package com.appiancorp.apikey.config;

import com.appiancorp.apikey.access.MembershipCheck;
import com.appiancorp.apikey.crypto.ApiKeyTokenizer;
import com.appiancorp.apikey.exceptions.ApiKeyAliasFormatException;
import com.appiancorp.apikey.exceptions.ApiKeyException;
import com.appiancorp.apikey.exceptions.ApiKeyInactiveException;
import com.appiancorp.apikey.exceptions.ApiKeyMaximumLimitException;
import com.appiancorp.apikey.exceptions.ApiKeyNotFoundException;
import com.appiancorp.apikey.exceptions.ApiKeyRevokedException;
import com.appiancorp.apikey.exceptions.ApiKeyTokenSignException;
import com.appiancorp.apikey.exceptions.ApiKeyTokenVerifyException;
import com.appiancorp.apikey.logging.ApiKeyAuditLogEvent;
import com.appiancorp.apikey.logging.ApiKeyProductMetricsLogger;
import com.appiancorp.apikey.persistence.ApiKey;
import com.appiancorp.apikey.persistence.ApiKeyBuilder;
import com.appiancorp.apikey.persistence.ApiKeyDao;
import com.appiancorp.apikey.persistence.ApiKeyEntity;
import com.appiancorp.apikey.persistence.ApiKeyOwner;
import com.appiancorp.securetoken.InvalidSignatureException;
import com.appiancorp.securetoken.InvalidTokenException;
import com.appiancorp.security.user.service.EnsureCurrentUserIsInPrimaryDataSourceAspect;
import com.appiancorp.services.exceptions.InvalidUserException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/appiancorp/apikey/config/ApiKeyServiceImpl.class */
public class ApiKeyServiceImpl implements ApiKeyService {
    private final ApiKeyDaoProvider apiKeyDaoProvider;
    private final AuditLogger auditLogger;
    private final ApiKeyTokenizer apiKeyTokenizer;
    private final MembershipCheck membershipCheck;

    public ApiKeyServiceImpl(ApiKeyDaoProvider apiKeyDaoProvider, AuditLogger auditLogger, ApiKeyTokenizer apiKeyTokenizer, MembershipCheck membershipCheck) {
        this.apiKeyDaoProvider = apiKeyDaoProvider;
        this.auditLogger = auditLogger;
        this.apiKeyTokenizer = apiKeyTokenizer;
        this.membershipCheck = membershipCheck;
    }

    @EnsureCurrentUserIsInPrimaryDataSourceAspect.RequiresCurrentUserInPrimaryDataSource
    public TokenCreateResult createToken() throws ApiKeyException {
        checkApiKeyLimit();
        String createRandomUUIDString = this.apiKeyTokenizer.createRandomUUIDString();
        return new TokenCreateResult(createRandomUUIDString, encodeApiKeyId(createRandomUUIDString));
    }

    public Long persistTokenMetadata(String str, String str2, Long l, ApiKeyOwner apiKeyOwner, String str3) throws ApiKeyException {
        this.membershipCheck.checkServiceAccount(l);
        ensureValidAliasFormat(str2);
        ApiKey build = ApiKeyBuilder.builder().uuid(str).serviceAccountId(l).alias(sanitizeAlias(str2)).owner(apiKeyOwner).ownerId(str3).build();
        Long l2 = (Long) getApiKeyDao().create(build);
        this.auditLogger.log(ApiKeyAuditLogEvent.CREATED, build, ApiKeyProductMetricsLogger.CREATE_API_KEY_SUFFIX);
        return l2;
    }

    private void checkApiKeyLimit() throws ApiKeyMaximumLimitException {
        if (getApiKeyDao().countNonRevoked() >= 250) {
            throw new ApiKeyMaximumLimitException();
        }
    }

    /* renamed from: validateToken, reason: merged with bridge method [inline-methods] */
    public ApiKey m3validateToken(String str) throws ApiKeyException {
        Optional<ApiKey> apiKey = getApiKey(decodeToken(str));
        if (!apiKey.isPresent()) {
            throw new ApiKeyNotFoundException();
        }
        ApiKey apiKey2 = apiKey.get();
        if (!apiKey2.isActive()) {
            throw new ApiKeyInactiveException();
        }
        if (apiKey2.isRevoked()) {
            throw new ApiKeyRevokedException();
        }
        this.membershipCheck.checkServiceAccount(apiKey2.getServiceAccountId());
        apiKey2.setLastUsedDate(new Date());
        return apiKey2;
    }

    public boolean renameToken(long j, String str) throws ApiKeyException {
        if (str == null) {
            return false;
        }
        ensureValidAliasFormat(str);
        String sanitizeAlias = sanitizeAlias(str);
        ApiKeyDao apiKeyDao = getApiKeyDao();
        Optional forId = apiKeyDao.getForId(Long.valueOf(j));
        if (!forId.isPresent()) {
            throw new ApiKeyNotFoundException();
        }
        ApiKey apiKey = (ApiKey) forId.get();
        if (sanitizeAlias.equals(apiKey.getAlias())) {
            return false;
        }
        apiKey.setAlias(sanitizeAlias);
        apiKeyDao.rename(apiKey);
        this.auditLogger.log(ApiKeyAuditLogEvent.RENAMED, apiKey, ApiKeyProductMetricsLogger.RENAME_API_KEY_SUFFIX);
        return true;
    }

    public boolean deactivateToken(long j) throws ApiKeyException {
        return setApiKey(j, false);
    }

    public boolean reactivateToken(long j) throws ApiKeyException {
        return setApiKey(j, true);
    }

    public boolean revokeToken(long j) throws ApiKeyException {
        ApiKeyDao apiKeyDao = getApiKeyDao();
        Optional forId = apiKeyDao.getForId(Long.valueOf(j));
        if (!forId.isPresent()) {
            throw new ApiKeyNotFoundException();
        }
        ApiKey apiKey = (ApiKey) forId.get();
        if (apiKey.isRevoked()) {
            return false;
        }
        apiKey.setRevoked(true);
        apiKeyDao.update(apiKey);
        this.auditLogger.log(ApiKeyAuditLogEvent.DELETED, apiKey, ApiKeyProductMetricsLogger.DELETE_API_KEY_SUFFIX);
        return true;
    }

    public boolean checkAliasUnique(Long l, String str) {
        return getApiKeyDao().isAliasUnique(l, sanitizeAlias(str));
    }

    public List<ApiKeyEntity> getActiveTokens() {
        return getTokens(true);
    }

    public List<ApiKeyEntity> getInactiveTokens() {
        return getTokens(false);
    }

    public List<ApiKeyEntity> getAllTokens() {
        ApiKeyDao apiKeyDao = getApiKeyDao();
        apiKeyDao.getClass();
        return getTokens(apiKeyDao::findAll);
    }

    public ApiKeyEntity getToken(ApiKeyOwner apiKeyOwner, String str) throws ApiKeyNotFoundException {
        Optional forOwner = getApiKeyDao().getForOwner(apiKeyOwner, str);
        if (forOwner.isPresent()) {
            return (ApiKeyEntity) forOwner.get();
        }
        throw new ApiKeyNotFoundException();
    }

    private List<ApiKeyEntity> getTokens(boolean z) {
        return getTokens(() -> {
            return getApiKeyDao().findAllWithActive(z);
        });
    }

    private List<ApiKeyEntity> getTokens(Supplier<List<ApiKey>> supplier) {
        try {
            return castToEntity(supplier.get());
        } catch (InvalidUserException e) {
            return Collections.emptyList();
        }
    }

    private List<ApiKeyEntity> castToEntity(List<ApiKey> list) {
        return (List) list.stream().map(apiKey -> {
            return apiKey;
        }).collect(Collectors.toList());
    }

    private Optional<ApiKey> getApiKey(String str) {
        return getApiKeyDao().getForUuid(str);
    }

    private boolean setApiKey(long j, boolean z) throws ApiKeyNotFoundException {
        ApiKeyDao apiKeyDao = getApiKeyDao();
        Optional forId = apiKeyDao.getForId(Long.valueOf(j));
        if (!forId.isPresent()) {
            throw new ApiKeyNotFoundException();
        }
        ApiKey apiKey = (ApiKey) forId.get();
        if (apiKey.isActive() == z) {
            return false;
        }
        apiKey.setActive(z);
        apiKeyDao.update(apiKey);
        this.auditLogger.log(z ? ApiKeyAuditLogEvent.REACTIVATED : ApiKeyAuditLogEvent.DEACTIVATED, apiKey, z ? ApiKeyProductMetricsLogger.REACTIVATE_API_KEY_SUFFIX : ApiKeyProductMetricsLogger.DEACTIVATE_API_KEY_SUFFIX);
        return true;
    }

    private ApiKeyDao getApiKeyDao() {
        return this.apiKeyDaoProvider.getDao();
    }

    private String decodeToken(String str) throws ApiKeyTokenVerifyException {
        try {
            return this.apiKeyTokenizer.verify(str);
        } catch (InvalidSignatureException | InvalidTokenException e) {
            throw new ApiKeyTokenVerifyException(e);
        }
    }

    private String encodeApiKeyId(String str) throws ApiKeyTokenSignException {
        try {
            return this.apiKeyTokenizer.create(str);
        } catch (InvalidSignatureException | InvalidTokenException e) {
            throw new ApiKeyTokenSignException(e);
        }
    }

    private void ensureValidAliasFormat(String str) throws ApiKeyAliasFormatException {
        if (StringUtils.isBlank(str)) {
            throw new ApiKeyAliasFormatException();
        }
        if (str.length() > 255) {
            throw new ApiKeyAliasFormatException();
        }
    }

    private String sanitizeAlias(String str) {
        return str.trim();
    }
}
