil.now()).isEmpty()) {
            }
            return userRepoKey;
        }
        throw new ReadUserIdentityAccessDeniedException("No UserRepoKey found having 'readUserIdentity' permission!");
    }

    private boolean isOwner(Uid uid) {
        Objects.requireNonNull(uid, "userRepoKeyId");
        return uid.equals(this.context.getRepositoryOwnerOrFail().getUserRepoKeyPublicKey().getUserRepoKeyId());
    }

    private byte[] createUserIdentityPayloadDtoData(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        UserIdentityPayloadDto userIdentityPayloadDto = getUserIdentityPayloadDto(userRepoKeyPublicKey);
        if (userIdentityPayloadDto == null) {
            userIdentityPayloadDto = createUserIdentityPayloadDto(userRepoKeyPublicKey);
        }
        return new UserIdentityPayloadDtoIo().serializeWithGz(userIdentityPayloadDto);
    }

    public UserIdentityPayloadDto getUserIdentityPayloadDto(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        byte[] userIdentityPayloadDtoData = getUserIdentityPayloadDtoData(userRepoKeyPublicKey);
        if (userIdentityPayloadDtoData == null) {
            return null;
        }
        return (UserIdentityPayloadDto) new UserIdentityPayloadDtoIo().deserializeWithGz(userIdentityPayloadDtoData);
    }

    private byte[] getUserIdentityPayloadDtoData(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(userRepoKeyPublicKey, "ofUserRepoKeyPublicKey");
        UserRepoKeyPublicKeyDao userRepoKeyPublicKeyDao = (UserRepoKeyPublicKeyDao) this.context.transaction.getDao(UserRepoKeyPublicKeyDao.class);
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) this.context.transaction.getDao(UserIdentityLinkDao.class);
        for (UserRepoKey userRepoKey : this.context.userRepoKeyRing.getUserRepoKeys(this.context.serverRepositoryId)) {
            UserRepoKeyPublicKey userRepoKeyPublicKey2 = userRepoKeyPublicKeyDao.getUserRepoKeyPublicKey(userRepoKey.getUserRepoKeyId());
            if (userRepoKeyPublicKey2 != null) {
                Collection<UserIdentityLink> userIdentityLinks = userIdentityLinkDao.getUserIdentityLinks(userRepoKeyPublicKey, userRepoKeyPublicKey2);
                if (!userIdentityLinks.isEmpty()) {
                    UserIdentityLink next = userIdentityLinks.iterator().next();
                    return CryptreeNodeUtil.decrypt(next.getUserIdentity().getEncryptedUserIdentityPayloadDtoData(), (CipherParameters) new KeyParameter(CryptreeNodeUtil.decrypt(next.getEncryptedUserIdentityKeyData(), (CipherParameters) userRepoKey.getKeyPair().getPrivate())));
                }
            }
        }
        return null;
    }

    private UserIdentityPayloadDto createUserIdentityPayloadDto(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        User userByUserRepoKeyIdOrFail = this.context.getUserRegistry().getUserByUserRepoKeyIdOrFail(userRepoKeyPublicKey.getUserRepoKeyId());
        UserIdentityPayloadDto userIdentityPayloadDto = new UserIdentityPayloadDto();
        userIdentityPayloadDto.setFirstName(userByUserRepoKeyIdOrFail.getFirstName());
        userIdentityPayloadDto.setLastName(userByUserRepoKeyIdOrFail.getLastName());
        userIdentityPayloadDto.getEmails().addAll(userByUserRepoKeyIdOrFail.getEmails());
        userIdentityPayloadDto.getPgpKeyIds().addAll(userByUserRepoKeyIdOrFail.getPgpKeyIds());
        UserRepoKeyRing userRepoKeyRing = userByUserRepoKeyIdOrFail.getUserRepoKeyRing();
        UserRepoKey.PublicKeyWithSignature publicKeyWithSignature = null;
        if (userRepoKeyRing == null) {
            Iterator it = userByUserRepoKeyIdOrFail.getUserRepoKeyPublicKeys().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserRepoKey.PublicKeyWithSignature publicKeyWithSignature2 = (UserRepoKey.PublicKeyWithSignature) it.next();
                if (userRepoKeyPublicKey.getUserRepoKeyId().equals(publicKeyWithSignature2.getUserRepoKeyId())) {
                    publicKeyWithSignature = publicKeyWithSignature2;
                    break;
                }
            }
        } else {
            publicKeyWithSignature = userRepoKeyRing.getUserRepoKeyOrFail(userRepoKeyPublicKey.getUserRepoKeyId()).getPublicKey();
        }
        if (publicKeyWithSignature == null) {
            throw new IllegalStateException("publicKey == null");
        }
        userIdentityPayloadDto.setUserRepoKeyPublicKeyDto(new UserRepoKeyPublicKeyDtoWithSignatureConverter().toUserRepoKeyPublicKeyDto(publicKeyWithSignature));
        return userIdentityPayloadDto;
    }

    public void removeUserIdentityLinksAfterRevokingReadUserIdentityPermission() {
        UserRepoKeyPublicKeyDao userRepoKeyPublicKeyDao = (UserRepoKeyPublicKeyDao) getContext().transaction.getDao(UserRepoKeyPublicKeyDao.class);
        UserIdentityDao userIdentityDao = (UserIdentityDao) getContext().transaction.getDao(UserIdentityDao.class);
        HashMap hashMap = new HashMap();
        for (UserRepoKeyPublicKey userRepoKeyPublicKey : userRepoKeyPublicKeyDao.getObjects()) {
            byte[] userIdentityPayloadDtoData = getUserIdentityPayloadDtoData(userRepoKeyPublicKey);
            if (userIdentityPayloadDtoData == null) {
                throw new ReadUserIdentityAccessDeniedException("Could not obtain the decrypted userIdentityPayloadDtoData of " + userRepoKeyPublicKey);
            }
            hashMap.put(userRepoKeyPublicKey, userIdentityPayloadDtoData);
            deleteUserIdentityLinksOf(userRepoKeyPublicKey);
        }
        getContext().transaction.flush();
        long objectsCount = userIdentityDao.getObjectsCount();
        if (objectsCount != 0) {
            throw new IllegalStateException(String.format("WTF?! There are still %s UserIdentity instances in the DB!", Long.valueOf(objectsCount)));
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            UserRepoKeyPublicKey userRepoKeyPublicKey2 = (UserRepoKeyPublicKey) entry.getKey();
            byte[] bArr = (byte[]) entry.getValue();
            Set<UserRepoKeyPublicKey> forUserRepoKeyPublicKeysForUserIdentityLinkCreation = getForUserRepoKeyPublicKeysForUserIdentityLinkCreation(userRepoKeyPublicKey2);
            PlainUserIdentity createPlainUserIdentity = createPlainUserIdentity(userRepoKeyPublicKey2, bArr);
            Iterator<UserRepoKeyPublicKey> it = forUserRepoKeyPublicKeysForUserIdentityLinkCreation.iterator();
            while (it.hasNext()) {
                createUserIdentityLink(createPlainUserIdentity, it.next());
            }
        }
    }

    private void deleteUserIdentityLinksOf(UserRepoKeyPublicKey userRepoKeyPublicKey) {
        Objects.requireNonNull(userRepoKeyPublicKey, "ofUserRepoKeyPublicKey");
        UserIdentityLinkDao userIdentityLinkDao = (UserIdentityLinkDao) getContext().transaction.getDao(UserIdentityLinkDao.class);
        userIdentityLinkDao.deletePersistentAll(userIdentityLinkDao.getUserIdentityLinksOf(userRepoKeyPublicKey));
    }

    public void updateUserRepoKeyRingFromUserIdentities() {
        User user;
        UserRepoKeyPublicKeyDao userRepoKeyPublicKeyDao = (UserRepoKeyPublicKeyDao) getContext().transaction.getDao(UserRepoKeyPublicKeyDao.class);
        UserRegistry userRegistry = getContext().getUserRegistry();
        for (UserRepoKeyPublicKey userRepoKeyPublicKey : userRepoKeyPublicKeyDao.getObjects()) {
            User userByUserRepoKeyId = userRegistry.getUserByUserRepoKeyId(userRepoKeyPublicKey.getUserRepoKeyId());
            if (userByUserRepoKeyId != null) {
                logger.debug("updateUserRepoKeyRingFromUserIdentities: Skipping {} already associated with {}", userRepoKeyPublicKey, userByUserRepoKeyId);
            } else {
                UserIdentityPayloadDto userIdentityPayloadDto = getUserIdentityPayloadDto(userRepoKeyPublicKey);
                if (userIdentityPayloadDto == null) {
                    logger.debug("updateUserRepoKeyRingFromUserIdentities: Skipping {} because of missing permissions!", userRepoKeyPublicKey);
                } else {
                    Collection usersByPgpKeyIds = userRegistry.getUsersByPgpKeyIds(new HashSet(userIdentityPayloadDto.getPgpKeyIds()));
                    if (usersByPgpKeyIds.isEmpty()) {
                        user = userRegistry.createUser();
                        user.getPgpKeyIds().addAll(userIdentityPayloadDto.getPgpKeyIds());
                        user.setFirstName(userIdentityPayloadDto.getFirstName());
                        user.setLastName(userIdentityPayloadDto.getLastName());
                        user.getEmails().addAll(userIdentityPayloadDto.getEmails());
                        userRegistry.addUser(user);
                        logger.debug("updateUserRepoKeyRingFromUserIdentities: Created {} for {}", user, userRepoKeyPublicKey);
                    } else {
                        user = (User) usersByPgpKeyIds.iterator().next();
                        for (PgpKeyId pgpKeyId : userIdentityPayloadDto.getPgpKeyIds()) {
                            if (!user.getPgpKeyIds().contains(pgpKeyId)) {
                                user.getPgpKeyIds().add(pgpKeyId);
                            }
                        }
                        logger.debug("updateUserRepoKeyRingFromUserIdentities: Found {} via PGP-key[s] for {}", user, userRepoKeyPublicKey);
                    }
                    try {
                        user.getUserRepoKeyPublicKeys().add(new UserRepoKeyPublicKeyDtoWithSignatureConverter().fromUserRepoKeyPublicKeyDto(userIdentityPayloadDto.getUserRepoKeyPublicKeyDto()));
                    } catch (MissingSigningPgpKeyException e) {
                        logger.warn("updateUserRepoKeyRingFromUserIdentities: " + e);
                        for (PgpKeyId pgpKeyId2 : e.getMissingPgpKeyIds()) {
                            if (!user.getPgpKeyIds().contains(pgpKeyId2)) {
                                user.getPgpKeyIds().add(pgpKeyId2);
                            }
                        }
                    }
                }
            }
        }
    }
}
