package org.gcube.common.authorizationservice.persistence;

import java.security.Key;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.inject.Singleton;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.authorizationservice.util.BannedEntry;
import org.gcube.common.authorizationservice.util.TokenMappingEntity;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.gcube.common.couchdb.connector.HttpCouchClient;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.resources.discovery.icclient.ICFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/gcube/common/authorizationservice/persistence/CouchDBTokenPersistence.class */
public class CouchDBTokenPersistence implements TokenPersistence {
    private static final Logger log = LoggerFactory.getLogger(CouchDBTokenPersistence.class);
    private Map<String, HttpCouchClient> mapsScopeClient = new HashMap();
    private final String DESIGN_NAME = "_gcube";
    private final String TOKEN_BY_USER_AND_SCOPE = "_user_and_scope";
    private final String BANNED_SERVICES = "_bannedservice";
    private final String BANNED_SERVICE_PER_USER_AND_SCOPE = "_banned_service_per_user_scope";

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public void saveAuthorizationEntry(String str, AuthorizationEntry authorizationEntry) {
        try {
            getClient().put(new TokenMappingEntity(str, authorizationEntry));
        } catch (Exception e) {
            log.error("error saving token " + str);
        }
    }

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public AuthorizationEntry getAuthorizationEntry(String str) {
        try {
            TokenMappingEntity tokenMappingEntity = (TokenMappingEntity) getClient().getDoc(str, TokenMappingEntity.class);
            return new AuthorizationEntry(tokenMappingEntity.getUserName(), tokenMappingEntity.getRoles(), tokenMappingEntity.getScope());
        } catch (Exception e) {
            log.error("error retrieving token " + str, e);
            throw new RuntimeException("error retrieving token " + str);
        }
    }

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public String getExistingToken(AuthorizationEntry authorizationEntry) {
        try {
            List filteredDocs = getClient().getFilteredDocs(TokenMappingEntity.class, "_gcube", "_user_and_scope", authorizationEntry.getUserName(), authorizationEntry.getScope());
            if (filteredDocs.isEmpty()) {
                return null;
            }
            return ((TokenMappingEntity) filteredDocs.get(0)).getToken();
        } catch (Exception e) {
            log.error("error retrieving authorizationEntry " + authorizationEntry, e);
            throw new RuntimeException("error retrieving authorizationEntry " + authorizationEntry);
        }
    }

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public synchronized BannedService denyServiceForUser(String str, String str2, String str3, String str4) {
        try {
            BannedEntry bannedEntry = new BannedEntry(str, str4, str3, str2);
            List filteredDocs = getClient().getFilteredDocs(BannedEntry.class, "_gcube", "_bannedservice", str, str2, str3, str4);
            if (filteredDocs.isEmpty()) {
                getClient().put(bannedEntry);
            } else {
                bannedEntry = (BannedEntry) filteredDocs.get(0);
            }
            return new BannedService(bannedEntry.getServiceClass(), bannedEntry.getServiceName(), bannedEntry.getBanTime());
        } catch (Exception e) {
            String format = String.format("error banning service %s:%s for user %s in scope %s", str2, str3, str, str4);
            log.error(format, e);
            throw new RuntimeException(format);
        }
    }

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public void allowServiceForUser(String str, String str2, String str3, String str4) {
        try {
            List filteredDocs = getClient().getFilteredDocs(BannedEntry.class, "_gcube", "_bannedservice", str, str2, str3, str4);
            if (filteredDocs.isEmpty()) {
                return;
            }
            getClient().delete((BannedEntry) filteredDocs.get(0));
        } catch (Exception e) {
            String format = String.format("error removing banned service %s:%s for user %s in scope %s", str2, str3, str, str4);
            log.error(format, e);
            throw new RuntimeException(format);
        }
    }

    @Override // org.gcube.common.authorizationservice.util.TokenPersistence
    public List<BannedService> getBannedServices(String str, String str2) {
        try {
            List<BannedEntry> filteredDocs = getClient().getFilteredDocs(BannedEntry.class, "_gcube", "_banned_service_per_user_scope", str, str2);
            if (filteredDocs.isEmpty()) {
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList(filteredDocs.size());
            for (BannedEntry bannedEntry : filteredDocs) {
                arrayList.add(new BannedService(bannedEntry.getServiceClass(), bannedEntry.getServiceName(), bannedEntry.getBanTime()));
            }
            return arrayList;
        } catch (Exception e) {
            String format = String.format("error getting banned service for user %s in scope %s", str, str2);
            log.error(format, e);
            throw new RuntimeException(format);
        }
    }

    public HttpCouchClient getClient() {
        if (!this.mapsScopeClient.containsKey(ScopeProvider.instance.get())) {
            log.debug("retrieving enpoint of couch-db for scope {} ", ScopeProvider.instance.get());
            XQuery queryFor = ICFactory.queryFor(ServiceEndpoint.class);
            queryFor.addCondition("$resource/Profile/Category/text() eq 'Database'").addCondition("$resource/Profile/Name/text() eq 'AuthorizationDB'").setResult("$resource/Profile//AccessPoint[./Interface/Endpoint/@EntryName eq 'authorization']");
            List submit = ICFactory.clientFor(ServiceEndpoint.AccessPoint.class).submit(queryFor);
            if (submit.size() <= 0) {
                throw new IllegalStateException("no endpoint retreived for AuthorizationDB");
            }
            ServiceEndpoint.AccessPoint accessPoint = (ServiceEndpoint.AccessPoint) submit.get(0);
            try {
                this.mapsScopeClient.put(ScopeProvider.instance.get(), new HttpCouchClient(accessPoint.address(), accessPoint.name(), accessPoint.username(), StringEncrypter.getEncrypter().decrypt(accessPoint.password(), new Key[0])));
            } catch (Exception e) {
                new IllegalArgumentException("error decrypting password", e);
            }
        }
        return this.mapsScopeClient.get(ScopeProvider.instance.get());
    }
}
