package org.openremote.manager.asset;

import com.fasterxml.jackson.databind.node.NullNode;
import jakarta.persistence.OptimisticLockException;
import jakarta.validation.ConstraintViolationException;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.IntStream;
import org.jboss.resteasy.plugins.validation.ResteasyViolationExceptionImpl;
import org.openremote.container.message.MessageBrokerService;
import org.openremote.container.timer.TimerService;
import org.openremote.manager.event.ClientEventService;
import org.openremote.manager.security.ManagerIdentityService;
import org.openremote.manager.security.ManagerKeycloakIdentityProvider;
import org.openremote.manager.web.ManagerWebResource;
import org.openremote.model.asset.Asset;
import org.openremote.model.asset.AssetResource;
import org.openremote.model.asset.UserAssetLink;
import org.openremote.model.attribute.Attribute;
import org.openremote.model.attribute.AttributeEvent;
import org.openremote.model.attribute.AttributeState;
import org.openremote.model.attribute.AttributeWriteFailure;
import org.openremote.model.attribute.AttributeWriteResult;
import org.openremote.model.attribute.MetaItem;
import org.openremote.model.attribute.MetaMap;
import org.openremote.model.http.RequestParams;
import org.openremote.model.query.AssetQuery;
import org.openremote.model.query.filter.RealmPredicate;
import org.openremote.model.security.ClientRole;
import org.openremote.model.util.TextUtil;
import org.openremote.model.util.ValueUtil;
import org.openremote.model.value.MetaItemType;

/* loaded from: input_file:org/openremote/manager/asset/AssetResourceImpl.class */
public class AssetResourceImpl extends ManagerWebResource implements AssetResource {
    private static final Logger LOG = Logger.getLogger(AssetResourceImpl.class.getName());
    protected final AssetStorageService assetStorageService;
    protected final MessageBrokerService messageBrokerService;
    protected final ClientEventService clientEventService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openremote.manager.asset.AssetResourceImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/openremote/manager/asset/AssetResourceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openremote$model$attribute$AttributeWriteFailure = new int[AttributeWriteFailure.values().length];

        static {
            try {
                $SwitchMap$org$openremote$model$attribute$AttributeWriteFailure[AttributeWriteFailure.ASSET_NOT_FOUND.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openremote$model$attribute$AttributeWriteFailure[AttributeWriteFailure.ATTRIBUTE_NOT_FOUND.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openremote$model$attribute$AttributeWriteFailure[AttributeWriteFailure.INVALID_VALUE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openremote$model$attribute$AttributeWriteFailure[AttributeWriteFailure.QUEUE_FULL.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public AssetResourceImpl(TimerService timerService, ManagerIdentityService managerIdentityService, AssetStorageService assetStorageService, MessageBrokerService messageBrokerService, ClientEventService clientEventService) {
        super(timerService, managerIdentityService);
        this.assetStorageService = assetStorageService;
        this.messageBrokerService = messageBrokerService;
        this.clientEventService = clientEventService;
    }

    public Asset<?>[] getCurrentUserAssets(RequestParams requestParams) {
        try {
            if (isSuperUser()) {
                return new Asset[0];
            }
            if (!isAuthenticated()) {
                throw new NotAuthorizedException("Must be authenticated", new Object[0]);
            }
            AssetQuery userIds = new AssetQuery().userIds(new String[]{getUserId()});
            if (!this.assetStorageService.authorizeAssetQuery(userIds, getAuthContext(), getRequestRealmName())) {
                throw new ForbiddenException("User not authorized to execute specified query");
            }
            List<Asset<?>> findAll = this.assetStorageService.findAll(userIds);
            this.request.setAttribute("Content-Encoding", "gzip");
            return (Asset[]) findAll.toArray(new Asset[0]);
        } catch (IllegalStateException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
    }

    public UserAssetLink[] getUserAssetLinks(RequestParams requestParams, String str, String str2, String str3) {
        try {
            String authenticatedRealmName = TextUtil.isNullOrEmpty(str) ? getAuthenticatedRealmName() : str;
            boolean hasResourceRole = hasResourceRole(ClientRole.READ_ADMIN.getValue(), ManagerKeycloakIdentityProvider.DEFAULT_REALM_KEYCLOAK_THEME_DEFAULT);
            if (authenticatedRealmName == null) {
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }
            if (!isSuperUser() && !getAuthenticatedRealmName().equals(authenticatedRealmName)) {
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            if (!hasResourceRole && str2 != null && !Objects.equals(getUserId(), str2)) {
                throw new ForbiddenException("Can only retrieve own asset links unless you have role '" + String.valueOf(ClientRole.READ_ADMIN) + "'");
            }
            if (str2 != null && !this.identityService.getIdentityProvider().isUserInRealm(str2, authenticatedRealmName)) {
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }
            UserAssetLink[] userAssetLinkArr = (UserAssetLink[]) this.assetStorageService.findUserAssetLinks(authenticatedRealmName, str2, str3).toArray(new UserAssetLink[0]);
            this.request.setAttribute("Content-Encoding", "gzip");
            return userAssetLinkArr;
        } catch (IllegalStateException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
    }

    public void createUserAssetLinks(RequestParams requestParams, List<UserAssetLink> list) {
        if (isRestrictedUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        String realm = list.get(0).getId().getRealm();
        String userId = list.get(0).getId().getUserId();
        String[] strArr = new String[list.size()];
        IntStream.range(0, list.size()).forEach(i -> {
            UserAssetLink userAssetLink = (UserAssetLink) list.get(i);
            strArr[i] = userAssetLink.getId().getAssetId();
            if (!userAssetLink.getId().getRealm().equals(realm) || !userAssetLink.getId().getUserId().equals(userId)) {
                throw new BadRequestException("All user asset links must be for the same user");
            }
        });
        if (!isSuperUser() && !realm.equals(getAuthenticatedRealmName())) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        if (!this.identityService.getIdentityProvider().isUserInRealm(userId, realm)) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        if (this.assetStorageService.findAll(new AssetQuery().select(new AssetQuery.Select().excludeAttributes()).realm(new RealmPredicate(realm)).ids(strArr)).size() != list.size()) {
            throw new BadRequestException("One or more asset IDs are invalid");
        }
        try {
            this.assetStorageService.storeUserAssetLinks(list);
        } catch (Exception e) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
    }

    public void deleteUserAssetLink(RequestParams requestParams, String str, String str2, String str3) {
        deleteUserAssetLinks(requestParams, Collections.singletonList(new UserAssetLink(str, str2, str3)));
    }

    public void deleteAllUserAssetLinks(RequestParams requestParams, String str, String str2) {
        if (isRestrictedUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        if (!isSuperUser() && !getAuthenticatedRealm().getName().equals(str)) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        if (!this.identityService.getIdentityProvider().isUserInRealm(str2, str)) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        this.assetStorageService.deleteUserAssetLinks(str2);
    }

    public void deleteUserAssetLinks(RequestParams requestParams, List<UserAssetLink> list) {
        if (isRestrictedUser()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        String realm = list.get(0).getId().getRealm();
        String userId = list.get(0).getId().getUserId();
        if (list.stream().anyMatch(userAssetLink -> {
            return (userAssetLink.getId().getRealm().equals(realm) && userAssetLink.getId().getUserId().equals(userId)) ? false : true;
        })) {
            throw new BadRequestException("All user asset links must be for the same user");
        }
        if (!isSuperUser() && !getAuthenticatedRealm().getName().equals(realm)) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        try {
            this.assetStorageService.deleteUserAssetLinks(list);
        } catch (Exception e) {
            LOG.log(Level.INFO, "Failed to delete user asset links", (Throwable) e);
            throw new BadRequestException();
        }
    }

    public Asset<?> getPartial(RequestParams requestParams, String str) {
        return get(requestParams, str, false);
    }

    public Asset<?> get(RequestParams requestParams, String str) {
        return get(requestParams, str, true);
    }

    public Asset<?> get(RequestParams requestParams, String str, boolean z) {
        Asset<?> find;
        try {
            if (!isRestrictedUser()) {
                find = this.assetStorageService.find(str, z);
            } else {
                if (!this.assetStorageService.isUserAsset(getUserId(), str)) {
                    LOG.fine("Forbidden access for restricted user: username=" + getUsername() + ", assetID=" + str);
                    throw new WebApplicationException(Response.Status.FORBIDDEN);
                }
                find = this.assetStorageService.find(str, z, AssetQuery.Access.PROTECTED);
            }
            if (find == null) {
                throw new WebApplicationException(Response.Status.NOT_FOUND);
            }
            if (isRealmActiveAndAccessible(find.getRealm())) {
                this.request.setAttribute("Content-Encoding", "gzip");
                return find;
            }
            LOG.fine("Forbidden access (realm '" + find.getRealm() + "' nonexistent, inactive or inaccessible) for user: " + getUsername());
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        } catch (IllegalStateException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
    }

    public Asset<?> update(RequestParams requestParams, String str, Asset<?> asset) {
        LOG.fine("Updating asset: assetID=" + str);
        try {
            Asset<?> find = this.assetStorageService.find(str, true);
            if (find == null) {
                LOG.fine("Asset not found: assetID=" + str);
                throw new WebApplicationException(Response.Status.NOT_FOUND);
            }
            if (!isRealmActiveAndAccessible(find.getRealm())) {
                LOG.fine("Realm '" + find.getRealm() + "' is nonexistent, inactive or inaccessible: username=" + getUsername() + ", assetID=" + str);
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            if (!find.getRealm().equals(asset.getRealm())) {
                LOG.fine("Cannot change asset's realm: existingRealm=" + find.getRealm() + ", requestedRealm=" + asset.getRealm());
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            if (!find.getType().equals(asset.getType())) {
                LOG.fine("Cannot change asset's type: existingType=" + find.getType() + ", requestedType=" + asset.getType());
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            boolean isRestrictedUser = isRestrictedUser();
            find.setVersion(asset.getVersion());
            if (!isRestrictedUser) {
                find.setName(asset.getName());
                find.setParentId(asset.getParentId());
                find.setAccessPublicRead(asset.isAccessPublicRead());
                find.setAttributes(asset.getAttributes());
            }
            if (isRestrictedUser) {
                if (!this.assetStorageService.isUserAsset(getUserId(), str)) {
                    throw new WebApplicationException(Response.Status.FORBIDDEN);
                }
                for (Attribute attribute : asset.getAttributes().values()) {
                    String name = attribute.getName();
                    Optional attribute2 = find.getAttribute(name);
                    if (attribute2.isPresent()) {
                        Attribute attribute3 = (Attribute) attribute2.get();
                        if (((Boolean) attribute3.getMetaValue(MetaItemType.ACCESS_RESTRICTED_WRITE).orElse(false)).booleanValue()) {
                            MetaMap meta = attribute.getMeta();
                            meta.removeIf(metaItem -> {
                                return metaItem.getName().equals(MetaItemType.ACCESS_RESTRICTED_READ.getName()) || metaItem.getName().equals(MetaItemType.ACCESS_RESTRICTED_WRITE.getName()) || metaItem.getName().equals(MetaItemType.ACCESS_PUBLIC_READ.getName()) || metaItem.getName().equals(MetaItemType.ACCESS_PUBLIC_WRITE.getName());
                            });
                            MetaMap metaMap = (MetaMap) ValueUtil.clone(attribute3.getMeta());
                            metaMap.addOrReplace(meta);
                            attribute.setMeta(metaMap);
                            find.getAttributes().addOrReplace(attribute);
                        } else {
                            LOG.fine("Existing attribute not writable by restricted client, ignoring update of: " + name);
                        }
                    } else {
                        attribute.addOrReplaceMeta(new MetaItem[]{new MetaItem(MetaItemType.ACCESS_RESTRICTED_READ, true)});
                        attribute.addOrReplaceMeta(new MetaItem[]{new MetaItem(MetaItemType.ACCESS_RESTRICTED_WRITE, true)});
                        find.getAttributes().addOrReplace(attribute);
                    }
                }
                find.getAttributes().removeIf(attribute4 -> {
                    return !asset.hasAttribute(attribute4.getName()) && ((Boolean) attribute4.getMetaValue(MetaItemType.ACCESS_RESTRICTED_WRITE).orElse(false)).booleanValue();
                });
            }
            return this.assetStorageService.merge((AssetStorageService) find, isRestrictedUser ? getUsername() : null);
        } catch (IllegalStateException e) {
            throw new WebApplicationException(e, Response.Status.FORBIDDEN);
        } catch (ConstraintViolationException e2) {
            throw new ResteasyViolationExceptionImpl(e2.getConstraintViolations(), requestParams.headers.getAcceptableMediaTypes());
        } catch (OptimisticLockException e3) {
            throw new WebApplicationException("Refresh the asset from the server and try to update the changes again", e3, Response.Status.CONFLICT);
        }
    }

    public Response writeAttributeValue(RequestParams requestParams, String str, String str2, Object obj) {
        return writeAttributeValue(requestParams, str, str2, null, obj);
    }

    public Response writeAttributeValue(RequestParams requestParams, String str, String str2, Long l, Object obj) {
        Response.Status status;
        Response.Status status2 = Response.Status.OK;
        if (obj instanceof NullNode) {
            obj = null;
        }
        AttributeEvent attributeEvent = new AttributeEvent(str, str2, obj, l);
        if (!this.clientEventService.authorizeEventWrite(getRequestRealmName(), getAuthContext(), attributeEvent)) {
            throw new ForbiddenException("Cannot write specified attribute: " + String.valueOf(attributeEvent));
        }
        AttributeWriteResult doAttributeWrite = doAttributeWrite(attributeEvent);
        if (doAttributeWrite.getFailure() != null) {
            switch (AnonymousClass1.$SwitchMap$org$openremote$model$attribute$AttributeWriteFailure[doAttributeWrite.getFailure().ordinal()]) {
                case 1:
                case 2:
                    status = Response.Status.NOT_FOUND;
                    break;
                case 3:
                    status = Response.Status.NOT_ACCEPTABLE;
                    break;
                case 4:
                    status = Response.Status.TOO_MANY_REQUESTS;
                    break;
                default:
                    status = Response.Status.BAD_REQUEST;
                    break;
            }
            status2 = status;
        }
        return Response.status(status2).entity(doAttributeWrite).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    public AttributeWriteResult[] writeAttributeValues(RequestParams requestParams, AttributeState[] attributeStateArr) {
        return writeAttributeEvents(requestParams, (AttributeEvent[]) Arrays.stream(attributeStateArr).map(AttributeEvent::new).toArray(i -> {
            return new AttributeEvent[i];
        }));
    }

    public AttributeWriteResult[] writeAttributeEvents(RequestParams requestParams, AttributeEvent[] attributeEventArr) {
        return (AttributeWriteResult[]) Arrays.stream(attributeEventArr).map(attributeEvent -> {
            return !this.clientEventService.authorizeEventWrite(getRequestRealmName(), getAuthContext(), attributeEvent) ? new AttributeWriteResult(attributeEvent.getRef(), AttributeWriteFailure.INSUFFICIENT_ACCESS) : doAttributeWrite(attributeEvent);
        }).toArray(i -> {
            return new AttributeWriteResult[i];
        });
    }

    public Asset<?> create(RequestParams requestParams, Asset<?> asset) {
        try {
            if (isRestrictedUser()) {
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            if (asset == null) {
                LOG.finest("No asset in request");
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }
            if (asset.getRealm() == null || asset.getRealm().isEmpty()) {
                asset.setRealm(getAuthenticatedRealm().getName());
            } else if (!isRealmActiveAndAccessible(asset.getRealm())) {
                LOG.fine("Forbidden access for user '" + getUsername() + "', can't create: " + String.valueOf(asset));
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            Asset asset2 = (Asset) ValueUtil.clone(asset);
            if (asset.getId() != null) {
                asset2.setId(asset.getId());
            }
            return this.assetStorageService.merge(asset2);
        } catch (IllegalStateException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        } catch (ConstraintViolationException e2) {
            throw new ResteasyViolationExceptionImpl(e2.getConstraintViolations(), requestParams.headers.getAcceptableMediaTypes());
        }
    }

    public void delete(RequestParams requestParams, List<String> list) {
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("Deleting assets: " + String.valueOf(list));
        }
        if (list != null) {
            try {
                if (!list.isEmpty()) {
                    if (isRestrictedUser()) {
                        throw new WebApplicationException(Response.Status.FORBIDDEN);
                    }
                    List<Asset<?>> findAll = this.assetStorageService.findAll(new AssetQuery().ids((String[]) list.toArray(new String[0])).select(new AssetQuery.Select().excludeAttributes()));
                    if (findAll == null || findAll.size() != list.size()) {
                        LOG.fine("Request to delete one or more invalid assets");
                        throw new WebApplicationException(Response.Status.BAD_REQUEST);
                    }
                    if (findAll.stream().map((v0) -> {
                        return v0.getRealm();
                    }).distinct().anyMatch(str -> {
                        return !isRealmActiveAndAccessible(str);
                    })) {
                        LOG.fine("One or more assets in an nonexistent, inactive or inaccessible realm: username=" + getUsername());
                        throw new WebApplicationException(Response.Status.FORBIDDEN);
                    }
                    if (!this.assetStorageService.delete(list, false)) {
                        throw new WebApplicationException(Response.Status.BAD_REQUEST);
                    }
                    return;
                }
            } catch (IllegalStateException e) {
                throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
            }
        }
        throw new WebApplicationException(Response.Status.BAD_REQUEST);
    }

    public Asset<?>[] queryAssets(RequestParams requestParams, AssetQuery assetQuery) {
        if (assetQuery == null) {
            assetQuery = new AssetQuery();
        }
        if (!this.assetStorageService.authorizeAssetQuery(assetQuery, getAuthContext(), getRequestRealmName())) {
            throw new ForbiddenException("User not authorized to execute specified query");
        }
        List<Asset<?>> findAll = this.assetStorageService.findAll(assetQuery);
        this.request.setAttribute("Content-Encoding", "gzip");
        return (Asset[]) findAll.toArray(new Asset[0]);
    }

    protected AttributeWriteResult doAttributeWrite(AttributeEvent attributeEvent) {
        AttributeWriteFailure attributeWriteFailure = null;
        if (attributeEvent.getTimestamp() <= 0) {
            attributeEvent.setTimestamp(this.timerService.getCurrentTimeMillis());
        }
        try {
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("Write attribute value request: " + String.valueOf(attributeEvent));
            }
            attributeEvent.setSource(AssetResource.class.getSimpleName());
            Object request = this.messageBrokerService.getFluentProducerTemplate().withBody(attributeEvent).to(AssetProcessingService.ATTRIBUTE_EVENT_PROCESSOR).request();
            if (request instanceof AssetProcessingException) {
                attributeWriteFailure = ((AssetProcessingException) request).getReason();
            }
        } catch (IllegalStateException e) {
            attributeWriteFailure = AttributeWriteFailure.UNKNOWN;
        } catch (AssetProcessingException e2) {
            attributeWriteFailure = e2.getReason();
        }
        return new AttributeWriteResult(attributeEvent.getRef(), attributeWriteFailure);
    }

    public void updateParent(RequestParams requestParams, String str, List<String> list) {
        AssetQuery assetQuery = new AssetQuery();
        assetQuery.ids = (String[]) list.toArray(i -> {
            return new String[i];
        });
        List<Asset<?>> findAll = this.assetStorageService.findAll(assetQuery);
        LOG.fine("Updating parent for assets: count=" + findAll.size() + ", newParentID=" + str);
        for (Asset<?> asset : findAll) {
            asset.setParentId(str);
            LOG.fine("Updating asset parent: assetID=" + asset.getId() + ", newParentID=" + str);
            this.assetStorageService.merge(asset);
        }
    }

    public void updateNoneParent(RequestParams requestParams, List<String> list) {
        AssetQuery assetQuery = new AssetQuery();
        assetQuery.ids = (String[]) list.toArray(i -> {
            return new String[i];
        });
        List<Asset<?>> findAll = this.assetStorageService.findAll(assetQuery);
        LOG.fine("Updating parent for assets: count=" + findAll.size() + ", newParentID=NONE");
        for (Asset<?> asset : findAll) {
            asset.setParentId((String) null);
            LOG.fine("Updating asset parent: assetID=" + asset.getId() + ", newParentID=NONE");
            this.assetStorageService.merge(asset);
        }
    }
}
