package io.continual.flowcontrol.impl.jobdb.model;

import io.continual.builder.Builder;
import io.continual.flowcontrol.FlowControlCallContext;
import io.continual.flowcontrol.impl.jobdb.common.JsonJob;
import io.continual.flowcontrol.jobapi.FlowControlJob;
import io.continual.flowcontrol.jobapi.FlowControlJobDb;
import io.continual.iam.access.AccessControlEntry;
import io.continual.iam.access.AccessControlList;
import io.continual.iam.access.AccessException;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.Identity;
import io.continual.iam.impl.common.CommonJsonDb;
import io.continual.iam.impl.common.CommonJsonIdentity;
import io.continual.services.ServiceContainer;
import io.continual.services.SimpleService;
import io.continual.services.model.core.Model;
import io.continual.services.model.core.ModelPathList;
import io.continual.services.model.core.ModelRequestContext;
import io.continual.services.model.core.data.BasicModelObject;
import io.continual.services.model.core.data.JsonModelObject;
import io.continual.services.model.core.exceptions.ModelItemDoesNotExistException;
import io.continual.services.model.core.exceptions.ModelRequestException;
import io.continual.services.model.core.exceptions.ModelServiceException;
import io.continual.util.data.TypeConvertor;
import io.continual.util.naming.Name;
import io.continual.util.naming.Path;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONObject;

/* loaded from: input_file:io/continual/flowcontrol/impl/jobdb/model/ModelJobDb.class */
public class ModelJobDb extends SimpleService implements FlowControlJobDb {
    private final Model fModel;
    private final Identity fModelUser = new CommonJsonIdentity("flowControlUser", CommonJsonIdentity.initializeIdentity(), (CommonJsonDb) null);
    private final Enc fEnc;
    private static final byte[] kFixmeSalt = "salty".getBytes(StandardCharsets.UTF_8);

    /* loaded from: input_file:io/continual/flowcontrol/impl/jobdb/model/ModelJobDb$Enc.class */
    static class Enc implements JsonJob.Encryptor {
        private final String fEncKey;
        private final Cipher fCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        private final SecretKeySpec fSec;

        public Enc(String str) throws GeneralSecurityException {
            this.fEncKey = str;
            this.fSec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(this.fEncKey.toCharArray(), ModelJobDb.kFixmeSalt, 65536, 256)).getEncoded(), "AES");
        }

        @Override // io.continual.flowcontrol.impl.jobdb.common.JsonJob.Encryptor
        public String encrypt(String str) throws GeneralSecurityException {
            this.fCipher.init(1, this.fSec);
            return TypeConvertor.base64Encode(this.fCipher.doFinal(str.getBytes(StandardCharsets.UTF_8))) + ":" + TypeConvertor.base64Encode(((IvParameterSpec) this.fCipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV());
        }

        @Override // io.continual.flowcontrol.impl.jobdb.common.JsonJob.Encryptor
        public String decrypt(String str) throws GeneralSecurityException {
            String[] split = str.split(":");
            if (split.length != 2) {
                throw new GeneralSecurityException("Unexpected encrypted text format.");
            }
            byte[] base64Decode = TypeConvertor.base64Decode(split[1]);
            byte[] base64Decode2 = TypeConvertor.base64Decode(split[0]);
            this.fCipher.init(2, this.fSec, new IvParameterSpec(base64Decode));
            return new String(this.fCipher.doFinal(base64Decode2), StandardCharsets.UTF_8);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/continual/flowcontrol/impl/jobdb/model/ModelJobDb$ModelFcJob.class */
    public class ModelFcJob extends JsonJob {
        public ModelFcJob(ModelFcJobBuilder modelFcJobBuilder) {
            super(modelFcJobBuilder.fName, ModelJobDb.this.fEnc);
        }

        public ModelFcJob(String str, BasicModelObject basicModelObject) {
            super(str, ModelJobDb.this.fEnc, JsonModelObject.modelObjectToJson(basicModelObject.getData()));
        }
    }

    /* loaded from: input_file:io/continual/flowcontrol/impl/jobdb/model/ModelJobDb$ModelFcJobBuilder.class */
    private class ModelFcJobBuilder implements FlowControlJobDb.Builder {
        private final FlowControlCallContext fCtx;
        private String fName;
        private String fOwner;
        private LinkedList<AccessControlEntry> fAces = new LinkedList<>();

        public ModelFcJobBuilder(FlowControlCallContext flowControlCallContext) {
            this.fCtx = flowControlCallContext;
            withAccess("~owner~", "read", "update", "delete");
        }

        @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb.Builder
        public FlowControlJobDb.Builder withName(String str) {
            this.fName = str;
            return this;
        }

        @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb.Builder
        public FlowControlJobDb.Builder withOwner(String str) {
            this.fOwner = str;
            return this;
        }

        @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb.Builder
        public FlowControlJobDb.Builder withAccess(String str, String... strArr) {
            this.fAces.add(AccessControlEntry.builder().permit().forSubject(str).operations(strArr).build());
            return this;
        }

        @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb.Builder
        public FlowControlJob build() throws FlowControlJobDb.RequestException, FlowControlJobDb.ServiceException, AccessException {
            if (this.fName == null || this.fName.length() == 0) {
                throw new FlowControlJobDb.RequestException("Name is not set.");
            }
            if (ModelJobDb.this.getJob(this.fCtx, this.fName) != null) {
                throw new FlowControlJobDb.RequestException("Job " + this.fName + " already exists.");
            }
            try {
                ModelRequestContext buildContext = ModelJobDb.this.buildContext();
                ModelFcJob modelFcJob = new ModelFcJob(this);
                AccessControlList accessControlList = modelFcJob.getAccessControlList();
                accessControlList.setOwner(this.fOwner).clear();
                Iterator<AccessControlEntry> it = this.fAces.iterator();
                while (it.hasNext()) {
                    accessControlList.addAclEntry(it.next());
                }
                ModelJobDb.this.internalStoreJob(buildContext, modelFcJob);
                return ModelJobDb.this.internalLoadJob(buildContext, this.fName);
            } catch (Builder.BuildFailure e) {
                throw new FlowControlJobDb.ServiceException((Throwable) e);
            }
        }
    }

    public ModelJobDb(ServiceContainer serviceContainer, JSONObject jSONObject) throws Builder.BuildFailure {
        this.fModel = (Model) Builder.fromJson(Model.class, jSONObject.getJSONObject("model"), serviceContainer);
        try {
            this.fEnc = new Enc(jSONObject.getString("secretEncryptKey"));
        } catch (GeneralSecurityException e) {
            throw new Builder.BuildFailure(e);
        }
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public FlowControlJobDb.Builder createJob(FlowControlCallContext flowControlCallContext) {
        return new ModelFcJobBuilder(flowControlCallContext);
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public Collection<FlowControlJob> getJobsFor(FlowControlCallContext flowControlCallContext) throws FlowControlJobDb.ServiceException {
        try {
            ModelRequestContext buildContext = buildContext();
            ModelPathList listChildrenOfPath = this.fModel.listChildrenOfPath(buildContext, getBaseJobPath());
            LinkedList linkedList = new LinkedList();
            if (listChildrenOfPath != null) {
                Iterator it = listChildrenOfPath.iterator();
                while (it.hasNext()) {
                    try {
                        FlowControlJob internalLoadJob = internalLoadJob(buildContext, ((Path) it.next()).getItemName().toString());
                        if (internalLoadJob != null && internalLoadJob.getAccessControlList().canUser(flowControlCallContext.getUser(), "read")) {
                            linkedList.add(internalLoadJob);
                        }
                    } catch (IamSvcException e) {
                        throw new FlowControlJobDb.ServiceException((Throwable) e);
                    }
                }
            }
            return linkedList;
        } catch (Builder.BuildFailure | ModelServiceException | ModelRequestException e2) {
            throw new FlowControlJobDb.ServiceException((Throwable) e2);
        }
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public FlowControlJob getJob(FlowControlCallContext flowControlCallContext, String str) throws FlowControlJobDb.ServiceException, AccessException {
        try {
            FlowControlJob internalLoadJob = internalLoadJob(buildContext(), str);
            checkAccess(internalLoadJob, flowControlCallContext, "read");
            return internalLoadJob;
        } catch (Builder.BuildFailure e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public FlowControlJob getJobAsAdmin(String str) throws FlowControlJobDb.ServiceException {
        try {
            return internalLoadJob(buildContext(), str);
        } catch (Builder.BuildFailure e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public void storeJob(FlowControlCallContext flowControlCallContext, String str, FlowControlJob flowControlJob) throws FlowControlJobDb.ServiceException, AccessException {
        try {
            ModelRequestContext buildContext = buildContext();
            checkAccess(internalLoadJob(buildContext, str), flowControlCallContext, "update");
            internalStoreJob(buildContext, flowControlJob);
        } catch (Builder.BuildFailure e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    @Override // io.continual.flowcontrol.jobapi.FlowControlJobDb
    public void removeJob(FlowControlCallContext flowControlCallContext, String str) throws FlowControlJobDb.ServiceException, AccessException {
        try {
            ModelRequestContext buildContext = buildContext();
            checkAccess(internalLoadJob(buildContext, str), flowControlCallContext, "update");
            this.fModel.remove(buildContext, jobNameToPath(str));
        } catch (Builder.BuildFailure | ModelRequestException | ModelServiceException e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public FlowControlJob internalLoadJob(ModelRequestContext modelRequestContext, String str) throws FlowControlJobDb.ServiceException {
        try {
            return new ModelFcJob(str, this.fModel.load(modelRequestContext, jobNameToPath(str)));
        } catch (ModelServiceException | ModelRequestException e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        } catch (ModelItemDoesNotExistException e2) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public FlowControlJob internalStoreJob(ModelRequestContext modelRequestContext, FlowControlJob flowControlJob) throws FlowControlJobDb.ServiceException {
        try {
            String name = flowControlJob.getName();
            this.fModel.createUpdate(modelRequestContext, jobNameToPath(name)).overwrite(new JsonModelObject(((ModelFcJob) flowControlJob).toJson())).execute();
            return internalLoadJob(modelRequestContext, name);
        } catch (ModelRequestException | ModelServiceException e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    private static Path getBaseJobPath() {
        return Path.fromString("/jobs");
    }

    private static Path jobNameToPath(String str) {
        return getBaseJobPath().makeChildItem(Name.fromString(str));
    }

    private void checkAccess(FlowControlJob flowControlJob, FlowControlCallContext flowControlCallContext, String str) throws AccessException, FlowControlJobDb.ServiceException {
        if (flowControlJob == null) {
            return;
        }
        try {
            if (flowControlJob.getAccessControlList().canUser(flowControlCallContext.getUser(), str)) {
            } else {
                throw new AccessException(flowControlCallContext.getUser() + " may not " + str + " job " + flowControlJob.getId() + ".");
            }
        } catch (IamSvcException e) {
            throw new FlowControlJobDb.ServiceException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ModelRequestContext buildContext() throws Builder.BuildFailure {
        return this.fModel.getRequestContextBuilder().forUser(this.fModelUser).build();
    }
}
