package pl.edu.icm.unity.engine;

import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.identity.EntityResolver;
import pl.edu.icm.unity.engine.api.token.SecuredTokensManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.authz.AuthzCapability;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.types.basic.EntityParam;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/SecuredTokensManagementImpl.class */
public class SecuredTokensManagementImpl implements SecuredTokensManagement {
    private TokensManagement tokenMan;
    private InternalAuthorizationManager authz;
    private EntityResolver idResolver;

    @Autowired
    public SecuredTokensManagementImpl(TokensManagement tokensManagement, InternalAuthorizationManager internalAuthorizationManager, EntityResolver entityResolver) {
        this.tokenMan = tokensManagement;
        this.authz = internalAuthorizationManager;
        this.idResolver = entityResolver;
    }

    private List<Token> getOwned(long j) throws AuthorizationException {
        List allTokens = this.tokenMan.getAllTokens();
        long userEntityId = getUserEntityId();
        return (List) allTokens.stream().filter(token -> {
            return token.getOwner().equals(Long.valueOf(userEntityId));
        }).collect(Collectors.toList());
    }

    @Transactional
    public List<Token> getAllTokens(String str) throws EngineException {
        return hasMaintanceCapability() ? str != null ? this.tokenMan.getAllTokens(str) : this.tokenMan.getAllTokens() : str != null ? this.tokenMan.getOwnedTokens(str, new EntityParam(Long.valueOf(getUserEntityId()))) : getOwned(getUserEntityId());
    }

    @Transactional
    public List<Token> getOwnedTokens(String str, EntityParam entityParam) throws EngineException {
        Long l = null;
        if (!hasMaintanceCapability()) {
            l = Long.valueOf(this.idResolver.getEntityId(entityParam));
            if (l.longValue() != getUserEntityId()) {
                throw new AuthorizationException("Can not get tokens owned by another user");
            }
        }
        return str != null ? this.tokenMan.getOwnedTokens(str, entityParam) : getOwned(l.longValue());
    }

    @Transactional
    public List<Token> getOwnedTokens(String str) throws EngineException {
        return str != null ? this.tokenMan.getOwnedTokens(str, new EntityParam(Long.valueOf(getUserEntityId()))) : getOwned(getUserEntityId());
    }

    @Transactional
    public void removeToken(String str, String str2) throws AuthorizationException {
        if (!hasMaintanceCapability() && this.tokenMan.getTokenById(str, str2).getOwner().longValue() != getUserEntityId()) {
            throw new AuthorizationException("Can not remove token owned by another user");
        }
        this.tokenMan.removeToken(str, str2);
    }

    private long getUserEntityId() throws AuthorizationException {
        LoginSession loginSession;
        if (!InvocationContext.hasCurrent() || (loginSession = InvocationContext.getCurrent().getLoginSession()) == null) {
            throw new AuthorizationException("Access is denied. The operation requires logged user");
        }
        return loginSession.getEntityId();
    }

    private boolean hasMaintanceCapability() {
        try {
            this.authz.checkAuthorization(AuthzCapability.maintenance);
            return true;
        } catch (AuthorizationException e) {
            return false;
        }
    }
}
