package org.adorsys.docusafe.service.impl;

import java.util.UUID;
import org.adorsys.cryptoutils.exceptions.BaseException;
import org.adorsys.docusafe.service.BucketService;
import org.adorsys.docusafe.service.DocumentGuardService;
import org.adorsys.docusafe.service.exceptions.NoDocumentGuardExists;
import org.adorsys.docusafe.service.impl.guardHelper.GuardKeyHelperFactory;
import org.adorsys.docusafe.service.impl.guardHelper.KeySourceAndGuardKeyID;
import org.adorsys.docusafe.service.serializer.DocumentGuardSerializer;
import org.adorsys.docusafe.service.serializer.DocumentGuardSerializerRegistery;
import org.adorsys.docusafe.service.types.AccessType;
import org.adorsys.docusafe.service.types.DocumentKey;
import org.adorsys.docusafe.service.types.DocumentKeyID;
import org.adorsys.docusafe.service.types.GuardKey;
import org.adorsys.docusafe.service.types.complextypes.DocumentGuardLocation;
import org.adorsys.docusafe.service.types.complextypes.DocumentKeyIDWithKey;
import org.adorsys.docusafe.service.types.complextypes.DocumentKeyIDWithKeyAndAccessType;
import org.adorsys.encobject.complextypes.BucketPath;
import org.adorsys.encobject.domain.KeyStoreAccess;
import org.adorsys.encobject.domain.Payload;
import org.adorsys.encobject.domain.UserMetaData;
import org.adorsys.encobject.exceptions.FileExistsException;
import org.adorsys.encobject.service.api.EncryptedPersistenceService;
import org.adorsys.encobject.service.api.ExtendedStoreConnection;
import org.adorsys.encobject.service.api.KeystorePersistence;
import org.adorsys.encobject.service.impl.BlobStoreKeystorePersistenceImpl;
import org.adorsys.encobject.service.impl.EncryptedPersistenceServiceImpl;
import org.adorsys.encobject.service.impl.JWEncryptionStreamServiceImpl;
import org.adorsys.encobject.service.impl.KeyStoreBasedSecretKeySourceImpl;
import org.adorsys.encobject.service.impl.SimplePayloadImpl;
import org.adorsys.encobject.service.impl.SimpleStorageMetadataImpl;
import org.adorsys.encobject.service.impl.generator.SecretKeyGeneratorImpl;
import org.adorsys.encobject.types.KeyID;
import org.adorsys.encobject.types.OverwriteFlag;
import org.adorsys.jkeygen.keystore.KeyStoreType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/docusafe-service-0.3.7.jar:org/adorsys/docusafe/service/impl/DocumentGuardServiceImpl.class */
public class DocumentGuardServiceImpl implements DocumentGuardService {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DocumentGuardServiceImpl.class);
    private static final String ACCESS_TYPE = "AccessType";
    private static final String KEYSTORE_TYPE = "KeyStoreType";
    private KeystorePersistence keystorePersistence;
    private EncryptedPersistenceService encryptedPersistenceUtil;
    private BucketService bucketService;
    private DocumentGuardSerializerRegistery serializerRegistry = DocumentGuardSerializerRegistery.getInstance();

    public DocumentGuardServiceImpl(ExtendedStoreConnection extendedStoreConnection) {
        this.encryptedPersistenceUtil = new EncryptedPersistenceServiceImpl(extendedStoreConnection, new JWEncryptionStreamServiceImpl());
        this.keystorePersistence = new BlobStoreKeystorePersistenceImpl(extendedStoreConnection);
        this.bucketService = new BucketServiceImpl(extendedStoreConnection);
    }

    @Override // org.adorsys.docusafe.service.DocumentGuardService
    public DocumentKeyIDWithKey createDocumentKeyIdWithKey() {
        DocumentKeyID documentKeyID = new DocumentKeyID("DK" + UUID.randomUUID().toString());
        return new DocumentKeyIDWithKey(documentKeyID, new DocumentKey(new SecretKeyGeneratorImpl("AES", 256).generate(documentKeyID.getValue(), null).getSecretKey()));
    }

    @Override // org.adorsys.docusafe.service.DocumentGuardService
    public void createDocumentGuardFor(GuardKeyType guardKeyType, KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, OverwriteFlag overwriteFlag) {
        LOGGER.debug("start create document guard for " + documentKeyIDWithKeyAndAccessType + " at " + keyStoreAccess.getKeyStorePath());
        createDocumentGuard(keyStoreAccess, documentKeyIDWithKeyAndAccessType, GuardKeyHelperFactory.getHelper(guardKeyType).getKeySourceAndGuardKeyID(this.keystorePersistence, keyStoreAccess, documentKeyIDWithKeyAndAccessType), overwriteFlag);
        LOGGER.debug("finished create document guard for " + documentKeyIDWithKeyAndAccessType + " at " + keyStoreAccess.getKeyStorePath());
    }

    @Override // org.adorsys.docusafe.service.DocumentGuardService
    public DocumentKeyIDWithKeyAndAccessType loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) {
        LOGGER.debug("start load " + documentKeyID + " from document guard at " + keyStoreAccess.getKeyStorePath());
        KeyStoreBasedSecretKeySourceImpl keyStoreBasedSecretKeySourceImpl = new KeyStoreBasedSecretKeySourceImpl(this.keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()), keyStoreAccess.getKeyStoreAuth().getReadKeyHandler());
        BucketPath bucketPathOfGuard = DocumentGuardLocation.getBucketPathOfGuard(keyStoreAccess.getKeyStorePath(), documentKeyID);
        if (!this.bucketService.fileExists(bucketPathOfGuard)) {
            throw new NoDocumentGuardExists(bucketPathOfGuard);
        }
        LOGGER.debug("loadDocumentKey for " + bucketPathOfGuard);
        Payload loadAndDecrypt = this.encryptedPersistenceUtil.loadAndDecrypt(bucketPathOfGuard, keyStoreBasedSecretKeySourceImpl);
        String str = loadAndDecrypt.getStorageMetadata().getUserMetadata().get(ACCESS_TYPE);
        if (str == null) {
            throw new BaseException("PROGRAMMING ERROR. AccessType for Guard with KeyID " + documentKeyID + " not known");
        }
        String str2 = loadAndDecrypt.getStorageMetadata().getUserMetadata().get(KEYSTORE_TYPE);
        if (str2 == null) {
            throw new BaseException("PROGRAMMING ERROR. KeyStoreType for Guard with KeyID " + documentKeyID + " not known");
        }
        KeyStoreType keyStoreType = new KeyStoreType(str2);
        AccessType accessType = AccessType.WRITE;
        AccessType valueOf = AccessType.valueOf(str);
        UserMetaData userMetadata = loadAndDecrypt.getStorageMetadata().getUserMetadata();
        DocumentGuardSerializerRegistery documentGuardSerializerRegistery = this.serializerRegistry;
        DocumentKey deserializeSecretKey = this.serializerRegistry.getSerializer(userMetadata.get(DocumentGuardSerializerRegistery.SERIALIZER_HEADER_KEY)).deserializeSecretKey(loadAndDecrypt.getData(), keyStoreType);
        LOGGER.debug("finished load " + documentKeyID + " from document guard at " + keyStoreAccess.getKeyStorePath());
        return new DocumentKeyIDWithKeyAndAccessType(new DocumentKeyIDWithKey(documentKeyID, deserializeSecretKey), valueOf);
    }

    private void createDocumentGuard(KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, KeySourceAndGuardKeyID keySourceAndGuardKeyID, OverwriteFlag overwriteFlag) {
        LOGGER.debug("start persist document guard for " + documentKeyIDWithKeyAndAccessType + " at " + keyStoreAccess.getKeyStorePath());
        KeyStoreType keyStoreType = KeyStoreType.DEFAULT;
        BucketPath bucketPathOfGuard = DocumentGuardLocation.getBucketPathOfGuard(keyStoreAccess.getKeyStorePath(), documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID());
        if (overwriteFlag.equals(OverwriteFlag.FALSE) && this.bucketService.fileExists(bucketPathOfGuard)) {
            throw new FileExistsException("File " + bucketPathOfGuard + " already exists and overwriteflag is false");
        }
        SimpleStorageMetadataImpl simpleStorageMetadataImpl = new SimpleStorageMetadataImpl();
        DocumentGuardSerializer defaultSerializer = this.serializerRegistry.defaultSerializer();
        UserMetaData userMetadata = simpleStorageMetadataImpl.getUserMetadata();
        DocumentGuardSerializerRegistery documentGuardSerializerRegistery = this.serializerRegistry;
        userMetadata.put(DocumentGuardSerializerRegistery.SERIALIZER_HEADER_KEY, defaultSerializer.getSerializerID());
        simpleStorageMetadataImpl.getUserMetadata().put(ACCESS_TYPE, documentKeyIDWithKeyAndAccessType.getAccessType().toString());
        simpleStorageMetadataImpl.getUserMetadata().put(KEYSTORE_TYPE, keyStoreType.getValue());
        this.encryptedPersistenceUtil.encryptAndPersist(bucketPathOfGuard, new SimplePayloadImpl(simpleStorageMetadataImpl, new GuardKey(defaultSerializer.serializeSecretKey(documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKey(), keyStoreType)).getValue()), keySourceAndGuardKeyID.keySource, new KeyID(keySourceAndGuardKeyID.guardKeyID.getValue()));
        LOGGER.debug("finished persist document guard for " + documentKeyIDWithKeyAndAccessType + " at " + keyStoreAccess.getKeyStorePath());
    }
}
