package keywhiz.service.daos;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Optional;
import java.util.Set;
import keywhiz.api.model.Client;
import keywhiz.api.model.Group;
import keywhiz.api.model.SanitizedSecret;
import keywhiz.api.model.Secret;
import keywhiz.api.model.SecretContent;
import keywhiz.api.model.SecretSeries;
import keywhiz.api.model.SecretSeriesAndContent;
import org.skife.jdbi.v2.sqlobject.Bind;
import org.skife.jdbi.v2.sqlobject.BindBean;
import org.skife.jdbi.v2.sqlobject.CreateSqlObject;
import org.skife.jdbi.v2.sqlobject.SqlQuery;
import org.skife.jdbi.v2.sqlobject.SqlUpdate;
import org.skife.jdbi.v2.sqlobject.Transaction;
import org.skife.jdbi.v2.sqlobject.customizers.RegisterMapper;
import org.skife.jdbi.v2.sqlobject.customizers.SingleValueResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterMapper({SecretSeriesMapper.class, GroupMapper.class, ClientMapper.class})
/* loaded from: input_file:keywhiz/service/daos/AclDAO.class */
public abstract class AclDAO {
    private static final Logger logger = LoggerFactory.getLogger(AclDAO.class);

    @CreateSqlObject
    protected abstract ClientDAO createClientDAO();

    @CreateSqlObject
    protected abstract GroupDAO createGroupDAO();

    @CreateSqlObject
    protected abstract SecretContentDAO createSecretContentDAO();

    @CreateSqlObject
    protected abstract SecretSeriesDAO createSecretSeriesDAO();

    @Transaction
    public void findAndAllowAccess(long j, long j2) {
        if (!createGroupDAO().getGroupById(j2).isPresent()) {
            logger.info("Failure to allow access groupId {}, secretId {}: groupId not found.", Long.valueOf(j2), Long.valueOf(j));
            throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
        }
        if (createSecretSeriesDAO().getSecretSeriesById(j).isPresent()) {
            allowAccess(j, j2);
        } else {
            logger.info("Failure to allow access groupId {}, secretId {}: secretId not found.", Long.valueOf(j2), Long.valueOf(j));
            throw new IllegalStateException(String.format("SecretId %d doesn't exist.", Long.valueOf(j)));
        }
    }

    @Transaction
    public void findAndRevokeAccess(long j, long j2) {
        if (!createGroupDAO().getGroupById(j2).isPresent()) {
            logger.info("Failure to revoke access groupId {}, secretId {}: groupId not found.", Long.valueOf(j2), Long.valueOf(j));
            throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
        }
        if (createSecretSeriesDAO().getSecretSeriesById(j).isPresent()) {
            revokeAccess(j, j2);
        } else {
            logger.info("Failure to revoke access groupId {}, secretId {}: secretId not found.", Long.valueOf(j2), Long.valueOf(j));
            throw new IllegalStateException(String.format("SecretId %d doesn't exist.", Long.valueOf(j)));
        }
    }

    @Transaction
    public void findAndEnrollClient(long j, long j2) {
        if (!createClientDAO().getClientById(j).isPresent()) {
            logger.info("Failure to enroll membership clientId {}, groupId {}: clientId not found.", Long.valueOf(j), Long.valueOf(j2));
            throw new IllegalStateException(String.format("ClientId %d doesn't exist.", Long.valueOf(j)));
        }
        if (createGroupDAO().getGroupById(j2).isPresent()) {
            enrollClient(j, j2);
        } else {
            logger.info("Failure to enroll membership clientId {}, groupId {}: groupId not found.", Long.valueOf(j), Long.valueOf(j2));
            throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
        }
    }

    @Transaction
    public void findAndEvictClient(long j, long j2) {
        if (!createClientDAO().getClientById(j).isPresent()) {
            logger.info("Failure to evict membership clientId {}, groupId {}: clientId not found.", Long.valueOf(j), Long.valueOf(j2));
            throw new IllegalStateException(String.format("ClientId %d doesn't exist.", Long.valueOf(j)));
        }
        if (createGroupDAO().getGroupById(j2).isPresent()) {
            evictClient(j, j2);
        } else {
            logger.info("Failure to evict membership clientId {}, groupId {}: groupId not found.", Long.valueOf(j), Long.valueOf(j2));
            throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
        }
    }

    public ImmutableSet<SanitizedSecret> getSanitizedSecretsFor(Group group) {
        Preconditions.checkNotNull(group);
        ImmutableSet.Builder builder = ImmutableSet.builder();
        SecretContentDAO createSecretContentDAO = createSecretContentDAO();
        UnmodifiableIterator<SecretSeries> it = getSecretSeriesFor(group).iterator();
        while (it.hasNext()) {
            SecretSeries next = it.next();
            UnmodifiableIterator<SecretContent> it2 = createSecretContentDAO.getSecretContentsBySecretId(next.getId()).iterator();
            while (it2.hasNext()) {
                builder.add((ImmutableSet.Builder) SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(next, it2.next())));
            }
        }
        return builder.build();
    }

    @SqlQuery("SELECT groups.id, groups.name, groups.description, groups.createdAt, groups.createdBy, groups.updatedAt, groups.updatedBy FROM groups JOIN accessGrants ON groups.id = accessGrants.groupId JOIN secrets ON accessGrants.secretId = secrets.id WHERE secrets.name = :name")
    public abstract Set<Group> getGroupsFor(@BindSecret Secret secret);

    @SqlQuery("SELECT groups.id, groups.name, groups.description, groups.createdAt, groups.createdBy, groups.updatedAt, groups.updatedBy FROM groups JOIN memberships ON groups.id = memberships.groupId JOIN clients ON clients.id = memberships.clientId WHERE clients.name = :name")
    public abstract Set<Group> getGroupsFor(@BindBean Client client);

    @SqlQuery("SELECT clients.id, clients.name, clients.description, clients.createdAt, clients.createdBy, clients.updatedAt, clients.updatedBy, clients.enabled, clients.automationAllowed FROM clients JOIN memberships ON clients.id = memberships.clientId JOIN groups ON groups.id = memberships.groupId WHERE groups.name = :name")
    public abstract Set<Client> getClientsFor(@BindBean Group group);

    @Transaction
    public ImmutableSet<SanitizedSecret> getSanitizedSecretsFor(Client client) {
        Preconditions.checkNotNull(client);
        ImmutableSet.Builder builder = ImmutableSet.builder();
        SecretContentDAO createSecretContentDAO = createSecretContentDAO();
        UnmodifiableIterator<SecretSeries> it = getSecretSeriesFor(client).iterator();
        while (it.hasNext()) {
            SecretSeries next = it.next();
            UnmodifiableIterator<SecretContent> it2 = createSecretContentDAO.getSecretContentsBySecretId(next.getId()).iterator();
            while (it2.hasNext()) {
                builder.add((ImmutableSet.Builder) SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(next, it2.next())));
            }
        }
        return builder.build();
    }

    @SqlQuery("SELECT clients.id, clients.name, clients.description, clients.createdAt, clients.createdBy, clients.updatedAt, clients.updatedBy, clients.enabled, clients.automationAllowed FROM clients JOIN memberships ON clients.id = memberships.clientId JOIN accessGrants ON memberships.groupId = accessGrants.groupId JOIN secrets ON secrets.id = accessGrants.secretId WHERE secrets.name = :name")
    public abstract Set<Client> getClientsFor(@BindSecret Secret secret);

    @Transaction
    public Optional<SanitizedSecret> getSanitizedSecretFor(Client client, String str, String str2) {
        Preconditions.checkNotNull(client);
        Preconditions.checkArgument(!str.isEmpty());
        Preconditions.checkNotNull(str2);
        Optional<SecretSeries> secretSeriesFor = getSecretSeriesFor(client, str);
        if (!secretSeriesFor.isPresent()) {
            return Optional.empty();
        }
        Optional<SecretContent> secretContentBySecretIdAndVersion = createSecretContentDAO().getSecretContentBySecretIdAndVersion(secretSeriesFor.get().getId(), str2);
        return !secretContentBySecretIdAndVersion.isPresent() ? Optional.empty() : Optional.of(SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(secretSeriesFor.get(), secretContentBySecretIdAndVersion.get())));
    }

    @SqlUpdate("INSERT INTO accessGrants (secretId, groupId) VALUES (:secretId, :groupId)")
    protected abstract void allowAccess(@Bind("secretId") long j, @Bind("groupId") long j2);

    @SqlUpdate("DELETE FROM accessGrants WHERE secretId = :secretId AND groupId = :groupId")
    protected abstract void revokeAccess(@Bind("secretId") long j, @Bind("groupId") long j2);

    @SqlUpdate("INSERT INTO memberships (groupId, clientId) VALUES (:groupId, :clientId)")
    protected abstract void enrollClient(@Bind("clientId") long j, @Bind("groupId") long j2);

    @SqlUpdate("DELETE FROM memberships WHERE clientId = :clientId AND groupId = :groupId")
    protected abstract void evictClient(@Bind("clientId") long j, @Bind("groupId") long j2);

    @SqlQuery("SELECT secrets.id, secrets.name, secrets.description, secrets.createdAt, secrets.createdBy, secrets.updatedAt, secrets.updatedBy, secrets.type, secrets.options FROM secrets JOIN accessGrants ON secrets.id = accessGrants.secretId JOIN groups ON groups.id = accessGrants.groupId WHERE groups.name = :name")
    protected abstract ImmutableSet<SecretSeries> getSecretSeriesFor(@BindBean Group group);

    @SqlQuery("SELECT secrets.id, secrets.name, secrets.description, secrets.createdAt, secrets.createdBy, secrets.updatedAt, secrets.updatedBy, secrets.type, secrets.options FROM secrets JOIN accessGrants ON secrets.id = accessGrants.secretId JOIN memberships ON accessGrants.groupId = memberships.groupId JOIN clients ON clients.id = memberships.clientId WHERE clients.name = :name")
    protected abstract ImmutableSet<SecretSeries> getSecretSeriesFor(@BindBean Client client);

    @SqlQuery("SELECT secrets.id, secrets.name, secrets.description, secrets.createdAt, secrets.createdBy, secrets.updatedAt, secrets.updatedBy, secrets.type, secrets.options FROM secrets JOIN secrets_content on secrets.id = secrets_content.secretId JOIN accessGrants ON secrets.id = accessGrants.secretId JOIN memberships ON accessGrants.groupId = memberships.groupId JOIN clients ON clients.id = memberships.clientId WHERE secrets.name = :name AND clients.name = :c.name")
    @SingleValueResult(SecretSeries.class)
    protected abstract Optional<SecretSeries> getSecretSeriesFor(@BindBean("c") Client client, @Bind("name") String str);
}
