package com.dynfi.services.remoteAgent;

import com.dynfi.exceptions.CannotCreateException;
import com.dynfi.security.PermissionKeys;
import com.dynfi.services.DeviceGroupService;
import com.dynfi.services.DeviceGroupServiceImpl;
import com.dynfi.services.UserService;
import com.dynfi.services.dto.CreateConnectionAgentTokenRequest;
import com.dynfi.storage.entities.ConnectionAgentToken;
import com.dynfi.storage.entities.DeviceGroup;
import com.dynfi.storage.entities.User;
import dev.morphia.Datastore;
import dev.morphia.query.Query;
import dev.morphia.query.filters.Filters;
import io.crnk.core.engine.internal.jackson.ErrorDataSerializer;
import io.jsonwebtoken.Jwts;
import java.util.Collection;
import java.util.Date;
import java.util.UUID;
import javax.inject.Inject;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/dynfi/services/remoteAgent/TokenServiceImpl.class */
public class TokenServiceImpl implements TokenService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TokenServiceImpl.class);
    private final KeyService keyService;
    private final UserService userService;
    private final DeviceGroupService deviceGroupService;
    private final Datastore datastore;

    @Inject
    public TokenServiceImpl(KeyService keyService, UserService userService, DeviceGroupService deviceGroupService, Datastore datastore) {
        this.keyService = keyService;
        this.userService = userService;
        this.deviceGroupService = deviceGroupService;
        this.datastore = datastore;
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public ConnectionAgentToken createToken(CreateConnectionAgentTokenRequest createConnectionAgentTokenRequest) {
        Pair<User, Subject> currentUserAndSubject = this.userService.getCurrentUserAndSubject();
        if (!currentUserAndSubject.getValue().isPermitted(PermissionKeys.CONNECTION_AGENT_TOKENS__CREATE)) {
            throw new CannotCreateException("User not permitted to create connection agent tokens.");
        }
        User left = currentUserAndSubject.getLeft();
        DeviceGroup byId = this.deviceGroupService.getById(createConnectionAgentTokenRequest.getDeviceGroupId());
        if (byId == null || !(left.canAccessAllDeviceGroups() || left.getLimitedToDeviceGroups().contains(byId))) {
            throw new CannotCreateException("Device group missing or cannot access specified device group.");
        }
        ConnectionAgentToken connectionAgentToken = new ConnectionAgentToken(left, createConnectionAgentTokenRequest.getValidUntil(), byId, createConnectionAgentTokenRequest.getAllowedUsages().intValue(), Jwts.builder().mo2043setIssuedAt(new Date()).mo2047setExpiration(Date.from(createConnectionAgentTokenRequest.getValidUntil())).claim("adr", createConnectionAgentTokenRequest.getServerAddress().getAddress()).claim("prt", Integer.valueOf(createConnectionAgentTokenRequest.getServerAddress().getPort())).claim("key", this.keyService.getServerPublicKeyString()).compact(), createConnectionAgentTokenRequest.getLabel(), createConnectionAgentTokenRequest.getMinTunnelPort(), createConnectionAgentTokenRequest.getMaxTunnelPort());
        this.datastore.save((Datastore) connectionAgentToken);
        return connectionAgentToken;
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public boolean confirmTokenUsable(String str) {
        ConnectionAgentToken byContentIgnoringDeviceGroup = getByContentIgnoringDeviceGroup(str);
        return byContentIgnoringDeviceGroup != null && byContentIgnoringDeviceGroup.canBeUsed();
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public ConnectionAgentToken getById(UUID uuid) {
        ConnectionAgentToken connectionAgentToken = (ConnectionAgentToken) this.datastore.find(ConnectionAgentToken.class).filter(Filters.eq(ErrorDataSerializer.ID, uuid)).first();
        if (connectionAgentToken == null || !this.deviceGroupService.canCurrentUserAccessAllSpecifiedDeviceGroups(connectionAgentToken.getDeviceGroup().getId())) {
            return null;
        }
        return connectionAgentToken;
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public ConnectionAgentToken getByContentIgnoringDeviceGroup(String str) {
        return (ConnectionAgentToken) this.datastore.find(ConnectionAgentToken.class).filter(Filters.eq("content", str)).first();
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public Collection<ConnectionAgentToken> getAll() {
        Query find = this.datastore.find(ConnectionAgentToken.class);
        User currentUser = this.userService.getCurrentUser();
        if (!currentUser.canAccessAllDeviceGroups()) {
            DeviceGroupServiceImpl.addFilterToQueryToLimitDeviceGroups(find, "deviceGroup", currentUser, null);
        }
        return find.iterator().toList();
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public void deactivate(UUID uuid) {
        ConnectionAgentToken byId = getById(uuid);
        if (byId == null || byId.isDeactivated()) {
            return;
        }
        byId.deactivate();
        this.datastore.save((Datastore) byId);
        if (logger.isDebugEnabled()) {
            logger.debug("Token [{}] deactivated by [{}].", uuid, this.userService.getCurrentUser().getId());
        }
    }

    @Override // com.dynfi.services.remoteAgent.TokenService
    public void save(ConnectionAgentToken connectionAgentToken) {
        this.datastore.save((Datastore) connectionAgentToken);
    }
}
