package io.hops.hopsworks.common.user.security.apiKey;

import io.hops.hopsworks.common.dao.user.security.apiKey.ApiKeyFacade;
import io.hops.hopsworks.common.dao.user.security.apiKey.ApiKeyScopeFacade;
import io.hops.hopsworks.common.dao.user.security.ua.UserAccountsEmailMessages;
import io.hops.hopsworks.common.security.utils.Secret;
import io.hops.hopsworks.common.security.utils.SecurityUtils;
import io.hops.hopsworks.common.util.EmailBean;
import io.hops.hopsworks.exceptions.ApiKeyException;
import io.hops.hopsworks.exceptions.UserException;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiKey;
import io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiKeyScope;
import io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope;
import io.hops.hopsworks.restutils.RESTCodes;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.mail.Message;
import javax.mail.MessagingException;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/user/security/apiKey/ApiKeyController.class */
public class ApiKeyController {
    private static final Logger LOGGER = Logger.getLogger(ApiKeyController.class.getName());
    private static final int RETRY_KEY_CREATION = 10;

    @EJB
    private ApiKeyFacade apiKeyFacade;

    @EJB
    private ApiKeyScopeFacade apiKeyScopeFacade;

    @EJB
    private SecurityUtils securityUtils;

    @EJB
    private EmailBean emailBean;

    @Inject
    @Any
    private Instance<ApiKeyHandler> apiKeyHandlers;

    public String createNewKey(Users users, String str, Set<ApiScope> set, Boolean bool) throws UserException, ApiKeyException {
        if (users == null) {
            throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE);
        }
        if (str == null || str.isEmpty()) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_NOT_SPECIFIED, Level.FINE);
        }
        if (str.length() > 45) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_NOT_VALID, Level.FINE);
        }
        if (set == null || set.isEmpty()) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_SCOPE_NOT_SPECIFIED, Level.FINE);
        }
        if (this.apiKeyFacade.findByUserAndName(users, str) != null) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_EXIST, Level.FINE);
        }
        Secret generateApiKey = generateApiKey();
        Date date = new Date();
        ApiKey apiKey = new ApiKey(users, generateApiKey.getPrefix(), generateApiKey.getSha256HexDigest(), generateApiKey.getSalt(), date, date, str, bool);
        apiKey.setApiKeyScopeCollection(getKeyScopes(set, apiKey));
        this.apiKeyFacade.save(apiKey);
        ApiKeyHandler.runApiKeyCreateHandlers(this.apiKeyHandlers, apiKey);
        sendCreatedEmail(users, str, date, set);
        return generateApiKey.getPrefixPlusSecret();
    }

    private Secret generateApiKey() throws ApiKeyException {
        Secret secret;
        int i = RETRY_KEY_CREATION;
        Secret generateSecret = this.securityUtils.generateSecret();
        while (true) {
            secret = generateSecret;
            if (this.apiKeyFacade.findByPrefix(secret.getPrefix()) != null || !secret.validateSize()) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                generateSecret = this.securityUtils.generateSecret();
            } else {
                break;
            }
        }
        if (i < 1) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NOT_CREATED, Level.SEVERE, "Failed to generate unique key prefix after 10 retries.");
        }
        return secret;
    }

    private List<ApiKeyScope> getKeyScopes(Set<ApiScope> set, ApiKey apiKey) {
        ArrayList arrayList = new ArrayList();
        Iterator<ApiScope> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(new ApiKeyScope(it.next(), apiKey));
        }
        return arrayList;
    }

    public Set<ApiScope> getScopes(ApiKey apiKey) {
        HashSet hashSet = new HashSet();
        Iterator it = apiKey.getApiKeyScopeCollection().iterator();
        while (it.hasNext()) {
            hashSet.add(((ApiKeyScope) it.next()).getScope());
        }
        return hashSet;
    }

    public ApiKey getApiKey(String str) throws ApiKeyException {
        String[] split = str.split(Secret.KEY_ID_SEPARATOR_REGEX);
        if (split.length < 2) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_INVALID, Level.FINE);
        }
        ApiKey findByPrefix = this.apiKeyFacade.findByPrefix(split[0]);
        if (findByPrefix == null) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NOT_FOUND_IN_DATABASE, Level.FINE);
        }
        if (new Secret(split[0], split[1], findByPrefix.getSalt()).getSha256HexDigest().equals(findByPrefix.getSecret())) {
            return findByPrefix;
        }
        throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_INVALID, Level.FINE);
    }

    public List<ApiKey> getKeys(Users users) {
        return this.apiKeyFacade.findByUser(users);
    }

    public void deleteKey(Users users, String str) throws ApiKeyException {
        ApiKey findByUserAndName = this.apiKeyFacade.findByUserAndName(users, str);
        if (findByUserAndName == null) {
            return;
        }
        ApiKeyHandler.runApiKeyDeleteHandlers(this.apiKeyHandlers, findByUserAndName);
        this.apiKeyFacade.remove(findByUserAndName);
        sendDeletedEmail(users, str);
    }

    public void deleteAll(Users users) throws ApiKeyException {
        for (ApiKey apiKey : this.apiKeyFacade.findByUser(users)) {
            ApiKeyHandler.runApiKeyDeleteHandlers(this.apiKeyHandlers, apiKey);
            this.apiKeyFacade.remove(apiKey);
        }
        sendDeletedAllEmail(users);
    }

    public ApiKey addScope(Users users, String str, Set<ApiScope> set) throws ApiKeyException {
        ApiKey validate = validate(users, str, set);
        set.removeAll(toApiScope(validate.getApiKeyScopeCollection()));
        if (!set.isEmpty()) {
            validate.getApiKeyScopeCollection().addAll(getKeyScopes(set, validate));
            validate.setModified(new Date());
            validate = this.apiKeyFacade.update(validate);
            ApiKeyHandler.runApiKeyCreateHandlers(this.apiKeyHandlers, validate);
        }
        return validate;
    }

    public ApiKey removeScope(Users users, String str, Set<ApiScope> set) throws ApiKeyException {
        ApiKey validate = validate(users, str, set);
        Collection apiKeyScopeCollection = validate.getApiKeyScopeCollection();
        ArrayList arrayList = new ArrayList();
        for (ApiScope apiScope : set) {
            Iterator it = apiKeyScopeCollection.iterator();
            while (true) {
                if (it.hasNext()) {
                    ApiKeyScope apiKeyScope = (ApiKeyScope) it.next();
                    if (apiKeyScope.getScope().equals(apiScope)) {
                        arrayList.add(apiKeyScope);
                        break;
                    }
                }
            }
        }
        boolean removeAll = validate.getApiKeyScopeCollection().removeAll(arrayList);
        if (removeAll && !validate.getApiKeyScopeCollection().isEmpty()) {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                this.apiKeyScopeFacade.remove((ApiKeyScope) it2.next());
            }
            validate.setModified(new Date());
            validate = this.apiKeyFacade.update(validate);
            ApiKeyHandler.runApiKeyDeleteHandlers(this.apiKeyHandlers, validate, arrayList);
        } else if (removeAll && validate.getApiKeyScopeCollection().isEmpty()) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_SCOPE_EMPTY, Level.FINE);
        }
        return validate;
    }

    public ApiKey update(Users users, String str, Set<ApiScope> set) throws ApiKeyException {
        ApiKey validate = validate(users, str, set);
        Collection apiKeyScopeCollection = validate.getApiKeyScopeCollection();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        boolean z = false;
        for (ApiScope apiScope : set) {
            boolean z2 = false;
            Iterator it = apiKeyScopeCollection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ApiKeyScope apiKeyScope = (ApiKeyScope) it.next();
                if (apiKeyScope.getScope().equals(apiScope)) {
                    arrayList.add(apiKeyScope);
                    z2 = true;
                    break;
                }
            }
            if (!z2) {
                z = true;
                arrayList2.add(new ApiKeyScope(apiScope, validate));
            }
        }
        boolean z3 = false;
        apiKeyScopeCollection.removeAll(arrayList);
        if (!apiKeyScopeCollection.isEmpty()) {
            Iterator it2 = apiKeyScopeCollection.iterator();
            while (it2.hasNext()) {
                this.apiKeyScopeFacade.remove((ApiKeyScope) it2.next());
            }
            z3 = true;
        }
        if (z) {
            arrayList.addAll(arrayList2);
            z3 = true;
        }
        if (z3) {
            ArrayList arrayList3 = new ArrayList(apiKeyScopeCollection);
            validate.setApiKeyScopeCollection(arrayList);
            validate.setModified(new Date());
            validate = this.apiKeyFacade.update(validate);
            ApiKeyHandler.runApiKeyCreateHandlers(this.apiKeyHandlers, validate, arrayList2);
            ApiKeyHandler.runApiKeyDeleteHandlers(this.apiKeyHandlers, validate, arrayList3);
        }
        return validate;
    }

    private Set<ApiScope> toApiScope(Collection<ApiKeyScope> collection) {
        HashSet hashSet = new HashSet();
        Iterator<ApiKeyScope> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getScope());
        }
        return hashSet;
    }

    private ApiKey validate(Users users, String str, Set<ApiScope> set) throws ApiKeyException {
        ApiKey findByUserAndName = this.apiKeyFacade.findByUserAndName(users, str);
        if (findByUserAndName == null) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NOT_FOUND, Level.FINE);
        }
        if (set == null || set.isEmpty()) {
            throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_SCOPE_NOT_SPECIFIED, Level.FINE);
        }
        return findByUserAndName;
    }

    private void sendCreatedEmail(Users users, String str, Date date, Set<ApiScope> set) {
        sendEmail(users, UserAccountsEmailMessages.API_KEY_CREATED_SUBJECT, UserAccountsEmailMessages.buildApiKeyCreatedMessage(str, date, users.getEmail(), set));
    }

    private void sendDeletedEmail(Users users, String str) {
        sendEmail(users, UserAccountsEmailMessages.API_KEY_DELETED_SUBJECT, UserAccountsEmailMessages.buildApiKeyDeletedMessage(str, new Date(), users.getEmail()));
    }

    private void sendDeletedAllEmail(Users users) {
        sendEmail(users, UserAccountsEmailMessages.API_KEY_DELETED_SUBJECT, UserAccountsEmailMessages.buildApiKeyDeletedAllMessage(new Date(), users.getEmail()));
    }

    private void sendEmail(Users users, String str, String str2) {
        if (users == null) {
            throw new IllegalArgumentException("User not set.");
        }
        try {
            this.emailBean.sendEmail(users.getEmail(), Message.RecipientType.TO, str, str2);
        } catch (MessagingException e) {
            LOGGER.log(Level.WARNING, "Failed to send api key creation verification email. {0}", e.getMessage());
        }
    }
}
