@Transactional
 public AccessKey create(@NotNull User user, @NotNull AccessKey accessKey) {
   if (accessKey.getLabel() == null) {
     throw new IllegalParametersException(Messages.LABEL_IS_REQUIRED);
   }
   Optional<AccessKey> akOpt =
       genericDAO
           .createNamedQuery(
               AccessKey.class, "AccessKey.getByUserAndLabel", Optional.<CacheConfig>empty())
           .setParameter("userId", user.getId())
           .setParameter("label", accessKey.getLabel())
           .getResultList()
           .stream()
           .findFirst();
   if (akOpt.isPresent()) {
     logger.error("Access key with label {} already exists", accessKey.getLabel());
     throw new ActionNotAllowedException(Messages.DUPLICATE_LABEL_FOUND);
   }
   if (accessKey.getId() != null) {
     logger.error("Access key id shouldn't be present in request parameters");
     throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS);
   }
   authenticationUtils.validateActions(accessKey);
   AccessKeyProcessor keyProcessor = new AccessKeyProcessor();
   String key = keyProcessor.generateKey();
   accessKey.setKey(key);
   accessKey.setUser(user);
   genericDAO.persist(accessKey);
   for (AccessKeyPermission current : accessKey.getPermissions()) {
     AccessKeyPermission permission = preparePermission(current);
     permission.setAccessKey(accessKey);
     genericDAO.persist(permission);
   }
   return genericDAO.find(AccessKey.class, accessKey.getId());
 }
 @Transactional
 public AccessKey authenticate(@NotNull String key) {
   Optional<AccessKey> accessKeyOpt =
       genericDAO
           .createNamedQuery(AccessKey.class, "AccessKey.getByKey", Optional.of(CacheConfig.get()))
           .setParameter("someKey", key)
           .getResultList()
           .stream()
           .findFirst();
   if (!accessKeyOpt.isPresent()) {
     return null;
   }
   AccessKey accessKey = accessKeyOpt.get();
   final Long expirationPeriod =
       configurationService.getLong(Constants.SESSION_TIMEOUT, Constants.DEFAULT_SESSION_TIMEOUT);
   if (accessKey.getExpirationDate() != null) {
     final Long expiresIn =
         accessKey.getExpirationDate().getTime() - timestampService.getTimestamp().getTime();
     if (AccessKeyType.SESSION == accessKey.getType()
         && expiresIn > 0
         && expiresIn < expirationPeriod / 2) {
       em.refresh(accessKey, LockModeType.PESSIMISTIC_WRITE);
       accessKey.setExpirationDate(
           new Date(timestampService.getTimestamp().getTime() + expirationPeriod));
       return genericDAO.merge(accessKey);
     }
   }
   return accessKey;
 }
  @Transactional(propagation = Propagation.NOT_SUPPORTED)
  public List<AccessKey> list(
      Long userId,
      String label,
      String labelPattern,
      Integer type,
      String sortField,
      Boolean sortOrderAsc,
      Integer take,
      Integer skip) {
    CriteriaBuilder cb = genericDAO.criteriaBuilder();
    CriteriaQuery<AccessKey> cq = cb.createQuery(AccessKey.class);
    Root<AccessKey> from = cq.from(AccessKey.class);

    Predicate[] predicates =
        CriteriaHelper.accessKeyListPredicates(
            cb, from, userId, ofNullable(label), ofNullable(labelPattern), ofNullable(type));
    cq.where(predicates);
    CriteriaHelper.order(cb, cq, from, ofNullable(sortField), Boolean.TRUE.equals(sortOrderAsc));

    TypedQuery<AccessKey> query = genericDAO.createQuery(cq);
    ofNullable(skip).ifPresent(query::setFirstResult);
    ofNullable(take).ifPresent(query::setMaxResults);
    genericDAO.cacheQuery(query, of(CacheConfig.bypass()));
    return query.getResultList();
  }
 @Transactional
 public AccessKey updateAccessKeyFromOAuthGrant(OAuthGrant grant, User user, Date now) {
   AccessKey existing = find(grant.getAccessKey().getId(), user.getId());
   deleteAccessKeyPermissions(existing);
   if (grant.getAccessType().equals(AccessType.ONLINE)) {
     Date expirationDate = new Date(now.getTime() + 600000); // the key is valid for 10 minutes
     existing.setExpirationDate(expirationDate);
   } else {
     existing.setExpirationDate(null);
   }
   existing.setLabel(
       String.format(
           Messages.OAUTH_GRANT_TOKEN_LABEL,
           grant.getClient().getName(),
           System.currentTimeMillis()));
   Set<AccessKeyPermission> permissions = new HashSet<>();
   AccessKeyPermission permission = new AccessKeyPermission();
   permission.setDomainArray(grant.getClient().getDomain());
   permission.setActionsArray(StringUtils.split(grant.getScope(), ' '));
   permission.setSubnetsArray(grant.getClient().getSubnet());
   permission.setNetworkIds(grant.getNetworkIds());
   permissions.add(permission);
   existing.setPermissions(permissions);
   AccessKeyProcessor keyProcessor = new AccessKeyProcessor();
   String key = keyProcessor.generateKey();
   existing.setKey(key);
   for (AccessKeyPermission current : permissions) {
     current.setAccessKey(existing);
     genericDAO.persist(current);
   }
   return existing;
 }
  @Transactional(propagation = Propagation.REQUIRED)
  public AccessKey authenticate(@NotNull User user) {
    userService.refreshUserLoginData(user);

    AccessKey accessKey = authenticationUtils.prepareAccessKey(user);

    Set<AccessKeyPermission> permissions = new HashSet<>();
    final AccessKeyPermission permission = authenticationUtils.preparePermission(user.getRole());
    permissions.add(permission);
    accessKey.setPermissions(permissions);
    genericDAO.persist(accessKey);

    permission.setAccessKey(accessKey);
    genericDAO.persist(permission);
    return accessKey;
  }
 private void deleteAccessKeyPermissions(AccessKey key) {
   logger.debug("Deleting all permission of access key {}", key.getId());
   int deleted =
       genericDAO
           .createNamedQuery(
               "AccessKeyPermission.deleteByAccessKey", Optional.<CacheConfig>empty())
           .setParameter("accessKey", key)
           .executeUpdate();
   logger.info("Deleted {} permissions by access key {}", deleted, key.getId());
 }
 @Scheduled(cron = "0 0 0 * * SUN")
 @Transactional(propagation = Propagation.NOT_SUPPORTED)
 public void removeExpiredKeys() {
   logger.debug("Removing expired access keys");
   int removed =
       genericDAO
           .createNamedQuery("AccessKey.deleteOlderThan", Optional.<CacheConfig>empty())
           .setParameter("expirationDate", timestampService.getTimestamp())
           .executeUpdate();
   logger.info("Removed {} expired access keys", removed);
 }
 @Transactional(propagation = Propagation.REQUIRED)
 public boolean delete(Long userId, @NotNull Long keyId) {
   int removed =
       ofNullable(userId)
           .map(
               id ->
                   genericDAO
                       .createNamedQuery(
                           "AccessKey.deleteByIdAndUser", Optional.<CacheConfig>empty())
                       .setParameter("accessKeyId", keyId)
                       .setParameter("userId", id)
                       .executeUpdate())
           .orElseGet(
               () ->
                   genericDAO
                       .createNamedQuery("AccessKey.deleteById", Optional.<CacheConfig>empty())
                       .setParameter("accessKeyId", keyId)
                       .executeUpdate());
   return removed > 0;
 }
 @Transactional(propagation = Propagation.SUPPORTS)
 public AccessKey find(@NotNull Long keyId, @NotNull Long userId) {
   return genericDAO
       .createNamedQuery(AccessKey.class, "AccessKey.getById", Optional.of(CacheConfig.refresh()))
       .setParameter("userId", userId)
       .setParameter("accessKeyId", keyId)
       .getResultList()
       .stream()
       .findFirst()
       .orElse(null);
 }
  @Transactional(propagation = Propagation.SUPPORTS)
  public boolean hasAccessToDevice(AccessKey accessKey, String deviceGuid) {
    Set<AccessKeyPermission> permissions = accessKey.getPermissions();
    Set<String> allowedDevices = new HashSet<>();
    Set<Long> allowedNetworks = new HashSet<>();

    User accessKeyUser = userService.findUserWithNetworks(accessKey.getUser().getId());
    Set<AccessKeyPermission> toRemove = new HashSet<>();

    Device device =
        genericDAO
            .createNamedQuery(Device.class, "Device.findByUUID", of(CacheConfig.refresh()))
            .setParameter("guid", deviceGuid)
            .getSingleResult();

    for (AccessKeyPermission currentPermission : permissions) {
      if (currentPermission.getDeviceGuidsAsSet() == null) {
        allowedDevices.add(null);
      } else {
        if (!currentPermission.getDeviceGuidsAsSet().contains(deviceGuid)) {
          toRemove.add(currentPermission);
        } else {
          allowedDevices.addAll(currentPermission.getDeviceGuidsAsSet());
        }
      }
      if (currentPermission.getNetworkIdsAsSet() == null) {
        allowedNetworks.add(null);
      } else {
        if (device.getNetwork() != null) {
          if (!currentPermission.getNetworkIdsAsSet().contains(device.getNetwork().getId())) {
            toRemove.add(currentPermission);
          } else {
            allowedNetworks.addAll(currentPermission.getNetworkIdsAsSet());
          }
        }
      }
    }
    permissions.removeAll(toRemove);
    boolean hasAccess;
    hasAccess =
        allowedDevices.contains(null)
            ? userService.hasAccessToDevice(accessKeyUser, device.getGuid())
            : allowedDevices.contains(device.getGuid())
                && userService.hasAccessToDevice(accessKeyUser, device.getGuid());

    hasAccess =
        hasAccess && allowedNetworks.contains(null)
            ? accessKeyUser.isAdmin() || accessKeyUser.getNetworks().contains(device.getNetwork())
            : (accessKeyUser.isAdmin() || accessKeyUser.getNetworks().contains(device.getNetwork()))
                && allowedNetworks.contains(device.getNetwork().getId());

    return hasAccess;
  }
  @Transactional
  public boolean update(@NotNull Long userId, @NotNull Long keyId, AccessKeyUpdate toUpdate) {
    AccessKey existing = find(keyId, userId);
    if (existing == null) {
      return false;
    }
    if (toUpdate == null) {
      return true;
    }

    if (toUpdate.getLabel() != null) {
      existing.setLabel(toUpdate.getLabel().orElse(null));
    }
    if (toUpdate.getExpirationDate() != null) {
      existing.setExpirationDate(toUpdate.getExpirationDate().orElse(null));
    }
    if (toUpdate.getType() != null) {
      existing.setType(toUpdate.getType().map(v -> toUpdate.getTypeEnum()).orElse(null));
    }
    if (toUpdate.getPermissions() != null) {
      if (!toUpdate.getPermissions().isPresent()) {
        logger.error("New permissions shouldn't be empty in request parameters");
        throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS);
      }

      Set<AccessKeyPermission> permissionsToReplace = toUpdate.getPermissions().get();
      AccessKey toValidate = toUpdate.convertTo();
      authenticationUtils.validateActions(toValidate);
      deleteAccessKeyPermissions(existing);
      for (AccessKeyPermission current : permissionsToReplace) {
        AccessKeyPermission permission = preparePermission(current);
        permission.setAccessKey(existing);
        genericDAO.persist(permission);
      }
    }
    return true;
  }