package keywhiz.service.daos;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import keywhiz.api.model.Client;
import keywhiz.api.model.Group;
import keywhiz.api.model.SanitizedSecret;
import keywhiz.api.model.Secret;
import keywhiz.api.model.SecretContent;
import keywhiz.api.model.SecretSeries;
import keywhiz.api.model.SecretSeriesAndContent;
import keywhiz.jooq.tables.Accessgrants;
import keywhiz.jooq.tables.Clients;
import keywhiz.jooq.tables.Groups;
import keywhiz.jooq.tables.Memberships;
import keywhiz.jooq.tables.Secrets;
import keywhiz.jooq.tables.SecretsContent;
import keywhiz.service.config.Readonly;
import keywhiz.service.daos.ClientDAO;
import keywhiz.service.daos.GroupDAO;
import keywhiz.service.daos.SecretContentDAO;
import keywhiz.service.daos.SecretSeriesDAO;
import org.jooq.Condition;
import org.jooq.Configuration;
import org.jooq.DSLContext;
import org.jooq.impl.DSL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:keywhiz/service/daos/AclDAO.class */
public class AclDAO {
    private static final Logger logger = LoggerFactory.getLogger(AclDAO.class);
    private final DSLContext dslContext;
    private final ClientDAO.ClientDAOFactory clientDAOFactory;
    private final GroupDAO.GroupDAOFactory groupDAOFactory;
    private final SecretContentDAO.SecretContentDAOFactory secretContentDAOFactory;
    private final SecretSeriesDAO.SecretSeriesDAOFactory secretSeriesDAOFactory;
    private final ClientMapper clientMapper;
    private final GroupMapper groupMapper;
    private final SecretSeriesMapper secretSeriesMapper;

    /* loaded from: input_file:keywhiz/service/daos/AclDAO$AclDAOFactory.class */
    public static class AclDAOFactory implements DAOFactory<AclDAO> {
        private final DSLContext jooq;
        private final DSLContext readonlyJooq;
        private final ClientDAO.ClientDAOFactory clientDAOFactory;
        private final GroupDAO.GroupDAOFactory groupDAOFactory;
        private final SecretContentDAO.SecretContentDAOFactory secretContentDAOFactory;
        private final SecretSeriesDAO.SecretSeriesDAOFactory secretSeriesDAOFactory;
        private final ClientMapper clientMapper;
        private final GroupMapper groupMapper;
        private final SecretSeriesMapper secretSeriesMapper;

        @Inject
        public AclDAOFactory(DSLContext dSLContext, @Readonly DSLContext dSLContext2, ClientDAO.ClientDAOFactory clientDAOFactory, GroupDAO.GroupDAOFactory groupDAOFactory, SecretContentDAO.SecretContentDAOFactory secretContentDAOFactory, SecretSeriesDAO.SecretSeriesDAOFactory secretSeriesDAOFactory, ClientMapper clientMapper, GroupMapper groupMapper, SecretSeriesMapper secretSeriesMapper) {
            this.jooq = dSLContext;
            this.readonlyJooq = dSLContext2;
            this.clientDAOFactory = clientDAOFactory;
            this.groupDAOFactory = groupDAOFactory;
            this.secretContentDAOFactory = secretContentDAOFactory;
            this.secretSeriesDAOFactory = secretSeriesDAOFactory;
            this.clientMapper = clientMapper;
            this.groupMapper = groupMapper;
            this.secretSeriesMapper = secretSeriesMapper;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // keywhiz.service.daos.DAOFactory
        public AclDAO readwrite() {
            return new AclDAO(this.jooq, this.clientDAOFactory, this.groupDAOFactory, this.secretContentDAOFactory, this.secretSeriesDAOFactory, this.clientMapper, this.groupMapper, this.secretSeriesMapper);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // keywhiz.service.daos.DAOFactory
        public AclDAO readonly() {
            return new AclDAO(this.readonlyJooq, this.clientDAOFactory, this.groupDAOFactory, this.secretContentDAOFactory, this.secretSeriesDAOFactory, this.clientMapper, this.groupMapper, this.secretSeriesMapper);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // keywhiz.service.daos.DAOFactory
        public AclDAO using(Configuration configuration) {
            return new AclDAO(DSL.using((Configuration) Preconditions.checkNotNull(configuration)), this.clientDAOFactory, this.groupDAOFactory, this.secretContentDAOFactory, this.secretSeriesDAOFactory, this.clientMapper, this.groupMapper, this.secretSeriesMapper);
        }
    }

    private AclDAO(DSLContext dSLContext, ClientDAO.ClientDAOFactory clientDAOFactory, GroupDAO.GroupDAOFactory groupDAOFactory, SecretContentDAO.SecretContentDAOFactory secretContentDAOFactory, SecretSeriesDAO.SecretSeriesDAOFactory secretSeriesDAOFactory, ClientMapper clientMapper, GroupMapper groupMapper, SecretSeriesMapper secretSeriesMapper) {
        this.dslContext = dSLContext;
        this.clientDAOFactory = clientDAOFactory;
        this.groupDAOFactory = groupDAOFactory;
        this.secretContentDAOFactory = secretContentDAOFactory;
        this.secretSeriesDAOFactory = secretSeriesDAOFactory;
        this.clientMapper = clientMapper;
        this.groupMapper = groupMapper;
        this.secretSeriesMapper = secretSeriesMapper;
    }

    public void findAndAllowAccess(long j, long j2) {
        this.dslContext.transaction(configuration -> {
            GroupDAO using = this.groupDAOFactory.using(configuration);
            SecretSeriesDAO using2 = this.secretSeriesDAOFactory.using(configuration);
            if (!using.getGroupById(j2).isPresent()) {
                logger.info("Failure to allow access groupId {}, secretId {}: groupId not found.", Long.valueOf(j2), Long.valueOf(j));
                throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
            }
            if (using2.getSecretSeriesById(j).isPresent()) {
                allowAccess(configuration, j, j2);
            } else {
                logger.info("Failure to allow access groupId {}, secretId {}: secretId not found.", Long.valueOf(j2), Long.valueOf(j));
                throw new IllegalStateException(String.format("SecretId %d doesn't exist.", Long.valueOf(j)));
            }
        });
    }

    public void findAndRevokeAccess(long j, long j2) {
        this.dslContext.transaction(configuration -> {
            GroupDAO using = this.groupDAOFactory.using(configuration);
            SecretSeriesDAO using2 = this.secretSeriesDAOFactory.using(configuration);
            if (!using.getGroupById(j2).isPresent()) {
                logger.info("Failure to revoke access groupId {}, secretId {}: groupId not found.", Long.valueOf(j2), Long.valueOf(j));
                throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
            }
            if (using2.getSecretSeriesById(j).isPresent()) {
                revokeAccess(configuration, j, j2);
            } else {
                logger.info("Failure to revoke access groupId {}, secretId {}: secretId not found.", Long.valueOf(j2), Long.valueOf(j));
                throw new IllegalStateException(String.format("SecretId %d doesn't exist.", Long.valueOf(j)));
            }
        });
    }

    public void findAndEnrollClient(long j, long j2) {
        this.dslContext.transaction(configuration -> {
            ClientDAO using = this.clientDAOFactory.using(configuration);
            GroupDAO using2 = this.groupDAOFactory.using(configuration);
            if (!using.getClientById(j).isPresent()) {
                logger.info("Failure to enroll membership clientId {}, groupId {}: clientId not found.", Long.valueOf(j), Long.valueOf(j2));
                throw new IllegalStateException(String.format("ClientId %d doesn't exist.", Long.valueOf(j)));
            }
            if (using2.getGroupById(j2).isPresent()) {
                enrollClient(configuration, j, j2);
            } else {
                logger.info("Failure to enroll membership clientId {}, groupId {}: groupId not found.", Long.valueOf(j), Long.valueOf(j2));
                throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
            }
        });
    }

    public void findAndEvictClient(long j, long j2) {
        this.dslContext.transaction(configuration -> {
            ClientDAO using = this.clientDAOFactory.using(configuration);
            GroupDAO using2 = this.groupDAOFactory.using(configuration);
            if (!using.getClientById(j).isPresent()) {
                logger.info("Failure to evict membership clientId {}, groupId {}: clientId not found.", Long.valueOf(j), Long.valueOf(j2));
                throw new IllegalStateException(String.format("ClientId %d doesn't exist.", Long.valueOf(j)));
            }
            if (using2.getGroupById(j2).isPresent()) {
                evictClient(configuration, j, j2);
            } else {
                logger.info("Failure to evict membership clientId {}, groupId {}: groupId not found.", Long.valueOf(j), Long.valueOf(j2));
                throw new IllegalStateException(String.format("GroupId %d doesn't exist.", Long.valueOf(j2)));
            }
        });
    }

    public ImmutableSet<SanitizedSecret> getSanitizedSecretsFor(Group group) {
        Preconditions.checkNotNull(group);
        ImmutableSet.Builder builder = ImmutableSet.builder();
        return (ImmutableSet) this.dslContext.transactionResult(configuration -> {
            SecretContentDAO using = this.secretContentDAOFactory.using(configuration);
            UnmodifiableIterator it = getSecretSeriesFor(configuration, group).iterator();
            while (it.hasNext()) {
                SecretSeries secretSeries = (SecretSeries) it.next();
                UnmodifiableIterator it2 = using.getSecretContentsBySecretId(secretSeries.id()).iterator();
                while (it2.hasNext()) {
                    builder.add(SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(secretSeries, (SecretContent) it2.next())));
                }
            }
            return builder.build();
        });
    }

    public Set<Group> getGroupsFor(Secret secret) {
        return new HashSet(this.dslContext.select(Groups.GROUPS.fields()).from(Groups.GROUPS).join(Accessgrants.ACCESSGRANTS).on(new Condition[]{Groups.GROUPS.ID.eq(Accessgrants.ACCESSGRANTS.GROUPID)}).join(Secrets.SECRETS).on(new Condition[]{Accessgrants.ACCESSGRANTS.SECRETID.eq(Secrets.SECRETS.ID)}).where(new Condition[]{Secrets.SECRETS.NAME.eq(secret.getName())}).fetchInto(Groups.GROUPS).map(this.groupMapper));
    }

    public Set<Group> getGroupsFor(Client client) {
        return new HashSet(this.dslContext.select(Groups.GROUPS.fields()).from(Groups.GROUPS).join(Memberships.MEMBERSHIPS).on(new Condition[]{Groups.GROUPS.ID.eq(Memberships.MEMBERSHIPS.GROUPID)}).join(Clients.CLIENTS).on(new Condition[]{Clients.CLIENTS.ID.eq(Memberships.MEMBERSHIPS.CLIENTID)}).where(new Condition[]{Clients.CLIENTS.NAME.eq(client.getName())}).fetchInto(Groups.GROUPS).map(this.groupMapper));
    }

    public Set<Client> getClientsFor(Group group) {
        return new HashSet(this.dslContext.select(Clients.CLIENTS.fields()).from(Clients.CLIENTS).join(Memberships.MEMBERSHIPS).on(new Condition[]{Clients.CLIENTS.ID.eq(Memberships.MEMBERSHIPS.CLIENTID)}).join(Groups.GROUPS).on(new Condition[]{Groups.GROUPS.ID.eq(Memberships.MEMBERSHIPS.GROUPID)}).where(new Condition[]{Groups.GROUPS.NAME.eq(group.getName())}).fetchInto(Clients.CLIENTS).map(this.clientMapper));
    }

    public ImmutableSet<SanitizedSecret> getSanitizedSecretsFor(Client client) {
        Preconditions.checkNotNull(client);
        SecretContentDAO using = this.secretContentDAOFactory.using(this.dslContext.configuration());
        ImmutableSet.Builder builder = ImmutableSet.builder();
        UnmodifiableIterator it = getSecretSeriesFor(this.dslContext.configuration(), client).iterator();
        while (it.hasNext()) {
            SecretSeries secretSeries = (SecretSeries) it.next();
            UnmodifiableIterator it2 = using.getSecretContentsBySecretId(secretSeries.id()).iterator();
            while (it2.hasNext()) {
                builder.add(SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(secretSeries, (SecretContent) it2.next())));
            }
        }
        return builder.build();
    }

    public Set<Client> getClientsFor(Secret secret) {
        return new HashSet(this.dslContext.select(Clients.CLIENTS.fields()).from(Clients.CLIENTS).join(Memberships.MEMBERSHIPS).on(new Condition[]{Clients.CLIENTS.ID.eq(Memberships.MEMBERSHIPS.CLIENTID)}).join(Accessgrants.ACCESSGRANTS).on(new Condition[]{Memberships.MEMBERSHIPS.GROUPID.eq(Accessgrants.ACCESSGRANTS.GROUPID)}).join(Secrets.SECRETS).on(new Condition[]{Secrets.SECRETS.ID.eq(Accessgrants.ACCESSGRANTS.SECRETID)}).where(new Condition[]{Secrets.SECRETS.NAME.eq(secret.getName())}).fetchInto(Clients.CLIENTS).map(this.clientMapper));
    }

    public Optional<SanitizedSecret> getSanitizedSecretFor(Client client, String str, String str2) {
        Preconditions.checkNotNull(client);
        Preconditions.checkArgument(!str.isEmpty());
        Preconditions.checkNotNull(str2);
        SecretContentDAO using = this.secretContentDAOFactory.using(this.dslContext.configuration());
        Optional<SecretSeries> secretSeriesFor = getSecretSeriesFor(this.dslContext.configuration(), client, str);
        if (!secretSeriesFor.isPresent()) {
            return Optional.empty();
        }
        Optional<SecretContent> secretContentBySecretIdAndVersion = using.getSecretContentBySecretIdAndVersion(secretSeriesFor.get().id(), str2);
        return !secretContentBySecretIdAndVersion.isPresent() ? Optional.empty() : Optional.of(SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(secretSeriesFor.get(), secretContentBySecretIdAndVersion.get())));
    }

    protected void allowAccess(Configuration configuration, long j, long j2) {
        OffsetDateTime now = OffsetDateTime.now(ZoneOffset.UTC);
        int intExact = Math.toIntExact(j);
        int intExact2 = Math.toIntExact(j2);
        if (0 < DSL.using(configuration).fetchCount(Accessgrants.ACCESSGRANTS, Accessgrants.ACCESSGRANTS.SECRETID.eq(Integer.valueOf(intExact)).and(Accessgrants.ACCESSGRANTS.GROUPID.eq(Integer.valueOf(intExact2))))) {
            return;
        }
        DSL.using(configuration).insertInto(Accessgrants.ACCESSGRANTS).set(Accessgrants.ACCESSGRANTS.SECRETID, Integer.valueOf(intExact)).set(Accessgrants.ACCESSGRANTS.GROUPID, Integer.valueOf(intExact2)).set(Accessgrants.ACCESSGRANTS.CREATEDAT, now).set(Accessgrants.ACCESSGRANTS.UPDATEDAT, now).execute();
    }

    protected void revokeAccess(Configuration configuration, long j, long j2) {
        DSL.using(configuration).delete(Accessgrants.ACCESSGRANTS).where(new Condition[]{Accessgrants.ACCESSGRANTS.SECRETID.eq(Integer.valueOf(Math.toIntExact(j))).and(Accessgrants.ACCESSGRANTS.GROUPID.eq(Integer.valueOf(Math.toIntExact(j2))))}).execute();
    }

    protected void enrollClient(Configuration configuration, long j, long j2) {
        OffsetDateTime now = OffsetDateTime.now(ZoneOffset.UTC);
        int intExact = Math.toIntExact(j2);
        int intExact2 = Math.toIntExact(j);
        if (0 < DSL.using(configuration).fetchCount(Memberships.MEMBERSHIPS, Memberships.MEMBERSHIPS.GROUPID.eq(Integer.valueOf(intExact)).and(Memberships.MEMBERSHIPS.CLIENTID.eq(Integer.valueOf(intExact2))))) {
            return;
        }
        DSL.using(configuration).insertInto(Memberships.MEMBERSHIPS).set(Memberships.MEMBERSHIPS.GROUPID, Integer.valueOf(intExact)).set(Memberships.MEMBERSHIPS.CLIENTID, Integer.valueOf(intExact2)).set(Memberships.MEMBERSHIPS.CREATEDAT, now).set(Memberships.MEMBERSHIPS.UPDATEDAT, now).execute();
    }

    protected void evictClient(Configuration configuration, long j, long j2) {
        DSL.using(configuration).delete(Memberships.MEMBERSHIPS).where(new Condition[]{Memberships.MEMBERSHIPS.CLIENTID.eq(Integer.valueOf(Math.toIntExact(j))).and(Memberships.MEMBERSHIPS.GROUPID.eq(Integer.valueOf(Math.toIntExact(j2))))}).execute();
    }

    protected ImmutableSet<SecretSeries> getSecretSeriesFor(Configuration configuration, Group group) {
        return ImmutableSet.copyOf(DSL.using(configuration).select(Secrets.SECRETS.fields()).from(Secrets.SECRETS).join(Accessgrants.ACCESSGRANTS).on(new Condition[]{Secrets.SECRETS.ID.eq(Accessgrants.ACCESSGRANTS.SECRETID)}).join(Groups.GROUPS).on(new Condition[]{Groups.GROUPS.ID.eq(Accessgrants.ACCESSGRANTS.GROUPID)}).where(new Condition[]{Groups.GROUPS.NAME.eq(group.getName())}).fetchInto(Secrets.SECRETS).map(this.secretSeriesMapper));
    }

    protected ImmutableSet<SecretSeries> getSecretSeriesFor(Configuration configuration, Client client) {
        return ImmutableSet.copyOf(DSL.using(configuration).select(Secrets.SECRETS.fields()).from(Secrets.SECRETS).join(Accessgrants.ACCESSGRANTS).on(new Condition[]{Secrets.SECRETS.ID.eq(Accessgrants.ACCESSGRANTS.SECRETID)}).join(Memberships.MEMBERSHIPS).on(new Condition[]{Accessgrants.ACCESSGRANTS.GROUPID.eq(Memberships.MEMBERSHIPS.GROUPID)}).join(Clients.CLIENTS).on(new Condition[]{Clients.CLIENTS.ID.eq(Memberships.MEMBERSHIPS.CLIENTID)}).where(new Condition[]{Clients.CLIENTS.NAME.eq(client.getName())}).fetchInto(Secrets.SECRETS).map(this.secretSeriesMapper));
    }

    protected Optional<SecretSeries> getSecretSeriesFor(Configuration configuration, Client client, String str) {
        Optional ofNullable = Optional.ofNullable(DSL.using(configuration).select(Secrets.SECRETS.fields()).from(Secrets.SECRETS).join(SecretsContent.SECRETS_CONTENT).on(new Condition[]{Secrets.SECRETS.ID.eq(SecretsContent.SECRETS_CONTENT.SECRETID)}).join(Accessgrants.ACCESSGRANTS).on(new Condition[]{Secrets.SECRETS.ID.eq(Accessgrants.ACCESSGRANTS.SECRETID)}).join(Memberships.MEMBERSHIPS).on(new Condition[]{Accessgrants.ACCESSGRANTS.GROUPID.eq(Memberships.MEMBERSHIPS.GROUPID)}).join(Clients.CLIENTS).on(new Condition[]{Clients.CLIENTS.ID.eq(Memberships.MEMBERSHIPS.CLIENTID)}).where(new Condition[]{Secrets.SECRETS.NAME.eq(str).and(Clients.CLIENTS.NAME.eq(client.getName()))}).limit(1).fetchOneInto(Secrets.SECRETS));
        SecretSeriesMapper secretSeriesMapper = this.secretSeriesMapper;
        secretSeriesMapper.getClass();
        return ofNullable.map(secretSeriesMapper::map);
    }
}
