package org.eclipse.hono.adapter.http.impl;

import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.ChainAuthHandler;
import io.vertx.ext.web.handler.CorsHandler;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.hono.adapter.HttpContext;
import org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider;
import org.eclipse.hono.adapter.auth.device.usernamepassword.UsernamePasswordAuthProvider;
import org.eclipse.hono.adapter.auth.device.usernamepassword.UsernamePasswordCredentials;
import org.eclipse.hono.adapter.auth.device.x509.SubjectDnCredentials;
import org.eclipse.hono.adapter.auth.device.x509.TenantServiceBasedX509Authentication;
import org.eclipse.hono.adapter.auth.device.x509.X509AuthProvider;
import org.eclipse.hono.adapter.http.AbstractVertxBasedHttpProtocolAdapter;
import org.eclipse.hono.adapter.http.HonoBasicAuthHandler;
import org.eclipse.hono.adapter.http.HttpProtocolAdapterProperties;
import org.eclipse.hono.adapter.http.X509AuthHandler;
import org.eclipse.hono.auth.Device;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.service.http.HttpUtils;
import org.eclipse.hono.util.ResourceIdentifier;
import org.eclipse.hono.util.Strings;

/* loaded from: input_file:org/eclipse/hono/adapter/http/impl/VertxBasedHttpProtocolAdapter.class */
public final class VertxBasedHttpProtocolAdapter extends AbstractVertxBasedHttpProtocolAdapter<HttpProtocolAdapterProperties> {
    private static final String PARAM_TENANT = "tenant_id";
    private static final String PARAM_DEVICE_ID = "device_id";
    private static final String PARAM_COMMAND_REQUEST_ID = "cmd_req_id";
    private static final String ROUTE_TELEMETRY_ENDPOINT = "/telemetry";
    private static final String ROUTE_EVENT_ENDPOINT = "/event";
    private DeviceCredentialsAuthProvider<UsernamePasswordCredentials> usernamePasswordAuthProvider;
    private DeviceCredentialsAuthProvider<SubjectDnCredentials> clientCertAuthProvider;

    public void setUsernamePasswordAuthProvider(DeviceCredentialsAuthProvider<UsernamePasswordCredentials> deviceCredentialsAuthProvider) {
        this.usernamePasswordAuthProvider = (DeviceCredentialsAuthProvider) Objects.requireNonNull(deviceCredentialsAuthProvider);
    }

    public void setClientCertAuthProvider(DeviceCredentialsAuthProvider<SubjectDnCredentials> deviceCredentialsAuthProvider) {
        this.clientCertAuthProvider = (DeviceCredentialsAuthProvider) Objects.requireNonNull(deviceCredentialsAuthProvider);
    }

    public String getTypeName() {
        return "hono-http";
    }

    @Override // org.eclipse.hono.adapter.http.AbstractVertxBasedHttpProtocolAdapter
    protected void addRoutes(Router router) {
        if (!((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            this.log.warn("device authentication has been disabled");
            this.log.warn("any device may publish data on behalf of all other devices");
            addTelemetryApiRoutes(router, null);
            addEventApiRoutes(router, null);
            addCommandResponseRoutes(router, null);
            return;
        }
        ChainAuthHandler any = ChainAuthHandler.any();
        any.add(new X509AuthHandler(new TenantServiceBasedX509Authentication(getTenantClient(), this.tracer), (DeviceCredentialsAuthProvider) Optional.ofNullable(this.clientCertAuthProvider).orElseGet(() -> {
            return new X509AuthProvider(getCredentialsClient(), this.tracer);
        }), (deviceCredentials, httpContext) -> {
            return this.handleBeforeCredentialsValidation(deviceCredentials, httpContext);
        }));
        any.add(new HonoBasicAuthHandler((DeviceCredentialsAuthProvider) Optional.ofNullable(this.usernamePasswordAuthProvider).orElseGet(() -> {
            return new UsernamePasswordAuthProvider(getCredentialsClient(), this.tracer);
        }), ((HttpProtocolAdapterProperties) getConfig()).getRealm(), (deviceCredentials2, httpContext2) -> {
            return this.handleBeforeCredentialsValidation(deviceCredentials2, httpContext2);
        }));
        addTelemetryApiRoutes(router, any);
        addEventApiRoutes(router, any);
        addCommandResponseRoutes(router, any);
    }

    private void addTelemetryApiRoutes(Router router, Handler<RoutingContext> handler) {
        String format = String.format("/telemetry/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID);
        router.routeWithRegex("\\/telemetry\\/.+").handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("QoS-Level").allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id")).setName("/telemetry (CORS)");
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            router.route(ROUTE_TELEMETRY_ENDPOINT).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.POST).allowedHeader("QoS-Level").allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id")).setName("/telemetry (CORS)");
            router.post(ROUTE_TELEMETRY_ENDPOINT).handler(handler).handler(getBodyHandler());
            router.post(ROUTE_TELEMETRY_ENDPOINT).handler(this::handlePostTelemetry);
            router.put("/telemetry/*").handler(handler).setName(format);
            router.put(format).handler(this::assertTenant);
        }
        router.putWithRegex("\\/telemetry\\/.+").handler(getBodyHandler()).handler(this::handlePutTelemetry).setName(format);
    }

    private void addEventApiRoutes(Router router, Handler<RoutingContext> handler) {
        String format = String.format("/event/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID);
        router.routeWithRegex("\\/event\\/.+").handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id")).setName("/event (CORS)");
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            router.route(ROUTE_EVENT_ENDPOINT).handler(CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.POST).allowedHeader("hono-ttd").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString()).exposedHeader("hono-command").exposedHeader("hono-cmd-req-id")).setName("/event (CORS)");
            router.post(ROUTE_EVENT_ENDPOINT).handler(handler).handler(getBodyHandler());
            router.post(ROUTE_EVENT_ENDPOINT).handler(this::handlePostTelemetry);
            router.put("/event/*").handler(handler).setName(format);
            router.put(format).handler(this::assertTenant);
        }
        router.putWithRegex("\\/event\\/.+").handler(getBodyHandler()).handler(this::handlePutTelemetry).setName(format);
    }

    private void addCommandResponseRoutes(Router router, Handler<RoutingContext> handler) {
        String format = String.format("/command/res/:%s/:%s/:%s", PARAM_TENANT, PARAM_DEVICE_ID, PARAM_COMMAND_REQUEST_ID);
        CorsHandler allowedHeader = CorsHandler.create(((HttpProtocolAdapterProperties) getConfig()).getCorsAllowedOrigin()).allowedMethod(HttpMethod.PUT).allowedHeader("hono-cmd-status").allowedHeader(HttpHeaders.AUTHORIZATION.toString()).allowedHeader(HttpHeaders.CONTENT_TYPE.toString());
        router.route("/command/res/*").handler(allowedHeader).setName("/command/res/* (CORS)");
        if (((HttpProtocolAdapterProperties) getConfig()).isAuthenticationRequired()) {
            allowedHeader.allowedMethod(HttpMethod.POST);
            String format2 = String.format("/command/res/:%s", PARAM_COMMAND_REQUEST_ID);
            router.post("/command/res/*").handler(handler).handler(getBodyHandler()).setName(format2);
            router.post(format2).handler(this::handlePostCommandResponse);
            router.put("/command/res/*").handler(handler).setName(format);
            router.put(format).handler(this::assertTenant);
        }
        router.put("/command/res/*").handler(getBodyHandler()).handler(this::handlePutCommandResponse).setName(format);
    }

    private static String getTenantParam(RoutingContext routingContext) {
        return routingContext.request().getParam(PARAM_TENANT);
    }

    private static String getCommandRequestIdParam(RoutingContext routingContext) {
        return routingContext.request().getParam(PARAM_COMMAND_REQUEST_ID);
    }

    private static Integer getCommandResponseStatusParam(RoutingContext routingContext) {
        return (Integer) HttpUtils.getCommandResponseStatus(routingContext).orElse(null);
    }

    private void handle401(RoutingContext routingContext) {
        HttpUtils.unauthorized(routingContext, "Basic realm=\"" + ((HttpProtocolAdapterProperties) getConfig()).getRealm() + "\"");
    }

    void handlePostTelemetry(RoutingContext routingContext) {
        Device user = routingContext.user();
        if (!(user instanceof Device)) {
            handle401(routingContext);
        } else {
            Device device = user;
            doUploadMessage(HttpContext.from(routingContext), device.getTenantId(), device.getDeviceId());
        }
    }

    void handlePutTelemetry(RoutingContext routingContext) {
        HttpContext from = HttpContext.from(routingContext);
        ResourceIdentifier requestedResource = from.getRequestedResource();
        if (Strings.isNullOrEmpty(requestedResource.getResourceId())) {
            HttpUtils.notFound(routingContext, "request URI must contain device ID");
            return;
        }
        Device user = routingContext.user();
        if (user instanceof Device) {
            doUploadMessage(from, user.getTenantId(), requestedResource.getResourceId());
        } else if (Strings.isNullOrEmpty(requestedResource.getTenantId())) {
            HttpUtils.notFound(routingContext, "request URI must contain tenant ID");
        } else {
            doUploadMessage(from, requestedResource.getTenantId(), requestedResource.getResourceId());
        }
    }

    void handlePostCommandResponse(RoutingContext routingContext) {
        Device user = routingContext.user();
        if (!(user instanceof Device)) {
            handle401(routingContext);
        } else {
            Device device = user;
            uploadCommandResponseMessage(HttpContext.from(routingContext), device.getTenantId(), device.getDeviceId(), getCommandRequestIdParam(routingContext), getCommandResponseStatusParam(routingContext));
        }
    }

    void handlePutCommandResponse(RoutingContext routingContext) {
        HttpContext from = HttpContext.from(routingContext);
        String[] path = from.getRequestedResource().toPath();
        if (path.length < 5) {
            HttpUtils.notFound(routingContext, "request URI must contain tenant, device and request ID");
            return;
        }
        String str = path[2];
        String str2 = path[3];
        String str3 = path[4];
        if (Strings.isNullOrEmpty(str2)) {
            HttpUtils.notFound(routingContext, "request URI must contain device ID");
            return;
        }
        Device user = routingContext.user();
        if (user instanceof Device) {
            uploadCommandResponseMessage(from, user.getTenantId(), str2, str3, getCommandResponseStatusParam(routingContext));
        } else if (Strings.isNullOrEmpty(str)) {
            HttpUtils.notFound(routingContext, "request URI must contain tenant ID");
        } else {
            uploadCommandResponseMessage(from, str, str2, str3, getCommandResponseStatusParam(routingContext));
        }
    }

    void assertTenant(RoutingContext routingContext) {
        Device user = routingContext.user();
        if (!(user instanceof Device)) {
            handle401(routingContext);
        } else if (user.getTenantId().equals(getTenantParam(routingContext))) {
            routingContext.next();
        } else {
            routingContext.fail(new ClientErrorException(403, "not authorized to upload data for device from other tenant"));
        }
    }
}
