package org.eclipse.ditto.gateway.service.endpoints.routes.policies;

import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nullable;
import org.apache.pekko.http.javadsl.server.PathMatchers;
import org.apache.pekko.http.javadsl.server.RequestContext;
import org.apache.pekko.http.javadsl.server.Route;
import org.eclipse.ditto.base.model.common.HttpStatus;
import org.eclipse.ditto.base.model.exceptions.DittoJsonException;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.base.model.signals.commands.Command;
import org.eclipse.ditto.gateway.service.endpoints.routes.AbstractRoute;
import org.eclipse.ditto.gateway.service.endpoints.routes.RouteBaseProperties;
import org.eclipse.ditto.gateway.service.security.authentication.AuthenticationResult;
import org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthenticationResult;
import org.eclipse.ditto.json.JsonFactory;
import org.eclipse.ditto.json.JsonFieldDefinition;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.json.JsonValue;
import org.eclipse.ditto.jwt.model.JsonWebToken;
import org.eclipse.ditto.placeholders.UnresolvedPlaceholderException;
import org.eclipse.ditto.policies.model.Label;
import org.eclipse.ditto.policies.model.PoliciesModelFactory;
import org.eclipse.ditto.policies.model.Policy;
import org.eclipse.ditto.policies.model.PolicyId;
import org.eclipse.ditto.policies.model.Subject;
import org.eclipse.ditto.policies.model.SubjectAnnouncement;
import org.eclipse.ditto.policies.model.SubjectExpiry;
import org.eclipse.ditto.policies.model.SubjectId;
import org.eclipse.ditto.policies.model.signals.commands.actions.ActivateTokenIntegration;
import org.eclipse.ditto.policies.model.signals.commands.actions.DeactivateTokenIntegration;
import org.eclipse.ditto.policies.model.signals.commands.actions.TopLevelPolicyActionCommand;
import org.eclipse.ditto.policies.model.signals.commands.exceptions.PolicyActionFailedException;
import org.eclipse.ditto.policies.model.signals.commands.exceptions.PolicyIdNotExplicitlySettableException;
import org.eclipse.ditto.policies.model.signals.commands.modify.CreatePolicy;
import org.eclipse.ditto.policies.model.signals.commands.modify.DeletePolicy;
import org.eclipse.ditto.policies.model.signals.commands.modify.ModifyPolicy;
import org.eclipse.ditto.policies.model.signals.commands.query.RetrievePolicy;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/endpoints/routes/policies/PoliciesRoute.class */
public final class PoliciesRoute extends AbstractRoute {
    private static final String PATH_ACTIONS = "actions";
    public static final String PATH_POLICIES = "policies";
    private static final String PATH_IMPORTS = "imports";
    private static final String PATH_ENTRIES = "entries";
    private static final Label DUMMY_LABEL = Label.of("-");
    private static final JsonFieldDefinition<JsonObject> ACTION_ACTIVATE_TOKEN_INTEGRATION_ANNOUNCEMENT = Subject.JsonFields.ANNOUNCEMENT;
    private final PolicyEntriesRoute policyEntriesRoute;
    private final PolicyImportsRoute policyImportsRoute;
    private final TokenIntegrationSubjectIdFactory tokenIntegrationSubjectIdFactory;

    public PoliciesRoute(RouteBaseProperties routeBaseProperties, TokenIntegrationSubjectIdFactory tokenIntegrationSubjectIdFactory) {
        super(routeBaseProperties);
        this.policyEntriesRoute = new PolicyEntriesRoute(routeBaseProperties, tokenIntegrationSubjectIdFactory);
        this.policyImportsRoute = new PolicyImportsRoute(routeBaseProperties);
        this.tokenIntegrationSubjectIdFactory = tokenIntegrationSubjectIdFactory;
    }

    public Route buildPoliciesRoute(RequestContext requestContext, DittoHeaders dittoHeaders, AuthenticationResult authenticationResult) {
        return rawPathPrefix(PathMatchers.slash().concat(PATH_POLICIES), () -> {
            return concat(policies(requestContext, dittoHeaders), new Route[]{rawPathPrefix(PathMatchers.slash().concat(PathMatchers.segment()), str -> {
                return policyRoute(requestContext, dittoHeaders, PolicyId.of(str), authenticationResult);
            })});
        });
    }

    private Route policies(RequestContext requestContext, DittoHeaders dittoHeaders) {
        return pathEndOrSingleSlash(() -> {
            return post(() -> {
                return buildPostPoliciesRoute(requestContext, dittoHeaders);
            });
        });
    }

    private Route buildPostPoliciesRoute(RequestContext requestContext, DittoHeaders dittoHeaders) {
        return ensureMediaTypeJsonWithFallbacksThenExtractDataBytes(requestContext, dittoHeaders, source -> {
            return handlePerRequest(requestContext, dittoHeaders, source, str -> {
                return CreatePolicy.of(createPolicyForPost(str), dittoHeaders);
            });
        });
    }

    private Route policyRoute(RequestContext requestContext, DittoHeaders dittoHeaders, PolicyId policyId, AuthenticationResult authenticationResult) {
        return concat(policyId(requestContext, dittoHeaders, policyId), new Route[]{policyImports(requestContext, dittoHeaders, policyId), policyEntries(requestContext, dittoHeaders, policyId, authenticationResult), policyActions(requestContext, dittoHeaders, policyId, authenticationResult)});
    }

    private Route policyId(RequestContext requestContext, DittoHeaders dittoHeaders, PolicyId policyId) {
        return pathEndOrSingleSlash(() -> {
            return concat(get(() -> {
                return parameterList(PoliciesParameter.FIELDS.toString(), list -> {
                    return handlePerRequest(requestContext, RetrievePolicy.of(policyId, dittoHeaders, calculateSelectedFields(list).orElse(null)));
                });
            }), new Route[]{put(() -> {
                return ensureMediaTypeJsonWithFallbacksThenExtractDataBytes(requestContext, dittoHeaders, source -> {
                    return handlePerRequest(requestContext, dittoHeaders, source, str -> {
                        return ModifyPolicy.of(policyId, PoliciesModelFactory.newPolicy(createPolicyJsonObjectForPut(str, policyId)), dittoHeaders);
                    });
                });
            }), delete(() -> {
                return handlePerRequest(requestContext, DeletePolicy.of(policyId, dittoHeaders));
            })});
        });
    }

    private static Policy createPolicyForPost(String str) {
        JsonObject jsonObject = (JsonObject) DittoJsonException.wrapJsonRuntimeException(() -> {
            return JsonFactory.newObject(str);
        });
        if (jsonObject.contains(Policy.JsonFields.ID.getPointer())) {
            throw PolicyIdNotExplicitlySettableException.forPostMethod().build();
        }
        return PoliciesModelFactory.newPolicy(jsonObject).toBuilder().setId(PolicyId.generateRandom()).build();
    }

    private static JsonObject createPolicyJsonObjectForPut(String str, PolicyId policyId) {
        JsonObject jsonObject = (JsonObject) DittoJsonException.wrapJsonRuntimeException(() -> {
            return JsonFactory.newObject(str);
        });
        jsonObject.getValue(Policy.JsonFields.ID.getPointer()).ifPresent(jsonValue -> {
            if (!jsonValue.isString() || !policyId.toString().equals(jsonValue.asString())) {
                throw PolicyIdNotExplicitlySettableException.newBuilder().build();
            }
        });
        return jsonObject.setValue(Policy.JsonFields.ID.getPointer(), JsonValue.of(policyId));
    }

    private Route policyImports(RequestContext requestContext, DittoHeaders dittoHeaders, PolicyId policyId) {
        return rawPathPrefix(PathMatchers.slash().concat(PATH_IMPORTS), () -> {
            return this.policyImportsRoute.buildPolicyImportsRoute(requestContext, dittoHeaders, policyId);
        });
    }

    private Route policyEntries(RequestContext requestContext, DittoHeaders dittoHeaders, PolicyId policyId, AuthenticationResult authenticationResult) {
        return rawPathPrefix(PathMatchers.slash().concat(PATH_ENTRIES), () -> {
            return this.policyEntriesRoute.buildPolicyEntriesRoute(requestContext, dittoHeaders, policyId, authenticationResult);
        });
    }

    private Route policyActions(RequestContext requestContext, DittoHeaders dittoHeaders, PolicyId policyId, AuthenticationResult authenticationResult) {
        return rawPathPrefix(PathMatchers.slash().concat(PATH_ACTIONS), () -> {
            return concat(rawPathPrefix(PathMatchers.slash().concat("activateTokenIntegration"), () -> {
                return pathEndOrSingleSlash(() -> {
                    return extractJwt(dittoHeaders, authenticationResult, "activateTokenIntegration", jsonWebToken -> {
                        return post(() -> {
                            return handleSubjectAnnouncement(this, dittoHeaders, subjectAnnouncement -> {
                                return topLevelActivateTokenIntegration(dittoHeaders, policyId, jsonWebToken, subjectAnnouncement);
                            });
                        });
                    });
                });
            }), new Route[]{rawPathPrefix(PathMatchers.slash().concat("deactivateTokenIntegration"), () -> {
                return pathEndOrSingleSlash(() -> {
                    return extractJwt(dittoHeaders, authenticationResult, "deactivateTokenIntegration", jsonWebToken -> {
                        return post(() -> {
                            return handlePerRequest(requestContext, topLevelDeactivateTokenIntegration(dittoHeaders, policyId, jsonWebToken));
                        });
                    });
                });
            })});
        });
    }

    private TopLevelPolicyActionCommand topLevelActivateTokenIntegration(DittoHeaders dittoHeaders, PolicyId policyId, JsonWebToken jsonWebToken, @Nullable SubjectAnnouncement subjectAnnouncement) {
        return TopLevelPolicyActionCommand.of(ActivateTokenIntegration.of(policyId, DUMMY_LABEL, resolveSubjectIdsForActivateTokenIntegrationAction(dittoHeaders, jsonWebToken), SubjectExpiry.newInstance(jsonWebToken.getExpirationTime()), subjectAnnouncement, dittoHeaders), List.of());
    }

    private TopLevelPolicyActionCommand topLevelDeactivateTokenIntegration(DittoHeaders dittoHeaders, PolicyId policyId, JsonWebToken jsonWebToken) {
        return TopLevelPolicyActionCommand.of(DeactivateTokenIntegration.of(policyId, DUMMY_LABEL, resolveSubjectIdsForActivateTokenIntegrationAction(dittoHeaders, jsonWebToken), dittoHeaders), List.of());
    }

    private Set<SubjectId> resolveSubjectIdsForActivateTokenIntegrationAction(DittoHeaders dittoHeaders, JsonWebToken jsonWebToken) {
        try {
            return this.tokenIntegrationSubjectIdFactory.getSubjectIds(dittoHeaders, jsonWebToken);
        } catch (UnresolvedPlaceholderException e) {
            throw PolicyActionFailedException.newBuilder().action("activateTokenIntegration").status(HttpStatus.BAD_REQUEST).description("Mandatory placeholders could not be resolved, in detail: " + e.getMessage()).dittoHeaders(dittoHeaders).build();
        }
    }

    @Nullable
    private static SubjectAnnouncement toSubjectAnnouncement(String str) {
        if (str.isEmpty()) {
            return null;
        }
        return (SubjectAnnouncement) JsonObject.of(str).getValue(ACTION_ACTIVATE_TOKEN_INTEGRATION_ANNOUNCEMENT).map(SubjectAnnouncement::fromJson).orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Route extractJwt(DittoHeaders dittoHeaders, AuthenticationResult authenticationResult, String str, Function<JsonWebToken, Route> function) {
        if (authenticationResult instanceof JwtAuthenticationResult) {
            Optional<JsonWebToken> jwt = ((JwtAuthenticationResult) authenticationResult).getJwt();
            if (jwt.isPresent()) {
                return function.apply(jwt.get());
            }
        }
        throw PolicyActionFailedException.newBuilderForInappropriateAuthenticationMethod(str).dittoHeaders(dittoHeaders).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Route handleSubjectAnnouncement(AbstractRoute abstractRoute, DittoHeaders dittoHeaders, Function<SubjectAnnouncement, Command<?>> function) {
        return abstractRoute.extractRequestContext(requestContext -> {
            return abstractRoute.handlePerRequest(requestContext, dittoHeaders, requestContext.getRequest().entity().getDataBytes(), str -> {
                return (Command) function.apply(toSubjectAnnouncement(str));
            });
        });
    }
}
