package org.eclipse.ditto.services.gateway.endpoints.routes;

import akka.actor.ActorRef;
import akka.actor.ActorSystem;
import akka.dispatch.MessageDispatcher;
import akka.http.javadsl.model.ContentTypes;
import akka.http.javadsl.model.HttpResponse;
import akka.http.javadsl.model.StatusCodes;
import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.ExceptionHandler;
import akka.http.javadsl.server.PathMatchers;
import akka.http.javadsl.server.RejectionHandler;
import akka.http.javadsl.server.RequestContext;
import akka.http.javadsl.server.Route;
import akka.util.ByteString;
import com.typesafe.config.Config;
import java.lang.invoke.SerializedLambda;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import org.eclipse.ditto.json.JsonRuntimeException;
import org.eclipse.ditto.model.base.auth.AuthorizationContext;
import org.eclipse.ditto.model.base.common.ConditionChecker;
import org.eclipse.ditto.model.base.exceptions.DittoJsonException;
import org.eclipse.ditto.model.base.exceptions.DittoRuntimeException;
import org.eclipse.ditto.model.base.headers.DittoHeaders;
import org.eclipse.ditto.model.base.headers.DittoHeadersBuilder;
import org.eclipse.ditto.model.base.json.JsonSchemaVersion;
import org.eclipse.ditto.model.policies.SubjectIssuer;
import org.eclipse.ditto.protocoladapter.DittoProtocolAdapter;
import org.eclipse.ditto.services.gateway.endpoints.directives.CorrelationIdEnsuringDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.CorsEnablingDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.CustomPathMatchers;
import org.eclipse.ditto.services.gateway.endpoints.directives.DevopsBasicAuthenticationDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.EncodingEnsuringDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.HttpsEnsuringDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.RequestResultLoggingDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.RequestTimeoutHandlingDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.ResponseRewritingDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.SecurityResponseHeadersDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.AuthorizationContextVersioningDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.GatewayAuthenticationDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.dummy.DummyAuthenticationProvider;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.jwt.DittoPublicKeyProvider;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.jwt.JwtAuthenticationDirective;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.jwt.JwtSubjectIssuerConfig;
import org.eclipse.ditto.services.gateway.endpoints.directives.auth.jwt.JwtSubjectIssuersConfig;
import org.eclipse.ditto.services.gateway.endpoints.routes.devops.DevOpsRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.health.CachingHealthRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.policies.PoliciesRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.sse.SseThingsRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.stats.StatsRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.status.OverallStatusRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.things.ThingsRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.thingsearch.ThingSearchRoute;
import org.eclipse.ditto.services.gateway.endpoints.routes.websocket.WebsocketRoute;
import org.eclipse.ditto.services.gateway.endpoints.utils.DirectivesLoggingUtils;
import org.eclipse.ditto.services.gateway.health.DittoStatusHealthHelper;
import org.eclipse.ditto.services.gateway.health.StatusHealthHelper;
import org.eclipse.ditto.services.gateway.starter.service.util.HttpClientFacade;
import org.eclipse.ditto.services.utils.health.cluster.ClusterStatus;
import org.eclipse.ditto.signals.commands.base.CommandNotSupportedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/endpoints/routes/RootRoute.class */
public final class RootRoute {
    static final String HTTP_PATH_API_PREFIX = "api";
    static final String WS_PATH_PREFIX = "ws";
    private static final String BLOCKING_DISPATCHER_NAME = "blocking-dispatcher";
    private static final String JWK_RESOURCE_GOOGLE = "https://www.googleapis.com/oauth2/v2/certs";
    private final OverallStatusRoute overallStatusRoute;
    private final CachingHealthRoute cachingHealthRoute;
    private final DevOpsRoute devopsRoute;
    private final PoliciesRoute policiesRoute;
    private final SseThingsRoute sseThingsRoute;
    private final ThingsRoute thingsRoute;
    private final ThingSearchRoute thingSearchRoute;
    private final WebsocketRoute websocketRoute;
    private final GatewayAuthenticationDirective apiAuthenticationDirective;
    private final GatewayAuthenticationDirective wsAuthenticationDirective;
    private final StatsRoute statsRoute;
    private final ExceptionHandler exceptionHandler;
    private final List<Integer> supportedSchemaVersions;
    private static final Logger LOGGER = LoggerFactory.getLogger(RootRoute.class);
    public static final Pattern DEVOPS_AUTH_SECURED = Pattern.compile("(status|health|devops).*");

    public RootRoute(ActorSystem actorSystem, Config config, ActorRef actorRef, ActorRef actorRef2, ActorRef actorRef3, Supplier<ClusterStatus> supplier, HttpClientFacade httpClientFacade) {
        ConditionChecker.checkNotNull(actorSystem, "Actor System");
        ConditionChecker.checkNotNull(actorRef, "proxyActor");
        MessageDispatcher lookup = actorSystem.dispatchers().lookup(BLOCKING_DISPATCHER_NAME);
        StatusHealthHelper of = DittoStatusHealthHelper.of(actorSystem, supplier);
        this.statsRoute = new StatsRoute(actorRef, actorSystem);
        this.overallStatusRoute = new OverallStatusRoute(actorSystem, supplier, actorRef3, of);
        this.cachingHealthRoute = new CachingHealthRoute(of, config.getDuration("ditto.gateway.public-health.cache-timeout"));
        this.devopsRoute = new DevOpsRoute(actorRef, actorSystem);
        this.policiesRoute = new PoliciesRoute(actorRef, actorSystem);
        this.sseThingsRoute = new SseThingsRoute(actorRef, actorSystem, actorRef2);
        this.thingsRoute = new ThingsRoute(actorRef, actorSystem, config.getDuration("ditto.gateway.message.default-timeout"), config.getDuration("ditto.gateway.message.max-timeout"), config.getDuration("ditto.gateway.claim-message.default-timeout"), config.getDuration("ditto.gateway.claim-message.max-timeout"));
        this.thingSearchRoute = new ThingSearchRoute(actorRef, actorSystem);
        this.websocketRoute = new WebsocketRoute(actorRef2, config.getInt("ditto.gateway.websocket.subscriber.backpressure-queue-size"), config.getInt("ditto.gateway.websocket.publisher.backpressure-buffer-size"), DittoProtocolAdapter.newInstance());
        this.supportedSchemaVersions = config.getIntList("ditto.gateway.http.schema-versions");
        this.apiAuthenticationDirective = generateGatewayAuthenticationDirective(config, httpClientFacade, lookup);
        this.wsAuthenticationDirective = this.apiAuthenticationDirective;
        this.exceptionHandler = createExceptionHandler();
    }

    private GatewayAuthenticationDirective generateGatewayAuthenticationDirective(Config config, HttpClientFacade httpClientFacade, MessageDispatcher messageDispatcher) {
        boolean z = config.getBoolean("ditto.gateway.authentication.dummy.enabled");
        LinkedList linkedList = new LinkedList();
        if (z) {
            LOGGER.warn("Dummy authentication is enabled - Do not use this feature in production.");
            linkedList.add(DummyAuthenticationProvider.INSTANCE);
        }
        linkedList.add(new JwtAuthenticationDirective(messageDispatcher, DittoPublicKeyProvider.of(buildJwtSubjectIssuersConfig(), httpClientFacade, config.getInt("ditto.gateway.cache.publickeys.maxentries"), config.getDuration("ditto.gateway.cache.publickeys.expiry"))));
        return new GatewayAuthenticationDirective(linkedList);
    }

    private JwtSubjectIssuersConfig buildJwtSubjectIssuersConfig() {
        HashSet hashSet = new HashSet();
        hashSet.add(new JwtSubjectIssuerConfig(SubjectIssuer.GOOGLE, JWK_RESOURCE_GOOGLE));
        hashSet.add(new JwtSubjectIssuerConfig(SubjectIssuer.GOOGLE_URL, JWK_RESOURCE_GOOGLE));
        return new JwtSubjectIssuersConfig(hashSet);
    }

    public Route buildRoute() {
        return wrapWithRootDirectives(str -> {
            return Directives.extractRequestContext(requestContext -> {
                return Directives.route(new Route[]{this.statsRoute.buildStatsRoute(str), api(requestContext, str), ws(str), Directives.pathPrefixTest(PathMatchers.segment(DEVOPS_AUTH_SECURED), str -> {
                    return DevopsBasicAuthenticationDirective.authenticateDevopsBasic(getRealmFromSegment(str), Directives.route(new Route[]{this.overallStatusRoute.buildStatusRoute(), this.cachingHealthRoute.buildHealthRoute(), this.devopsRoute.buildDevopsRoute(requestContext)}));
                })});
            });
        });
    }

    private Route wrapWithRootDirectives(Function<String, Route> function) {
        return Directives.handleExceptions(this.exceptionHandler, () -> {
            return CorrelationIdEnsuringDirective.ensureCorrelationId(str -> {
                return ResponseRewritingDirective.rewriteResponse(str, () -> {
                    return RequestTimeoutHandlingDirective.handleRequestTimeout(str, () -> {
                        return RequestResultLoggingDirective.logRequestResult(str, () -> {
                            return EncodingEnsuringDirective.ensureEncoding(str, () -> {
                                return HttpsEnsuringDirective.ensureHttps(str, () -> {
                                    return CorsEnablingDirective.enableCors(() -> {
                                        return SecurityResponseHeadersDirective.addSecurityResponseHeaders(() -> {
                                            return Directives.handleRejections(RejectionHandler.defaultHandler(), () -> {
                                                return Directives.handleExceptions(this.exceptionHandler, () -> {
                                                    return (Route) function.apply(str);
                                                });
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
    }

    private Route apiAuthentication(String str, Function<AuthorizationContext, Route> function) {
        return this.apiAuthenticationDirective.authenticate(str, function);
    }

    private Route wsAuthentication(String str, Function<AuthorizationContext, Route> function) {
        return this.wsAuthenticationDirective.authenticate(str, function);
    }

    private Route api(RequestContext requestContext, String str) {
        return Directives.rawPathPrefix(CustomPathMatchers.mergeDoubleSlashes().concat(HTTP_PATH_API_PREFIX), () -> {
            return ensureSchemaVersion(num -> {
                return apiAuthentication(str, authorizationContext -> {
                    return AuthorizationContextVersioningDirective.mapAuthorizationContext(str, num.intValue(), authorizationContext, authorizationContext -> {
                        return extractDittoHeaders(authorizationContext, num, str, dittoHeaders -> {
                            return buildApiSubRoutes(requestContext, dittoHeaders);
                        });
                    });
                });
            });
        });
    }

    private Route ensureSchemaVersion(akka.japi.function.Function<Integer, Route> function) {
        return Directives.rawPathPrefix(CustomPathMatchers.mergeDoubleSlashes().concat(PathMatchers.integerSegment()), num -> {
            if (!this.supportedSchemaVersions.contains(num)) {
                CommandNotSupportedException build = CommandNotSupportedException.newBuilder(num.intValue()).build();
                return Directives.complete((HttpResponse) HttpResponse.create().withStatus(build.getStatusCode().toInt()).withEntity(ContentTypes.APPLICATION_JSON, ByteString.fromString(build.toJsonString())));
            }
            try {
                return (Route) function.apply(num);
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new IllegalStateException("Unexpected checked exception", e2);
            }
        });
    }

    private Route buildApiSubRoutes(RequestContext requestContext, DittoHeaders dittoHeaders) {
        return Directives.route(new Route[]{this.policiesRoute.buildPoliciesRoute(requestContext, dittoHeaders), this.sseThingsRoute.buildThingsSseRoute(requestContext, dittoHeaders), this.thingsRoute.buildThingsRoute(requestContext, dittoHeaders), this.thingSearchRoute.buildSearchRoute(requestContext, dittoHeaders)});
    }

    private Route ws(String str) {
        return Directives.rawPathPrefix(CustomPathMatchers.mergeDoubleSlashes().concat(WS_PATH_PREFIX), () -> {
            return ensureSchemaVersion(num -> {
                return wsAuthentication(str, authorizationContext -> {
                    return AuthorizationContextVersioningDirective.mapAuthorizationContext(str, num.intValue(), authorizationContext, authorizationContext -> {
                        return this.websocketRoute.buildWebsocketRoute(num, str, authorizationContext);
                    });
                });
            });
        });
    }

    private static Route extractDittoHeaders(AuthorizationContext authorizationContext, Integer num, String str, Function<DittoHeaders, Route> function) {
        return function.apply(buildDittoHeaders(authorizationContext, num, str));
    }

    private static ExceptionHandler createExceptionHandler() {
        return ExceptionHandler.newBuilder().match(DittoRuntimeException.class, dittoRuntimeException -> {
            DirectivesLoggingUtils.enhanceLogWithCorrelationId((Optional<String>) dittoRuntimeException.getDittoHeaders().getCorrelationId(), () -> {
                LOGGER.info("DittoRuntimeException in gateway RootRoute: {}", dittoRuntimeException.getMessage());
            });
            return Directives.complete((HttpResponse) HttpResponse.create().withStatus(dittoRuntimeException.getStatusCode().toInt()).withEntity(ContentTypes.APPLICATION_JSON, ByteString.fromString(dittoRuntimeException.toJsonString())));
        }).match(JsonRuntimeException.class, jsonRuntimeException -> {
            DittoJsonException dittoJsonException = new DittoJsonException(jsonRuntimeException);
            DirectivesLoggingUtils.enhanceLogWithCorrelationId((Optional<String>) dittoJsonException.getDittoHeaders().getCorrelationId(), () -> {
                LOGGER.info("DittoJsonException in gateway RootRoute: {}", dittoJsonException.getMessage());
            });
            return Directives.complete((HttpResponse) HttpResponse.create().withStatus(dittoJsonException.getStatusCode().toInt()).withEntity(ContentTypes.APPLICATION_JSON, ByteString.fromString(dittoJsonException.toJsonString())));
        }).matchAny(th -> {
            LOGGER.error("Unexpected RuntimeException in gateway RootRoute: {}", th.getMessage(), th);
            return Directives.complete(StatusCodes.INTERNAL_SERVER_ERROR);
        }).build();
    }

    private static DittoHeaders buildDittoHeaders(AuthorizationContext authorizationContext, Integer num, String str) {
        DittoHeadersBuilder correlationId = DittoHeaders.newBuilder().authorizationContext(authorizationContext).schemaVersion((JsonSchemaVersion) JsonSchemaVersion.forInt(num.intValue()).orElseThrow(() -> {
            return CommandNotSupportedException.newBuilder(num.intValue()).build();
        })).correlationId(str);
        Optional map = authorizationContext.getFirstAuthorizationSubject().map((v0) -> {
            return v0.getId();
        });
        correlationId.getClass();
        map.ifPresent((v1) -> {
            r1.source(v1);
        });
        return correlationId.build();
    }

    private static String getRealmFromSegment(String str) {
        return str.startsWith(CachingHealthRoute.PATH_HEALTH) ? DevopsBasicAuthenticationDirective.REALM_HEALTH : DevopsBasicAuthenticationDirective.REALM_DEVOPS;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1412998863:
                if (implMethodName.equals("lambda$null$e355fa61$1")) {
                    z = false;
                    break;
                }
                break;
            case 1365613262:
                if (implMethodName.equals("lambda$null$b28658c3$1")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("akka/japi/function/Function") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/eclipse/ditto/services/gateway/endpoints/routes/RootRoute") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lakka/http/javadsl/server/RequestContext;Ljava/lang/Integer;)Lakka/http/javadsl/server/Route;")) {
                    RootRoute rootRoute = (RootRoute) serializedLambda.getCapturedArg(0);
                    String str = (String) serializedLambda.getCapturedArg(1);
                    RequestContext requestContext = (RequestContext) serializedLambda.getCapturedArg(2);
                    return num -> {
                        return apiAuthentication(str, authorizationContext -> {
                            return AuthorizationContextVersioningDirective.mapAuthorizationContext(str, num.intValue(), authorizationContext, authorizationContext -> {
                                return extractDittoHeaders(authorizationContext, num, str, dittoHeaders -> {
                                    return buildApiSubRoutes(requestContext, dittoHeaders);
                                });
                            });
                        });
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("akka/japi/function/Function") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/eclipse/ditto/services/gateway/endpoints/routes/RootRoute") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Ljava/lang/Integer;)Lakka/http/javadsl/server/Route;")) {
                    RootRoute rootRoute2 = (RootRoute) serializedLambda.getCapturedArg(0);
                    String str2 = (String) serializedLambda.getCapturedArg(1);
                    return num2 -> {
                        return wsAuthentication(str2, authorizationContext -> {
                            return AuthorizationContextVersioningDirective.mapAuthorizationContext(str2, num2.intValue(), authorizationContext, authorizationContext -> {
                                return this.websocketRoute.buildWebsocketRoute(num2, str2, authorizationContext);
                            });
                        });
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
