package org.eclipse.hono.adapter.http.impl;

import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.CorsHandler;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.hono.adapter.http.AbstractVertxBasedHttpProtocolAdapter;
import org.eclipse.hono.adapter.http.HttpProtocolAdapterProperties;
import org.eclipse.hono.auth.Device;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.config.ProtocolAdapterProperties;
import org.eclipse.hono.config.ServiceConfigProperties;
import org.eclipse.hono.service.auth.device.HonoClientBasedAuthProvider;
import org.eclipse.hono.service.auth.device.SubjectDnCredentials;
import org.eclipse.hono.service.auth.device.TenantServiceBasedX509Authentication;
import org.eclipse.hono.service.auth.device.UsernamePasswordAuthProvider;
import org.eclipse.hono.service.auth.device.UsernamePasswordCredentials;
import org.eclipse.hono.service.auth.device.X509AuthProvider;
import org.eclipse.hono.service.http.HonoBasicAuthHandler;
import org.eclipse.hono.service.http.HonoChainAuthHandler;
import org.eclipse.hono.service.http.HttpContext;
import org.eclipse.hono.service.http.HttpContextTenantAndAuthIdProvider;
import org.eclipse.hono.service.http.HttpUtils;
import org.eclipse.hono.service.http.TenantTraceSamplingHandler;
import org.eclipse.hono.service.http.X509AuthHandler;
import org.eclipse.hono.service.tenant.ExecutionContextTenantAndAuthIdProvider;

/* loaded from: input_file:org/eclipse/hono/adapter/http/impl/VertxBasedHttpProtocolAdapter.class */
public final class VertxBasedHttpProtocolAdapter extends AbstractVertxBasedHttpProtocolAdapter<HttpProtocolAdapterProperties> {
    private static final String PARAM_TENANT = "tenant";
    private static final String PARAM_DEVICE_ID = "device_id";
    private static final String PARAM_COMMAND_REQUEST_ID = "cmd_req_id";
    private static final String ROUTE_TELEMETRY_ENDPOINT = "/telemetry";
    private static final String ROUTE_EVENT_ENDPOINT = "/event";
    private HonoClientBasedAuthProvider<UsernamePasswordCredentials> usernamePasswordAuthProvider;
    private HonoClientBasedAuthProvider<SubjectDnCredentials> clientCertAuthProvider;
    private ExecutionContextTenantAndAuthIdProvider<HttpContext> tenantObjectWithAuthIdProvider;

    public void setUsernamePasswordAuthProvider(HonoClientBasedAuthProvider<UsernamePasswordCredentials> honoClientBasedAuthProvider) {
        this.usernamePasswordAuthProvider = (HonoClientBasedAuthProvider) Objects.requireNonNull(honoClientBasedAuthProvider);
    }

    public void setClientCertAuthProvider(HonoClientBasedAuthProvider<SubjectDnCredentials> honoClientBasedAuthProvider) {
        this.clientCertAuthProvider = (HonoClientBasedAuthProvider) Objects.requireNonNull(honoClientBasedAuthProvider);
    }

    public void setTenantObjectWithAuthIdProvider(ExecutionContextTenantAndAuthIdProvider<HttpContext> executionContextTenantAndAuthIdProvider) {
        this.tenantObjectWithAuthIdProvider = (ExecutionContextTenantAndAuthIdProvider) Objects.requireNonNull(executionContextTenantAndAuthIdProvider);
    }

    protected TenantTraceSamplingHandler getTenantTraceSamplingHandler() {
        return new TenantTraceSamplingHandler((ExecutionContextTenantAndAuthIdProvider) Optional.ofNullable(this.tenantObjectWithAuthIdProvider).orElse(new HttpContextTenantAndAuthIdProvider((ProtocolAdapterProperties) getConfig(), getTenantClientFactory(), PARAM_TENANT, PARAM_DEVICE_ID)));
    }

    protected String getTypeName() {
        return "hono-http";
    }

    protected void addRoutes(Router router) {
        if (!((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            this.log.warn("device authentication has been disabled");
            this.log.warn("any device may publish data on behalf of all other devices");
            addTelemetryApiRoutes(router, null);
            addEventApiRoutes(router, null);
            addCommandResponseRoutes("command", router, null);
            addCommandResponseRoutes("control", router, null);
            return;
        }
        HonoChainAuthHandler honoChainAuthHandler = new HonoChainAuthHandler();
        honoChainAuthHandler.append(new X509AuthHandler(new TenantServiceBasedX509Authentication(getTenantClientFactory(), this.tracer), (HonoClientBasedAuthProvider) Optional.ofNullable(this.clientCertAuthProvider).orElse(new X509AuthProvider(getCredentialsClientFactory(), (ServiceConfigProperties) getConfig(), this.tracer))));
        honoChainAuthHandler.append(new HonoBasicAuthHandler((AuthProvider) Optional.ofNullable(this.usernamePasswordAuthProvider).orElse(new UsernamePasswordAuthProvider(getCredentialsClientFactory(), (ServiceConfigProperties) getConfig(), this.tracer)), ((HttpProtocolAdapterProperties) getConfig()).getRealm(), this.tracer));
        addTelemetryApiRoutes(router, honoChainAuthHandler);
        addEventApiRoutes(router, honoChainAuthHandler);
        addCommandResponseRoutes("command", router, honoChainAuthHandler);
        addCommandResponseRoutes("control", router, honoChainAuthHandler);
    }

    private void addTelemetryApiRoutes(Router router, Handler<RoutingContext> handler) {
        router.routeWithRegex("\\/telemetry\\/[^\\/]+\\/.*").handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("QoS-Level").allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id"));
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            router.route(ROUTE_TELEMETRY_ENDPOINT).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.POST).allowedHeader("QoS-Level").allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id"));
            router.route(HttpMethod.POST, ROUTE_TELEMETRY_ENDPOINT).handler(handler);
            router.route(HttpMethod.POST, ROUTE_TELEMETRY_ENDPOINT).handler(this::handlePostTelemetry);
            router.route(HttpMethod.PUT, "/telemetry/*").handler(handler);
            router.route(HttpMethod.PUT, String.format("/telemetry/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)).handler(this::assertTenant);
        }
        router.route(HttpMethod.PUT, String.format("/telemetry/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)).handler(routingContext -> {
            uploadTelemetryMessage(routingContext, getTenantParam(routingContext), getDeviceIdParam(routingContext));
        });
    }

    private void addEventApiRoutes(Router router, Handler<RoutingContext> handler) {
        router.routeWithRegex("\\/event\\/[^\\/]+\\/.*").handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id"));
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            router.route(ROUTE_EVENT_ENDPOINT).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.POST).allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id"));
            router.route(HttpMethod.POST, ROUTE_EVENT_ENDPOINT).handler(handler);
            router.route(HttpMethod.POST, ROUTE_EVENT_ENDPOINT).handler(this::handlePostEvent);
            router.route(HttpMethod.PUT, "/event/*").handler(handler);
            router.route(HttpMethod.PUT, String.format("/event/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)).handler(this::assertTenant);
        }
        router.route(HttpMethod.PUT, String.format("/event/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID)).handler(routingContext -> {
            uploadEventMessage(routingContext, getTenantParam(routingContext), getDeviceIdParam(routingContext));
        });
    }

    private void addCommandResponseRoutes(String str, Router router, Handler<RoutingContext> handler) {
        router.routeWithRegex(String.format("\\/%s\\/res\\/[^\\/]+\\/[^\\/]+\\/.*", str)).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("hono-cmd-status").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()));
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            String format = String.format("/%s/res/*", str);
            router.route(format).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.POST).allowedHeader("hono-cmd-status").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()));
            router.route(HttpMethod.POST, format).handler(handler);
            router.route(HttpMethod.POST, String.format("/%s/res/:%s", str, PARAM_COMMAND_REQUEST_ID)).handler(this::handlePostCommandResponse);
            router.route(HttpMethod.PUT, format).handler(handler);
            router.route(HttpMethod.PUT, String.format("/%s/res/:%s/:%s/:%s", str, PARAM_TENANT, PARAM_DEVICE_ID, PARAM_COMMAND_REQUEST_ID)).handler(this::assertTenant);
        }
        router.route(HttpMethod.PUT, String.format("/%s/res/:%s/:%s/:%s", str, PARAM_TENANT, PARAM_DEVICE_ID, PARAM_COMMAND_REQUEST_ID)).handler(routingContext -> {
            uploadCommandResponseMessage(routingContext, getTenantParam(routingContext), getDeviceIdParam(routingContext), getCommandRequestIdParam(routingContext), getCommandResponseStatusParam(routingContext));
        });
    }

    private static String getTenantParam(RoutingContext routingContext) {
        return routingContext.request().getParam(PARAM_TENANT);
    }

    private static String getDeviceIdParam(RoutingContext routingContext) {
        return routingContext.request().getParam(PARAM_DEVICE_ID);
    }

    private static String getCommandRequestIdParam(RoutingContext routingContext) {
        return routingContext.request().getParam(PARAM_COMMAND_REQUEST_ID);
    }

    private static Integer getCommandResponseStatusParam(RoutingContext routingContext) {
        return (Integer) HttpUtils.getCommandResponseStatus(routingContext).orElse(null);
    }

    private void handle401(RoutingContext routingContext) {
        HttpUtils.unauthorized(routingContext, "Basic realm=\"" + ((HttpProtocolAdapterProperties) getConfig()).getRealm() + "\"");
    }

    void handlePostTelemetry(RoutingContext routingContext) {
        if (!Device.class.isInstance(routingContext.user())) {
            handle401(routingContext);
        } else {
            Device user = routingContext.user();
            uploadTelemetryMessage(routingContext, user.getTenantId(), user.getDeviceId());
        }
    }

    void handlePostEvent(RoutingContext routingContext) {
        if (!Device.class.isInstance(routingContext.user())) {
            handle401(routingContext);
        } else {
            Device user = routingContext.user();
            uploadEventMessage(routingContext, user.getTenantId(), user.getDeviceId());
        }
    }

    void handlePostCommandResponse(RoutingContext routingContext) {
        if (!Device.class.isInstance(routingContext.user())) {
            handle401(routingContext);
        } else {
            Device user = routingContext.user();
            uploadCommandResponseMessage(routingContext, user.getTenantId(), user.getDeviceId(), getCommandRequestIdParam(routingContext), getCommandResponseStatusParam(routingContext));
        }
    }

    void assertTenant(RoutingContext routingContext) {
        if (!Device.class.isInstance(routingContext.user())) {
            handle401(routingContext);
        } else if (routingContext.user().getTenantId().equals(getTenantParam(routingContext))) {
            routingContext.next();
        } else {
            routingContext.fail(new ClientErrorException(403, "not authorized to upload data for device from other tenant"));
        }
    }
}
