package org.eclipse.hono.adapter.auth.device;

import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.Tracer;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import java.util.Objects;
import org.eclipse.hono.adapter.auth.device.AbstractDeviceCredentials;
import org.eclipse.hono.adapter.client.registry.CredentialsClient;
import org.eclipse.hono.auth.Device;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.client.ServerErrorException;
import org.eclipse.hono.client.ServiceInvocationException;
import org.eclipse.hono.service.auth.DeviceUser;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CredentialsObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/adapter/auth/device/CredentialsApiAuthProvider.class */
public abstract class CredentialsApiAuthProvider<T extends AbstractDeviceCredentials> implements DeviceCredentialsAuthProvider<T> {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private final CredentialsClient credentialsClient;
    private final Tracer tracer;

    public CredentialsApiAuthProvider(CredentialsClient credentialsClient, Tracer tracer) {
        this.credentialsClient = (CredentialsClient) Objects.requireNonNull(credentialsClient);
        this.tracer = (Tracer) Objects.requireNonNull(tracer);
    }

    protected final Future<CredentialsObject> getCredentialsForDevice(DeviceCredentials deviceCredentials, SpanContext spanContext) {
        Objects.requireNonNull(deviceCredentials);
        return this.credentialsClient.get(deviceCredentials.getTenantId(), deviceCredentials.getType(), deviceCredentials.getAuthId(), deviceCredentials.getClientContext(), spanContext);
    }

    @Override // org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider
    public final void authenticate(T t, SpanContext spanContext, Handler<AsyncResult<DeviceUser>> handler) {
        Objects.requireNonNull(t);
        Objects.requireNonNull(handler);
        Span start = TracingHelper.buildServerChildSpan(this.tracer, spanContext, "authenticate device", getClass().getSimpleName()).withTag("tenant_id", t.getTenantId()).withTag(TracingHelper.TAG_AUTH_ID.getKey(), t.getAuthId()).start();
        getCredentialsForDevice(t, start.context()).recover(th -> {
            return Future.failedFuture(mapNotFoundToBadCredentialsException(th));
        }).compose(credentialsObject -> {
            return validateCredentials(t, credentialsObject, start.context());
        }).map(device -> {
            return new DeviceUser(device.getTenantId(), device.getDeviceId());
        }).onComplete(asyncResult -> {
            if (asyncResult.succeeded()) {
                start.log("successfully authenticated device");
            } else {
                start.log("authentication of device failed");
                TracingHelper.logError(start, asyncResult.cause());
            }
            start.finish();
            handler.handle(asyncResult);
        });
    }

    public static Throwable mapNotFoundToBadCredentialsException(Throwable th) {
        return ServiceInvocationException.extractStatusCode(th) == 404 ? new ClientErrorException(401, "bad credentials") : th;
    }

    private Future<Device> validateCredentials(T t, CredentialsObject credentialsObject, SpanContext spanContext) {
        Span start = TracingHelper.buildServerChildSpan(this.tracer, spanContext, "validate credentials", getClass().getSimpleName()).withTag("tenant_id", t.getTenantId()).withTag(TracingHelper.TAG_AUTH_ID.getKey(), t.getAuthId()).withTag(TracingHelper.TAG_CREDENTIALS_TYPE.getKey(), t.getType()).start();
        Promise promise = Promise.promise();
        if (!t.getAuthId().equals(credentialsObject.getAuthId())) {
            start.log(String.format("Credentials service returned wrong credentials-on-record [auth-id: %s]", credentialsObject.getAuthId()));
            promise.fail(new ServerErrorException(500));
        } else if (!t.getType().equals(credentialsObject.getType())) {
            start.log(String.format("Credentials service returned wrong credentials-on-record [type: %s]", credentialsObject.getType()));
            promise.fail(new ServerErrorException(500));
        } else if (credentialsObject.isEnabled()) {
            doValidateCredentials(t, credentialsObject).onComplete(promise);
        } else {
            start.log("credentials-on-record are disabled");
            promise.fail(new ClientErrorException(401));
        }
        return promise.future().map(device -> {
            start.log("validation of credentials succeeded");
            start.finish();
            return device;
        }).recover(th -> {
            start.log("validation of credentials failed");
            TracingHelper.logError(start, th);
            start.finish();
            return Future.failedFuture(th);
        });
    }

    protected abstract Future<Device> doValidateCredentials(T t, CredentialsObject credentialsObject);

    public final void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        T credentials = getCredentials((JsonObject) Objects.requireNonNull(jsonObject));
        if (credentials == null) {
            handler.handle(Future.failedFuture(new ClientErrorException(401, "malformed credentials")));
        } else {
            authenticate(credentials, TracingHelper.extractSpanContext(this.tracer, jsonObject), asyncResult -> {
                if (asyncResult.succeeded()) {
                    handler.handle(Future.succeededFuture((User) asyncResult.result()));
                } else {
                    handler.handle(Future.failedFuture(asyncResult.cause()));
                }
            });
        }
    }
}
