package org.eclipse.hono.deviceregistry.mongodb.service;

import io.opentracing.Span;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.mongo.FindOptions;
import io.vertx.ext.mongo.IndexOptions;
import io.vertx.ext.mongo.MongoClient;
import io.vertx.ext.mongo.UpdateOptions;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbBasedCredentialsConfigProperties;
import org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDto;
import org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbCallExecutor;
import org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbDeviceRegistryUtils;
import org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbDocumentBuilder;
import org.eclipse.hono.deviceregistry.service.credentials.AbstractCredentialsManagementService;
import org.eclipse.hono.deviceregistry.service.device.DeviceKey;
import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
import org.eclipse.hono.service.Lifecycle;
import org.eclipse.hono.service.credentials.CredentialsService;
import org.eclipse.hono.service.management.OperationResult;
import org.eclipse.hono.service.management.Result;
import org.eclipse.hono.service.management.credentials.CommonCredential;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CacheDirective;
import org.eclipse.hono.util.CredentialsResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/deviceregistry/mongodb/service/MongoDbBasedCredentialsService.class */
public final class MongoDbBasedCredentialsService extends AbstractCredentialsManagementService implements CredentialsService, Lifecycle {
    private static final Logger LOG = LoggerFactory.getLogger(MongoDbBasedCredentialsService.class);
    private static final String CREDENTIALS_FILTERED_POSITIONAL_OPERATOR = String.format("%s.$", MongoDbDeviceRegistryUtils.FIELD_CREDENTIALS);
    private static final int INDEX_CREATION_MAX_RETRIES = 3;
    private final MongoDbBasedCredentialsConfigProperties config;
    private final MongoClient mongoClient;
    private final MongoDbCallExecutor mongoDbCallExecutor;

    public MongoDbBasedCredentialsService(Vertx vertx, MongoClient mongoClient, MongoDbBasedCredentialsConfigProperties mongoDbBasedCredentialsConfigProperties, HonoPasswordEncoder honoPasswordEncoder) {
        super((Vertx) Objects.requireNonNull(vertx), (HonoPasswordEncoder) Objects.requireNonNull(honoPasswordEncoder), mongoDbBasedCredentialsConfigProperties.getMaxBcryptIterations(), mongoDbBasedCredentialsConfigProperties.getHashAlgorithmsWhitelist());
        Objects.requireNonNull(mongoClient);
        Objects.requireNonNull(mongoDbBasedCredentialsConfigProperties);
        this.mongoClient = mongoClient;
        this.config = mongoDbBasedCredentialsConfigProperties;
        this.mongoDbCallExecutor = new MongoDbCallExecutor(vertx, mongoClient);
    }

    public Future<Void> start() {
        return createIndices().onSuccess(r3 -> {
            LOG.info("MongoDB Credentials service started");
        });
    }

    public Future<Void> stop() {
        this.mongoClient.close();
        return Future.succeededFuture();
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Objects.requireNonNull(span);
        return processGetCredential(str, str2, str3, null);
    }

    public Future<CredentialsResult<JsonObject>> get(String str, String str2, String str3, JsonObject jsonObject, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Objects.requireNonNull(jsonObject);
        Objects.requireNonNull(span);
        return processGetCredential(str, str2, str3, jsonObject);
    }

    protected Future<OperationResult<Void>> processUpdateCredentials(DeviceKey deviceKey, Optional<String> optional, List<CommonCredential> list, Span span) {
        Objects.requireNonNull(deviceKey);
        Objects.requireNonNull(optional);
        Objects.requireNonNull(span);
        TracingHelper.TAG_DEVICE_ID.set(span, deviceKey.getDeviceId());
        return MongoDbDeviceRegistryUtils.isModificationEnabled(this.config).compose(r11 -> {
            CredentialsDto credentialsDto = new CredentialsDto(deviceKey.getTenantId(), deviceKey.getDeviceId(), list, DeviceRegistryUtils.getUniqueIdentifier());
            if (!credentialsDto.requiresMerging()) {
                return Future.succeededFuture(credentialsDto);
            }
            Future<CredentialsDto> credentialsDto2 = getCredentialsDto(deviceKey, optional);
            Objects.requireNonNull(credentialsDto);
            return credentialsDto2.map(credentialsDto::merge);
        }).compose(credentialsDto -> {
            credentialsDto.createMissingSecretIds();
            return updateCredentials(deviceKey, optional, JsonObject.mapFrom(credentialsDto), span);
        }).recover(th -> {
            return Future.succeededFuture(MongoDbDeviceRegistryUtils.mapErrorToResult(th, span));
        });
    }

    protected Future<OperationResult<List<CommonCredential>>> processReadCredentials(DeviceKey deviceKey, Span span) {
        Objects.requireNonNull(deviceKey);
        Objects.requireNonNull(span);
        return getCredentialsDto(deviceKey).map(credentialsDto -> {
            return OperationResult.ok(200, credentialsDto.getCredentials(), Optional.empty(), Optional.of(credentialsDto.getVersion()));
        }).recover(th -> {
            return Future.succeededFuture(MongoDbDeviceRegistryUtils.mapErrorToResult(th, span));
        });
    }

    public Future<Result<Void>> addCredentials(String str, String str2, List<CommonCredential> list, Optional<String> optional, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(list);
        Objects.requireNonNull(optional);
        Objects.requireNonNull(span);
        TracingHelper.TAG_DEVICE_ID.set(span, str2);
        return processAddCredentials(str, str2, list, optional, span).recover(th -> {
            return Future.succeededFuture(MongoDbDeviceRegistryUtils.mapErrorToResult(th, span));
        });
    }

    public Future<Result<Void>> removeCredentials(String str, String str2, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(span);
        TracingHelper.TAG_DEVICE_ID.set(span, str2);
        return processRemoveCredentials(str, str2, span).recover(th -> {
            return Future.succeededFuture(MongoDbDeviceRegistryUtils.mapErrorToResult(th, span));
        });
    }

    private Future<Void> createIndices() {
        String format = String.format("%s.%s", MongoDbDeviceRegistryUtils.FIELD_CREDENTIALS, "auth-id");
        String format2 = String.format("%s.%s", MongoDbDeviceRegistryUtils.FIELD_CREDENTIALS, "type");
        return this.mongoDbCallExecutor.createCollectionIndex(this.config.getCollectionName(), new JsonObject().put("tenant-id", 1).put("device-id", 1), new IndexOptions().unique(true), INDEX_CREATION_MAX_RETRIES).compose(r13 -> {
            return this.mongoDbCallExecutor.createCollectionIndex(this.config.getCollectionName(), new JsonObject().put("tenant-id", 1).put(format, 1).put(format2, 1), new IndexOptions().unique(true).partialFilterExpression(new JsonObject().put(format, new JsonObject().put("$exists", true)).put(format2, new JsonObject().put("$exists", true))), INDEX_CREATION_MAX_RETRIES);
        });
    }

    private Future<CredentialsDto> getCredentialsDto(DeviceKey deviceKey) {
        return getCredentialsDto(deviceKey, Optional.empty());
    }

    private Future<CredentialsDto> getCredentialsDto(DeviceKey deviceKey, Optional<String> optional) {
        JsonObject document = MongoDbDocumentBuilder.builder().withVersion(optional).withTenantId(deviceKey.getTenantId()).withDeviceId(deviceKey.getDeviceId()).document();
        Promise promise = Promise.promise();
        this.mongoClient.findOne(this.config.getCollectionName(), document, (JsonObject) null, promise);
        return promise.future().compose(jsonObject -> {
            return (Future) Optional.ofNullable(jsonObject).map(jsonObject -> {
                return (CredentialsDto) jsonObject.mapTo(CredentialsDto.class);
            }).map((v0) -> {
                return Future.succeededFuture(v0);
            }).orElse(MongoDbDeviceRegistryUtils.checkForVersionMismatchAndFail(deviceKey.getDeviceId(), optional, getCredentialsDto(deviceKey)));
        });
    }

    private Future<CredentialsResult<JsonObject>> getCredentialsResult(String str, String str2, String str3) {
        JsonObject document = MongoDbDocumentBuilder.builder().withTenantId(str).withAuthId(str2).withType(str3).document();
        Promise promise = Promise.promise();
        this.mongoClient.findOne(this.config.getCollectionName(), document, new JsonObject().put("device-id", 1).put(CREDENTIALS_FILTERED_POSITIONAL_OPERATOR, 1).put("_id", 0), promise);
        return promise.future().map(jsonObject -> {
            return (CredentialsResult) Optional.ofNullable(jsonObject).flatMap(jsonObject -> {
                return Optional.ofNullable(jsonObject.getJsonArray(MongoDbDeviceRegistryUtils.FIELD_CREDENTIALS)).map(jsonArray -> {
                    return jsonArray.getJsonObject(0);
                }).map(jsonObject -> {
                    return jsonObject.put("device-id", jsonObject.getString("device-id"));
                });
            }).filter(this::isCredentialEnabled).map(jsonObject2 -> {
                return CredentialsResult.from(200, jsonObject2, getCacheDirective(str3));
            }).orElse(CredentialsResult.from(404));
        });
    }

    private CacheDirective getCacheDirective(String str) {
        if (this.config.getCacheMaxAge() <= 0) {
            return CacheDirective.noCacheDirective();
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -558916037:
                if (str.equals("hashed-password")) {
                    z = false;
                    break;
                }
                break;
            case 1355437579:
                if (str.equals("x509-cert")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                return CacheDirective.maxAgeDirective(this.config.getCacheMaxAge());
            default:
                return CacheDirective.noCacheDirective();
        }
    }

    private boolean isCredentialEnabled(JsonObject jsonObject) {
        return ((Boolean) Optional.ofNullable(jsonObject.getBoolean("enabled")).orElse(true)).booleanValue();
    }

    private Future<CredentialsResult<JsonObject>> processGetCredential(String str, String str2, String str3, JsonObject jsonObject) {
        return getCredentialsResult(str, str3, str2);
    }

    private Future<Result<Void>> processAddCredentials(String str, String str2, List<CommonCredential> list, Optional<String> optional, Span span) {
        Promise promise = Promise.promise();
        this.mongoClient.insert(this.config.getCollectionName(), JsonObject.mapFrom(new CredentialsDto(str, str2, list, optional.orElse(DeviceRegistryUtils.getUniqueIdentifier()))), promise);
        return promise.future().map(str3 -> {
            span.log("successfully added credentials");
            LOG.debug("successfully added credentials for the device [[{}]]", str2);
            return Result.from(204);
        });
    }

    private Future<Result<Void>> processRemoveCredentials(String str, String str2, Span span) {
        JsonObject document = MongoDbDocumentBuilder.builder().withTenantId(str).withDeviceId(str2).document();
        Promise promise = Promise.promise();
        this.mongoClient.findOneAndDelete(this.config.getCollectionName(), document, promise);
        return promise.future().compose(jsonObject -> {
            return (Future) Optional.ofNullable(jsonObject).map(jsonObject -> {
                span.log("successfully removed credentials");
                LOG.debug("successfully removed credentials for the device [[{}]]", str2);
                return Future.succeededFuture(Result.from(204));
            }).orElse(Future.failedFuture(new ClientErrorException(404)));
        });
    }

    private Future<OperationResult<Void>> updateCredentials(DeviceKey deviceKey, Optional<String> optional, JsonObject jsonObject, Span span) {
        JsonObject document = MongoDbDocumentBuilder.builder().withVersion(optional).withTenantId(deviceKey.getTenantId()).withDeviceId(deviceKey.getDeviceId()).document();
        Promise promise = Promise.promise();
        this.mongoClient.findOneAndReplaceWithOptions(this.config.getCollectionName(), document, jsonObject, new FindOptions(), new UpdateOptions().setReturningNewDocument(true), promise);
        return promise.future().compose(jsonObject2 -> {
            if (jsonObject2 == null) {
                return MongoDbDeviceRegistryUtils.checkForVersionMismatchAndFail(deviceKey.getDeviceId(), optional, getCredentialsDto(deviceKey));
            }
            LOG.debug("successfully updated credentials for device [tenant: {}, device-id: {}}]", deviceKey.getTenantId(), deviceKey.getDeviceId());
            span.log("successfully updated credentials");
            return Future.succeededFuture(OperationResult.ok(204, (Void) null, Optional.empty(), Optional.of(jsonObject2.getString(MongoDbDeviceRegistryUtils.FIELD_VERSION))));
        }).recover(th -> {
            if (!MongoDbDeviceRegistryUtils.isDuplicateKeyError(th)) {
                return Future.failedFuture(th);
            }
            LOG.debug("credentials (type, auth-id) must be unique for device [tenant: {}, device-id: {}]", new Object[]{deviceKey.getTenantId(), deviceKey.getTenantId(), th});
            TracingHelper.logError(span, "credentials (type, auth-id) must be unique for device");
            return Future.succeededFuture(OperationResult.empty(409));
        });
    }
}
