package org.eclipse.ditto.services.gateway.proxy.actors;

import akka.actor.ActorRef;
import akka.japi.pf.ReceiveBuilder;
import java.text.MessageFormat;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import org.eclipse.ditto.json.JsonFieldSelector;
import org.eclipse.ditto.json.JsonObject;
import org.eclipse.ditto.model.base.exceptions.DittoRuntimeException;
import org.eclipse.ditto.model.messages.MessageSendNotAllowedException;
import org.eclipse.ditto.model.policies.PoliciesModelFactory;
import org.eclipse.ditto.model.policies.PoliciesResourceType;
import org.eclipse.ditto.services.gateway.starter.service.util.FireAndForgetMessageUtil;
import org.eclipse.ditto.services.models.things.commands.sudo.SudoCommand;
import org.eclipse.ditto.services.utils.akka.LogUtil;
import org.eclipse.ditto.signals.base.Signal;
import org.eclipse.ditto.signals.commands.messages.MessageCommand;
import org.eclipse.ditto.signals.commands.messages.SendClaimMessage;
import org.eclipse.ditto.signals.commands.things.ThingCommand;
import org.eclipse.ditto.signals.commands.things.exceptions.ThingCommandToAccessExceptionRegistry;
import org.eclipse.ditto.signals.commands.things.exceptions.ThingCommandToModifyExceptionRegistry;
import org.eclipse.ditto.signals.commands.things.exceptions.ThingNotAccessibleException;
import org.eclipse.ditto.signals.commands.things.exceptions.ThingNotModifiableException;
import org.eclipse.ditto.signals.commands.things.modify.CreateThing;
import org.eclipse.ditto.signals.commands.things.modify.ThingModifyCommand;
import org.eclipse.ditto.signals.commands.things.query.ThingQueryCommand;
import scala.concurrent.duration.FiniteDuration;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/proxy/actors/AbstractThingPolicyEnforcerActor.class */
public abstract class AbstractThingPolicyEnforcerActor extends AbstractPolicyEnforcerActor {
    private static final String THING_POLICY_DELETED_MESSAGE = "The Thing with ID ''{0}'' could not be accessed as its Policy with ID ''{1}'' is not or no longer existing.";
    private static final String THING_POLICY_DELETED_DESCRIPTION = "Recreate/create the Policy with ID ''{0}'' in order to get access to the Thing again.";
    private static final String SERVICE_NAME_THINGS = "Things";
    private final ActorRef thingsShardRegion;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractThingPolicyEnforcerActor(ActorRef actorRef, ActorRef actorRef2, ActorRef actorRef3, ActorRef actorRef4, FiniteDuration finiteDuration, FiniteDuration finiteDuration2, Map<String, JsonFieldSelector> map) {
        super(actorRef, actorRef2, actorRef4, finiteDuration, finiteDuration2, map);
        this.thingsShardRegion = actorRef3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addThingEnforcingBehaviour(ReceiveBuilder receiveBuilder) {
        receiveBuilder.match(SudoCommand.class, this::forwardThingSudoCommand).match(SendClaimMessage.class, (v1) -> {
            publishMessageCommand(v1);
        }).match(MessageCommand.class, this::isAuthorized, this::publishMessageCommand).match(MessageCommand.class, this::unauthorized).match(Signal.class, AbstractPolicyEnforcerActor::isLiveSignal, signal -> {
            getSender().forward(enrichDittoHeaders(signal, signal.getResourcePath(), signal.getResourceType()), getContext());
        }).match(CreateThing.class, this::isCreateThingAuthorized, (v1) -> {
            forwardThingModifyCommand(v1);
        }).match(CreateThing.class, (v1) -> {
            unauthorized(v1);
        }).match(ThingModifyCommand.class, this::isThingModifyCommandAuthorized, this::forwardThingModifyCommand).match(ThingModifyCommand.class, this::unauthorized).match(ThingQueryCommand.class, this::isAuthorized, this::forwardThingQueryCommand).match(ThingQueryCommand.class, this::unauthorized);
    }

    private void publishMessageCommand(MessageCommand<?, ?> messageCommand) {
        publishCommand(messageCommand);
        FireAndForgetMessageUtil.getResponseForFireAndForgetMessage(messageCommand).ifPresent(sendMessageAcceptedResponse -> {
            getSender().tell(sendMessageAcceptedResponse, getSelf());
        });
    }

    private void forwardThingSudoCommand(SudoCommand sudoCommand) {
        LogUtil.enhanceLogWithCorrelationId(getLogger(), sudoCommand);
        logForwardingOfReceivedSignal(sudoCommand, SERVICE_NAME_THINGS);
        incrementAccessCounter();
        this.thingsShardRegion.forward(sudoCommand, getContext());
    }

    private void forwardThingModifyCommand(ThingModifyCommand<?> thingModifyCommand) {
        LogUtil.enhanceLogWithCorrelationId(getLogger(), thingModifyCommand);
        ThingCommand enrichDittoHeaders = enrichDittoHeaders(thingModifyCommand, thingModifyCommand.getResourcePath(), thingModifyCommand.getResourceType());
        logForwardingOfReceivedSignal(enrichDittoHeaders, SERVICE_NAME_THINGS);
        incrementAccessCounter();
        this.thingsShardRegion.forward(enrichDittoHeaders, getContext());
        if (thingModifyCommand.changesAuthorization()) {
            synchronizePolicy();
        }
    }

    private void forwardThingQueryCommand(ThingQueryCommand<?> thingQueryCommand) {
        LogUtil.enhanceLogWithCorrelationId(getLogger(), thingQueryCommand);
        ThingQueryCommand enrichDittoHeaders = enrichDittoHeaders(thingQueryCommand, thingQueryCommand.getResourcePath(), thingQueryCommand.getResourceType());
        logForwardingOfReceivedSignal(enrichDittoHeaders, SERVICE_NAME_THINGS);
        incrementAccessCounter();
        this.thingsShardRegion.tell(enrichDittoHeaders, getSelf());
        becomeQueryingBehaviour();
        preserveQueryOriginalSender(getSender());
        scheduleQueryTimeout();
    }

    private boolean isAuthorized(ThingQueryCommand thingQueryCommand) {
        return isEnforcerAvailable() && getPolicyEnforcer().hasPartialPermissions(PoliciesResourceType.thingResource(thingQueryCommand.getResourcePath()), thingQueryCommand.getDittoHeaders().getAuthorizationContext(), "READ", new String[0]);
    }

    private boolean isAuthorized(MessageCommand messageCommand) {
        return isEnforcerAvailable() && getPolicyEnforcer().hasUnrestrictedPermissions(PoliciesResourceType.messageResource(messageCommand.getResourcePath()), messageCommand.getDittoHeaders().getAuthorizationContext(), "WRITE", new String[0]);
    }

    private boolean isCreateThingAuthorized(CreateThing createThing) {
        return isEnforcerAvailable() ? isThingModifyCommandAuthorized(createThing) : isInlinePolicyAuthorized(createThing, createThing.getInitialPolicy(), () -> {
            return Boolean.valueOf(isThingModifyCommandAuthorized(createThing));
        });
    }

    private boolean isInlinePolicyAuthorized(ThingModifyCommand thingModifyCommand, Optional<JsonObject> optional, Supplier<Boolean> supplier) {
        return ((Boolean) optional.map(PoliciesModelFactory::newPolicy).map(policy -> {
            rebuildPolicyEnforcer(policy, 1L);
            return Boolean.valueOf(isThingModifyCommandAuthorized(thingModifyCommand));
        }).orElseGet(supplier)).booleanValue();
    }

    private boolean isThingModifyCommandAuthorized(ThingModifyCommand thingModifyCommand) {
        return isEnforcerAvailable() && getPolicyEnforcer().hasUnrestrictedPermissions(PoliciesResourceType.thingResource(thingModifyCommand.getResourcePath()), thingModifyCommand.getDittoHeaders().getAuthorizationContext(), "WRITE", new String[0]);
    }

    private void unauthorized(ThingModifyCommand thingModifyCommand) {
        DittoRuntimeException build = !isEnforcerAvailable() ? ThingNotModifiableException.newBuilder(thingModifyCommand.getThingId()).message(MessageFormat.format(THING_POLICY_DELETED_MESSAGE, thingModifyCommand.getThingId(), getPolicyId())).description(MessageFormat.format(THING_POLICY_DELETED_DESCRIPTION, getPolicyId())).build() : ThingCommandToModifyExceptionRegistry.getInstance().exceptionFrom(thingModifyCommand);
        logUnauthorized(thingModifyCommand, build);
        getSender().tell(build, getSelf());
    }

    private void unauthorized(ThingQueryCommand thingQueryCommand) {
        DittoRuntimeException build = !isEnforcerAvailable() ? ThingNotAccessibleException.newBuilder(thingQueryCommand.getThingId()).message(MessageFormat.format(THING_POLICY_DELETED_MESSAGE, thingQueryCommand.getThingId(), getPolicyId())).description(MessageFormat.format(THING_POLICY_DELETED_DESCRIPTION, getPolicyId())).build() : ThingCommandToAccessExceptionRegistry.getInstance().exceptionFrom(thingQueryCommand);
        logUnauthorized(thingQueryCommand, build);
        getSender().tell(build, getSelf());
    }

    private void unauthorized(MessageCommand messageCommand) {
        MessageSendNotAllowedException build = MessageSendNotAllowedException.newBuilder(messageCommand.getThingId()).dittoHeaders(messageCommand.getDittoHeaders()).build();
        logUnauthorized(messageCommand, build);
        getSender().tell(build, getSelf());
    }
}
