package org.eclipse.ditto.services.concierge.starter.proxy;

import akka.actor.ActorContext;
import akka.actor.ActorRef;
import akka.actor.ActorSystem;
import java.time.Duration;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.model.base.headers.DittoHeaderDefinition;
import org.eclipse.ditto.model.base.headers.DittoHeaders;
import org.eclipse.ditto.model.base.headers.WithDittoHeaders;
import org.eclipse.ditto.model.things.Thing;
import org.eclipse.ditto.model.things.ThingId;
import org.eclipse.ditto.services.concierge.actors.ShardRegions;
import org.eclipse.ditto.services.concierge.common.CachesConfig;
import org.eclipse.ditto.services.concierge.common.ConciergeConfig;
import org.eclipse.ditto.services.concierge.enforcement.EnforcerActor;
import org.eclipse.ditto.services.concierge.enforcement.LiveSignalEnforcement;
import org.eclipse.ditto.services.concierge.enforcement.PolicyCommandEnforcement;
import org.eclipse.ditto.services.concierge.enforcement.PreEnforcer;
import org.eclipse.ditto.services.concierge.enforcement.ThingCommandEnforcement;
import org.eclipse.ditto.services.concierge.enforcement.placeholders.PlaceholderSubstitution;
import org.eclipse.ditto.services.concierge.enforcement.validators.CommandWithOptionalEntityValidator;
import org.eclipse.ditto.services.concierge.starter.ConciergeService;
import org.eclipse.ditto.services.concierge.starter.actors.CachedNamespaceInvalidator;
import org.eclipse.ditto.services.concierge.starter.actors.DispatcherActor;
import org.eclipse.ditto.services.models.concierge.actors.ConciergeEnforcerClusterRouterFactory;
import org.eclipse.ditto.services.models.concierge.actors.ConciergeForwarderActor;
import org.eclipse.ditto.services.utils.cache.Cache;
import org.eclipse.ditto.services.utils.cache.CacheFactory;
import org.eclipse.ditto.services.utils.cacheloaders.AclEnforcerCacheLoader;
import org.eclipse.ditto.services.utils.cacheloaders.PolicyEnforcerCacheLoader;
import org.eclipse.ditto.services.utils.cacheloaders.ThingEnforcementIdCacheLoader;
import org.eclipse.ditto.services.utils.cluster.ClusterUtil;
import org.eclipse.ditto.services.utils.cluster.DistPubSubAccess;
import org.eclipse.ditto.services.utils.namespaces.BlockNamespaceBehavior;
import org.eclipse.ditto.services.utils.namespaces.BlockedNamespaces;
import org.eclipse.ditto.services.utils.namespaces.BlockedNamespacesUpdater;
import org.eclipse.ditto.services.utils.pubsub.DistributedAcks;
import org.eclipse.ditto.services.utils.pubsub.LiveSignalPub;
import org.eclipse.ditto.signals.commands.things.ThingCommand;
import org.eclipse.ditto.signals.commands.things.modify.CreateThing;

/* loaded from: input_file:org/eclipse/ditto/services/concierge/starter/proxy/DefaultEnforcerActorFactory.class */
public final class DefaultEnforcerActorFactory implements EnforcerActorFactory<ConciergeConfig> {
    private static final String DEFAULT_NAMESPACE = "org.eclipse.ditto";
    private static final String ENFORCER_CACHE_METRIC_NAME_PREFIX = "ditto_authorization_enforcer_cache_";
    private static final String ID_CACHE_METRIC_NAME_PREFIX = "ditto_authorization_id_cache_";

    @Override // org.eclipse.ditto.services.concierge.starter.proxy.EnforcerActorFactory
    public ActorRef startEnforcerActor(ActorContext actorContext, ConciergeConfig conciergeConfig, ActorRef actorRef, ShardRegions shardRegions) {
        CachesConfig cachesConfig = conciergeConfig.getCachesConfig();
        Duration askTimeout = cachesConfig.getAskTimeout();
        ActorSystem system = actorContext.system();
        ActorRef policies = shardRegions.policies();
        ActorRef things = shardRegions.things();
        Cache createCache = CacheFactory.createCache(new ThingEnforcementIdCacheLoader(askTimeout, things), cachesConfig.getIdCacheConfig(), "ditto_authorization_id_cache_" + ThingCommand.RESOURCE_TYPE, system.dispatchers().lookup("thing-id-cache-dispatcher"));
        Cache createCache2 = CacheFactory.createCache(new PolicyEnforcerCacheLoader(askTimeout, policies), cachesConfig.getEnforcerCacheConfig(), "ditto_authorization_enforcer_cache_policy", system.dispatchers().lookup("policy-enforcer-cache-dispatcher"));
        Cache createCache3 = CacheFactory.createCache(new AclEnforcerCacheLoader(askTimeout, things), cachesConfig.getEnforcerCacheConfig(), "ditto_authorization_enforcer_cache_acl", system.dispatchers().lookup("acl-enforcer-cache-dispatcher"));
        BlockedNamespaces of = BlockedNamespaces.of(system);
        PreEnforcer newPreEnforcer = newPreEnforcer(of, PlaceholderSubstitution.newInstance());
        LiveSignalPub of2 = LiveSignalPub.of(actorContext, DistributedAcks.create(actorContext));
        HashSet hashSet = new HashSet();
        hashSet.add(new ThingCommandEnforcement.Provider(things, policies, createCache, createCache2, createCache3, newPreEnforcer));
        hashSet.add(new PolicyCommandEnforcement.Provider(policies, createCache2));
        hashSet.add(new LiveSignalEnforcement.Provider(createCache, createCache2, createCache3, of2));
        ActorRef createConciergeEnforcerClusterRouter = ConciergeEnforcerClusterRouterFactory.createConciergeEnforcerClusterRouter(actorContext, conciergeConfig.getClusterConfig().getNumberOfShards());
        actorContext.actorOf(DispatcherActor.props(actorRef, createConciergeEnforcerClusterRouter), DispatcherActor.ACTOR_NAME);
        ActorRef actorOf = actorContext.actorOf(ConciergeForwarderActor.props(actorRef, createConciergeEnforcerClusterRouter), "conciergeForwarder");
        actorRef.tell(DistPubSubAccess.put(actorOf), ActorRef.noSender());
        actorContext.actorOf(CachedNamespaceInvalidator.props(of, Arrays.asList(createCache, createCache2, createCache3)), CachedNamespaceInvalidator.ACTOR_NAME);
        ClusterUtil.startSingleton(system, system, ConciergeService.SERVICE_NAME, "blockedNamespacesUpdater", BlockedNamespacesUpdater.props(of, actorRef));
        return actorContext.actorOf(EnforcerActor.props(actorRef, hashSet, actorOf, newPreEnforcer, createCache, createCache3, createCache2), "enforcer");
    }

    public static <T extends WithDittoHeaders<T>> WithDittoHeaders<T> setOriginatorHeader(T t) {
        DittoHeaders dittoHeaders = t.getDittoHeaders();
        Optional map = dittoHeaders.getAuthorizationContext().getFirstAuthorizationSubject().map((v0) -> {
            return v0.getId();
        }).map(str -> {
            return DittoHeaders.newBuilder(dittoHeaders).putHeader(DittoHeaderDefinition.ORIGINATOR.getKey(), str).build();
        });
        Objects.requireNonNull(t);
        return (WithDittoHeaders) map.map(t::setDittoHeaders).orElse(t);
    }

    private static PreEnforcer newPreEnforcer(BlockedNamespaces blockedNamespaces, PlaceholderSubstitution placeholderSubstitution) {
        return withDittoHeaders -> {
            return BlockNamespaceBehavior.of(blockedNamespaces).block(withDittoHeaders).thenApply(CommandWithOptionalEntityValidator.getInstance()).thenApply(DefaultEnforcerActorFactory::prependDefaultNamespaceToCreateThing).thenApply(DefaultEnforcerActorFactory::setOriginatorHeader).thenCompose(placeholderSubstitution);
        };
    }

    private static WithDittoHeaders prependDefaultNamespaceToCreateThing(WithDittoHeaders<?> withDittoHeaders) {
        if (withDittoHeaders instanceof CreateThing) {
            CreateThing createThing = (CreateThing) withDittoHeaders;
            Thing thing = createThing.getThing();
            if (thing.getNamespace().isEmpty()) {
                return CreateThing.of(thing.toBuilder().setId(ThingId.of(DEFAULT_NAMESPACE, createThing.getThingEntityId().toString())).build(), (JsonObject) createThing.getInitialPolicy().orElse(null), createThing.getDittoHeaders());
            }
        }
        return withDittoHeaders;
    }
}
