package net.bluemind.authentication.service;

import com.google.common.hash.Hashing;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.UUID;
import net.bluemind.authentication.api.APIKey;
import net.bluemind.authentication.api.IAPIKeys;
import net.bluemind.authentication.repository.IAPIKeyStore;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.DataLocation;
import net.bluemind.core.container.model.Item;
import net.bluemind.core.container.model.ItemFlag;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.tx.wrapper.TxEnabler;
import net.bluemind.directory.api.ReservedIds;
import net.bluemind.repository.provider.RepositoryProvider;
import net.bluemind.tx.outbox.api.ITxOutbox;

/* loaded from: input_file:net/bluemind/authentication/service/APIKeysService.class */
public class APIKeysService implements IAPIKeys {
    private static final String INVALID_SECURITY_CONTEXT = "Invalid securityContext";
    private final IAPIKeyStore store;
    private final SecurityContext context;
    private final RBACManager rbac;
    private ITxOutbox outbox;

    public APIKeysService(BmContext bmContext) {
        this.store = (IAPIKeyStore) RepositoryProvider.instance(IAPIKeyStore.class, bmContext);
        this.context = bmContext.getSecurityContext();
        this.rbac = new RBACManager(bmContext);
        this.outbox = (ITxOutbox) bmContext.su().provider().instance(ITxOutbox.class, new String[]{"global.virt", "system", "apikeys", "apikeys", DataLocation.directory().serverUid()});
    }

    public APIKey store(String str, String str2) throws ServerFault {
        if (this.context.isAnonymous()) {
            throw new ServerFault(INVALID_SECURITY_CONTEXT, ErrorCode.PERMISSION_DENIED);
        }
        if (str2 == null || str2.trim().isEmpty()) {
            throw new ServerFault("API key display name cannot be empty");
        }
        APIKey aPIKey = new APIKey();
        aPIKey.sid = str;
        aPIKey.displayName = str2;
        aPIKey.subject = this.context.getSubject();
        aPIKey.domainUid = this.context.getContainerUid();
        TxEnabler.atomically(() -> {
            this.store.create(aPIKey);
            this.outbox.forKafka(ItemValue.create(item(aPIKey.sid), aPIKey), (ReservedIds) null, false);
        });
        return this.store.get(aPIKey.sid);
    }

    private Item item(String str) {
        String str2 = this.context.getSubject() + "-" + str;
        return Item.create(str2, Hashing.sipHash24().hashString(str2, StandardCharsets.US_ASCII).asLong(), ItemFlag.Seen, new ItemFlag[0]);
    }

    public APIKey create(String str) throws ServerFault {
        return store(UUID.randomUUID().toString(), str);
    }

    public void delete(String str) throws ServerFault {
        if (this.context.isAnonymous()) {
            throw new ServerFault(INVALID_SECURITY_CONTEXT, ErrorCode.PERMISSION_DENIED);
        }
        TxEnabler.atomically(() -> {
            this.store.delete(str);
            this.outbox.forKafka(ItemValue.create(item(str), new APIKey()), (ReservedIds) null, true);
        });
    }

    public List<APIKey> list() throws ServerFault {
        if (this.context.isAnonymous()) {
            throw new ServerFault(INVALID_SECURITY_CONTEXT, ErrorCode.PERMISSION_DENIED);
        }
        return this.store.list();
    }

    public List<APIKey> listAll() throws ServerFault {
        this.rbac.check(new String[]{"admin"});
        return this.store.listAll();
    }

    public APIKey get(String str) throws ServerFault {
        return this.store.get(str);
    }
}
