package org.eclipse.hono.deviceregistry.mongodb.model;

import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.Tracer;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.healthchecks.HealthCheckHandler;
import io.vertx.ext.healthchecks.Status;
import io.vertx.ext.mongo.FindOptions;
import io.vertx.ext.mongo.IndexOptions;
import io.vertx.ext.mongo.MongoClient;
import io.vertx.ext.mongo.UpdateOptions;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.deviceregistry.mongodb.utils.MongoDbDocumentBuilder;
import org.eclipse.hono.deviceregistry.util.FieldLevelEncryption;
import org.eclipse.hono.service.HealthCheckProvider;
import org.eclipse.hono.service.management.credentials.CredentialsDto;
import org.eclipse.hono.tracing.TracingHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/deviceregistry/mongodb/model/MongoDbBasedCredentialsDao.class */
public final class MongoDbBasedCredentialsDao extends MongoDbBasedDao implements CredentialsDao, HealthCheckProvider {
    public static final String IDX_CREDENTIALS_TYPE_AND_AUTH_ID = "credentials_type_and_auth_id";
    public static final JsonObject PROJECTION_CREDS_BY_TYPE_AND_AUTH_ID = new JsonObject().put("device-id", 1).put(String.format("%s.$", "credentials"), 1).put("_id", 0);
    private static final Logger LOG = LoggerFactory.getLogger(MongoDbBasedCredentialsDao.class);
    private static final String KEY_AUTH_ID = String.format("%s.%s", "credentials", "auth-id");
    private static final String KEY_CREDENTIALS_TYPE = String.format("%s.%s", "credentials", "type");
    private final AtomicBoolean creatingIndices;
    private final AtomicBoolean indicesCreated;

    public MongoDbBasedCredentialsDao(MongoClient mongoClient, String str, Tracer tracer, FieldLevelEncryption fieldLevelEncryption) {
        super(mongoClient, str, tracer, fieldLevelEncryption);
        this.creatingIndices = new AtomicBoolean(false);
        this.indicesCreated = new AtomicBoolean(false);
        Optional.ofNullable(fieldLevelEncryption).ifPresent(fieldLevelEncryption2 -> {
            LOG.info("using [{}] for encrypting credentials", fieldLevelEncryption2.getClass().getName());
        });
    }

    public Future<Void> createIndices() {
        Promise promise = Promise.promise();
        if (this.creatingIndices.compareAndSet(false, true)) {
            createIndex(new JsonObject().put("tenant-id", 1).put("device-id", 1), new IndexOptions().unique(true)).compose(r10 -> {
                return createIndex(new JsonObject().put("tenant-id", 1).put(KEY_AUTH_ID, 1).put(KEY_CREDENTIALS_TYPE, 1), new IndexOptions().unique(true).partialFilterExpression(new JsonObject().put(KEY_AUTH_ID, new JsonObject().put("$exists", true)).put(KEY_CREDENTIALS_TYPE, new JsonObject().put("$exists", true))));
            }).compose(r6 -> {
                return createIndex(new JsonObject().put(KEY_AUTH_ID, 1).put(KEY_CREDENTIALS_TYPE, 1), new IndexOptions().name(IDX_CREDENTIALS_TYPE_AND_AUTH_ID));
            }).onSuccess(r4 -> {
                this.indicesCreated.set(true);
            }).onComplete(asyncResult -> {
                this.creatingIndices.set(false);
                promise.handle(asyncResult);
            });
        } else {
            LOG.debug("already trying to create indices");
        }
        return promise.future();
    }

    public void registerReadinessChecks(HealthCheckHandler healthCheckHandler) {
        healthCheckHandler.register("credentials-indices-created-" + UUID.randomUUID(), promise -> {
            if (this.indicesCreated.get()) {
                promise.tryComplete(Status.OK());
                return;
            }
            LOG.debug("credentials-indices not (yet) created");
            promise.tryComplete(Status.KO());
            createIndices();
        });
    }

    public void registerLivenessChecks(HealthCheckHandler healthCheckHandler) {
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<String> create(CredentialsDto credentialsDto, SpanContext spanContext) {
        Objects.requireNonNull(credentialsDto);
        Span start = this.tracer.buildSpan("add Credentials").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, credentialsDto.getTenantId()).withTag(TracingHelper.TAG_DEVICE_ID, credentialsDto.getDeviceId()).start();
        credentialsDto.getCredentials().stream().forEach(commonCredential -> {
            commonCredential.encryptFields(this.fieldLevelEncryption);
        });
        JsonObject mapFrom = JsonObject.mapFrom(credentialsDto);
        if (LOG.isTraceEnabled()) {
            LOG.trace("creating credentials for device [tenant: {}, device-id: {}, resource-version; {}]:{}{}", new Object[]{credentialsDto.getTenantId(), credentialsDto.getDeviceId(), credentialsDto.getVersion(), System.lineSeparator(), mapFrom.encodePrettily()});
        }
        return this.mongoClient.insert(this.collectionName, mapFrom).map(str -> {
            start.log("successfully added credentials");
            LOG.debug("successfully added credentials for device [tenant: {}, device-id: {}, resource-version: {}]", new Object[]{credentialsDto.getTenantId(), credentialsDto.getDeviceId(), credentialsDto.getVersion()});
            return credentialsDto.getVersion();
        }).onFailure(th -> {
            LOG.debug("error adding credentials for device [tenant: {}, device-id: {}]", new Object[]{credentialsDto.getTenantId(), credentialsDto.getDeviceId(), th});
            TracingHelper.logError(start, "error adding credentials", th);
        }).recover(this::mapError).onComplete(asyncResult -> {
            start.finish();
        });
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<CredentialsDto> getByDeviceId(String str, String str2, SpanContext spanContext) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Span start = this.tracer.buildSpan("get Credentials by device ID").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, str).withTag(TracingHelper.TAG_DEVICE_ID, str2).start();
        return getByDeviceId(str, str2).onFailure(th -> {
            LOG.debug("error retrieving credentials by device ID", th);
            TracingHelper.logError(start, "error retrieving credentials by device ID", th);
        }).recover(this::mapError).onComplete(asyncResult -> {
            start.finish();
        });
    }

    private Future<CredentialsDto> getByDeviceId(String str, String str2) {
        LOG.trace("retrieving credentials for device [tenant-id: {}, device-id: {}]", str, str2);
        return this.mongoClient.findOne(this.collectionName, MongoDbDocumentBuilder.builder().withTenantId(str).withDeviceId(str2).document(), (JsonObject) null).map(jsonObject -> {
            if (jsonObject == null) {
                throw new ClientErrorException(str, 404, "no matching credentials on record");
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("credentials data from collection:{}{}", System.lineSeparator(), jsonObject.encodePrettily());
            }
            CredentialsDto credentialsDto = (CredentialsDto) jsonObject.mapTo(CredentialsDto.class);
            credentialsDto.getCredentials().stream().forEach(commonCredential -> {
                commonCredential.decryptFields(this.fieldLevelEncryption);
            });
            return credentialsDto;
        });
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<CredentialsDto> getByAuthIdAndType(String str, String str2, String str3, SpanContext spanContext) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        Span start = this.tracer.buildSpan("get Credentials by auth ID and type").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, str).withTag(TracingHelper.TAG_AUTH_ID, str2).withTag(TracingHelper.TAG_CREDENTIALS_TYPE, str3).start();
        JsonObject document = MongoDbDocumentBuilder.builder().withTenantId(str).withAuthId(str2).withType(str3).document();
        if (LOG.isTraceEnabled()) {
            LOG.trace("retrieving credentials using filter:{}{}", System.lineSeparator(), document.encodePrettily());
        }
        return this.mongoClient.findOne(this.collectionName, document, PROJECTION_CREDS_BY_TYPE_AND_AUTH_ID).map(jsonObject -> {
            if (jsonObject == null) {
                throw new ClientErrorException(str, 404, "no matching credentials on record");
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("credentials data from collection:{}{}", System.lineSeparator(), jsonObject.encodePrettily());
            }
            CredentialsDto credentialsDto = (CredentialsDto) jsonObject.mapTo(CredentialsDto.class);
            credentialsDto.getCredentials().stream().forEach(commonCredential -> {
                commonCredential.decryptFields(this.fieldLevelEncryption);
            });
            return credentialsDto;
        }).onFailure(th -> {
            LOG.debug("error retrieving credentials by auth-id and type", th);
            TracingHelper.logError(start, "error retrieving credentials by auth-id and type", th);
        }).recover(this::mapError).onComplete(asyncResult -> {
            start.finish();
        });
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<String> update(CredentialsDto credentialsDto, Optional<String> optional, SpanContext spanContext) {
        Objects.requireNonNull(credentialsDto);
        Objects.requireNonNull(optional);
        Span start = this.tracer.buildSpan("update Credentials").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, credentialsDto.getTenantId()).withTag(TracingHelper.TAG_DEVICE_ID, credentialsDto.getDeviceId()).start();
        optional.ifPresent(str -> {
            TracingHelper.TAG_RESOURCE_VERSION.set(start, str);
        });
        credentialsDto.getCredentials().stream().forEach(commonCredential -> {
            commonCredential.encryptFields(this.fieldLevelEncryption);
        });
        JsonObject document = MongoDbDocumentBuilder.builder().withVersion(optional).withTenantId(credentialsDto.getTenantId()).withDeviceId(credentialsDto.getDeviceId()).document();
        JsonObject mapFrom = JsonObject.mapFrom(credentialsDto);
        if (LOG.isTraceEnabled()) {
            LOG.trace("updating credentials of device [tenant: {}, device-id: {}, resource-version; {}]:{}{}", new Object[]{credentialsDto.getTenantId(), credentialsDto.getDeviceId(), optional.orElse(null), System.lineSeparator(), mapFrom.encodePrettily()});
        }
        return this.mongoClient.findOneAndReplaceWithOptions(this.collectionName, document, mapFrom, new FindOptions(), new UpdateOptions().setReturningNewDocument(true)).compose(jsonObject -> {
            if (jsonObject == null) {
                return MongoDbBasedDao.checkForVersionMismatchAndFail(String.format("credentials [tenant-id: %s, device-id: %s]", credentialsDto.getTenantId(), credentialsDto.getDeviceId()), optional, getByDeviceId(credentialsDto.getTenantId(), credentialsDto.getDeviceId()));
            }
            LOG.debug("successfully updated credentials for device [tenant: {}, device-id: {}]", credentialsDto.getTenantId(), credentialsDto.getDeviceId());
            start.log("successfully updated credentials");
            if (LOG.isTraceEnabled()) {
                LOG.trace("new document in DB:{}{}", System.lineSeparator(), jsonObject.encodePrettily());
            }
            return Future.succeededFuture(jsonObject.getString("version"));
        }).recover(th -> {
            return MongoDbBasedDao.isDuplicateKeyError(th) ? Future.failedFuture(new ClientErrorException(credentialsDto.getTenantId(), 409, "credentials (type, auth-id) must be unique for device")) : Future.failedFuture(th);
        }).onFailure(th2 -> {
            LOG.debug("error updating credentials", th2);
            TracingHelper.logError(start, "error updating credentials", th2);
        }).recover(this::mapError).onComplete(asyncResult -> {
            start.finish();
        });
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<Void> delete(String str, String str2, Optional<String> optional, SpanContext spanContext) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(optional);
        Span start = this.tracer.buildSpan("delete Credentials").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, str).withTag(TracingHelper.TAG_DEVICE_ID, str2).start();
        optional.ifPresent(str3 -> {
            TracingHelper.TAG_RESOURCE_VERSION.set(start, str3);
        });
        return this.mongoClient.findOneAndDelete(this.collectionName, MongoDbDocumentBuilder.builder().withVersion(optional).withTenantId(str).withDeviceId(str2).document()).compose(jsonObject -> {
            if (jsonObject == null) {
                return MongoDbBasedDao.checkForVersionMismatchAndFail(String.format("credentials [tenant-id: %s, device-id: %s]", str, str2), optional, getByDeviceId(str, str2));
            }
            start.log("successfully deleted credentials");
            LOG.debug("successfully deleted credentials for device [tenant: {}, device-id: {}]", str, str2);
            return Future.succeededFuture((Void) null);
        }).onFailure(th -> {
            LOG.debug("error deleting credentials", th);
            TracingHelper.logError(start, "error deleting credentials", th);
        }).recover(this::mapError).onComplete(asyncResult -> {
            start.finish();
        });
    }

    @Override // org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao
    public Future<Void> delete(String str, SpanContext spanContext) {
        Objects.requireNonNull(str);
        Span start = this.tracer.buildSpan("delete Credentials of all of Tenant's Devices").addReference("child_of", spanContext).withTag(TracingHelper.TAG_TENANT_ID, str).start();
        return this.mongoClient.removeDocuments(this.collectionName, MongoDbDocumentBuilder.builder().withTenantId(str).document()).compose(mongoClientDeleteResult -> {
            start.log("successfully deleted credentials");
            LOG.debug("successfully deleted credentials for devices of tenant [tenant-id: {}]", str);
            return Future.succeededFuture((Void) null);
        }).recover(th -> {
            LOG.debug("error deleting credentials", th);
            TracingHelper.logError(start, "error deleting credentials", th);
            return mapError(th);
        }).onComplete(asyncResult -> {
            start.finish();
        });
    }
}
