package org.eclipse.hono.service.management.device;

import io.opentracing.Span;
import io.opentracing.tag.Tags;
import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.eclipse.hono.client.ServiceInvocationException;
import org.eclipse.hono.client.telemetry.EventSender;
import org.eclipse.hono.client.util.MessagingClientProvider;
import org.eclipse.hono.client.util.StatusCodeMapper;
import org.eclipse.hono.deviceregistry.service.device.AbstractAutoProvisioningEventSender;
import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
import org.eclipse.hono.service.management.Id;
import org.eclipse.hono.service.management.credentials.CommonCredential;
import org.eclipse.hono.service.management.credentials.CredentialsManagementService;
import org.eclipse.hono.service.management.credentials.X509CertificateCredential;
import org.eclipse.hono.service.management.credentials.X509CertificateSecret;
import org.eclipse.hono.service.management.tenant.Tenant;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CredentialsResult;
import org.eclipse.hono.util.IdentityTemplate;

/* loaded from: input_file:org/eclipse/hono/service/management/device/DeviceAndGatewayAutoProvisioner.class */
public final class DeviceAndGatewayAutoProvisioner extends AbstractAutoProvisioningEventSender {
    private final CredentialsManagementService credentialsManagementService;

    public DeviceAndGatewayAutoProvisioner(Vertx vertx, DeviceManagementService deviceManagementService, CredentialsManagementService credentialsManagementService, MessagingClientProvider<EventSender> messagingClientProvider) {
        super(vertx, deviceManagementService, messagingClientProvider);
        this.credentialsManagementService = (CredentialsManagementService) Objects.requireNonNull(credentialsManagementService);
    }

    public Future<CredentialsResult<JsonObject>> provisionIfEnabled(String str, Tenant tenant, String str2, JsonObject jsonObject, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(tenant);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(span);
        return DeviceRegistryUtils.getCertificateFromClientContext(str, str2, jsonObject, span).compose(optional -> {
            return (Future) optional.filter(x509Certificate -> {
                return isAutoProvisioningEnabledForTenant(str, tenant, x509Certificate, span);
            }).map(x509Certificate2 -> {
                Tags.ERROR.set(span, Boolean.FALSE);
                return provision(str, tenant, generateDeviceIdFromTemplateIfConfigured(tenant, x509Certificate2), str2, isProvisionAsGatewayEnabledForTenant(str, tenant, x509Certificate2, span), span).recover(DeviceAndGatewayAutoProvisioner::getCredentialsResult);
            }).orElseGet(() -> {
                return Future.succeededFuture(CredentialsResult.from(404));
            });
        });
    }

    public Future<Void> sendAutoProvisioningEventIfNeeded(String str, Tenant tenant, String str2, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(tenant);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(span);
        return this.deviceManagementService.readDevice(str, str2, span).map(operationResult -> {
            if (operationResult.isOk()) {
                return operationResult;
            }
            throw StatusCodeMapper.from(str, operationResult.getStatus(), "error retrieving device registration information");
        }).compose(operationResult2 -> {
            Device device = (Device) operationResult2.getPayload();
            return (Future) Optional.ofNullable(device.getStatus()).filter((v0) -> {
                return v0.isAutoProvisioned();
            }).filter(deviceStatus -> {
                return !deviceStatus.isAutoProvisioningNotificationSent();
            }).map(deviceStatus2 -> {
                return sendAutoProvisioningEvent(str, tenant, str2, null, span).compose(r13 -> {
                    return updateAutoProvisioningNotificationSent(str, str2, device, operationResult2.getResourceVersion(), span).recover(th -> {
                        return Future.succeededFuture();
                    });
                });
            }).orElseGet(Future::succeededFuture);
        });
    }

    private Future<CredentialsResult<JsonObject>> provision(String str, Tenant tenant, Optional<String> optional, String str2, boolean z, Span span) {
        span.log("Start auto-provisioning");
        String str3 = "Auto-provisioned at " + Instant.now().toString();
        Device createDeviceInformation = createDeviceInformation(z, str3);
        optional.ifPresent(str4 -> {
            this.LOG.debug("generated [device-id: {}] based on the configured template", str4);
            TracingHelper.TAG_DEVICE_ID.set(span, str4);
            span.log("generated device-id based on the configured template");
        });
        return this.deviceManagementService.createDevice(str, optional, createDeviceInformation, span).compose(operationResult -> {
            if (operationResult.isError()) {
                this.LOG.warn("auto-provisioning failed: device could not be created [tenant-id: {}, auth-id: {}, status: {}]", new Object[]{str, str2, Integer.valueOf(operationResult.getStatus())});
                return Future.succeededFuture(getCredentialsResult(operationResult.getStatus(), "auto-provisioning failed: device could not be created"));
            }
            X509CertificateCredential fromAuthId = X509CertificateCredential.fromAuthId(str2, List.of(new X509CertificateSecret()));
            fromAuthId.setEnabled(true).setComment(str3);
            String id = ((Id) operationResult.getPayload()).getId();
            if (optional.isEmpty()) {
                TracingHelper.TAG_DEVICE_ID.set(span, id);
            }
            return this.credentialsManagementService.updateCredentials(str, id, List.of(fromAuthId), Optional.empty(), span).compose(operationResult -> {
                if (operationResult.isError()) {
                    this.LOG.warn("auto-provisioning failed: credentials could not be set [tenant-id: {}, device-id: {}, auth-id: {}, status: {}]", new Object[]{str, id, str2, Integer.valueOf(operationResult.getStatus())});
                    return this.deviceManagementService.deleteDevice(str, id, Optional.empty(), span).map(getCredentialsResult(operationResult.getStatus(), "auto-provisioning failed: credentials could not be set for device")).recover(th -> {
                        return Future.succeededFuture(getCredentialsResult(ServiceInvocationException.extractStatusCode(th), "auto-provisioning failed: credentials could not be set and also the device could not be deleted"));
                    });
                }
                span.log("auto-provisioning of device has succeeded");
                this.LOG.trace("auto-provisioning of device [tenant-id: {}, device-id: {}, auth-id: {}] has succeeded", new Object[]{str, id, str2});
                return sendAutoProvisioningEventIfNeeded(str, tenant, id, span).map(r5 -> {
                    return getCredentialsResult(id, fromAuthId);
                });
            });
        });
    }

    private static Device createDeviceInformation(boolean z, String str) {
        Device putExtension = new Device().setEnabled(true).setStatus(new DeviceStatus().setAutoProvisioned(true)).putExtension("comment", str);
        if (z) {
            putExtension.setAuthorities(Set.of("auto-provisioning-enabled"));
        }
        return putExtension;
    }

    private boolean isAutoProvisioningEnabledForTenant(String str, Tenant tenant, X509Certificate x509Certificate, Span span) {
        Optional map = Optional.ofNullable(x509Certificate).map(x509Certificate2 -> {
            return x509Certificate2.getIssuerX500Principal().getName("RFC2253");
        });
        Objects.requireNonNull(tenant);
        boolean booleanValue = ((Boolean) map.map(tenant::isAutoProvisioningEnabled).orElse(false)).booleanValue();
        String format = String.format("auto-provisioning [enabled: %s, tenant-id: %s]", Boolean.valueOf(booleanValue), str);
        this.LOG.debug(format);
        span.log(format);
        return booleanValue;
    }

    private boolean isProvisionAsGatewayEnabledForTenant(String str, Tenant tenant, X509Certificate x509Certificate, Span span) {
        Optional map = Optional.ofNullable(x509Certificate).map(x509Certificate2 -> {
            return x509Certificate2.getIssuerX500Principal().getName("RFC2253");
        });
        Objects.requireNonNull(tenant);
        boolean booleanValue = ((Boolean) map.map(tenant::isAutoProvisioningAsGatewayEnabled).orElse(false)).booleanValue();
        String format = String.format("auto-provisioning as a gateway [enabled: %s, tenant-id: %s]", Boolean.valueOf(booleanValue), str);
        this.LOG.debug(format);
        span.log(format);
        return booleanValue;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static CredentialsResult<JsonObject> getCredentialsResult(String str, CommonCredential commonCredential) {
        return CredentialsResult.from(201, JsonObject.mapFrom(commonCredential).put(DeviceDto.FIELD_DEVICE_ID, str));
    }

    private static CredentialsResult<JsonObject> getCredentialsResult(int i, String str) {
        return CredentialsResult.from(i, new JsonObject().put("description", str));
    }

    private static Future<CredentialsResult<JsonObject>> getCredentialsResult(Throwable th) {
        return Future.succeededFuture(getCredentialsResult(ServiceInvocationException.extractStatusCode(th), th.getMessage()));
    }

    private static Optional<String> generateDeviceIdFromTemplateIfConfigured(Tenant tenant, X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerX500Principal().getName("RFC2253");
        String name2 = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        return Optional.ofNullable(tenant.getAutoProvisioningDeviceIdTemplate(name)).map(str -> {
            return new IdentityTemplate(str).apply(name2);
        });
    }
}
