package org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal;

import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
import org.eclipse.basyx.aas.metamodel.map.descriptor.ModelUrn;
import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication;
import org.eclipse.basyx.extensions.shared.authorization.internal.ISubjectInformationProvider;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.NotAuthorizedException;
import org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
import org.eclipse.basyx.submodel.metamodel.map.Submodel;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
import org.eclipse.basyx.vab.exception.provider.ResourceNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jars/basyx.sdk-1.3.0.jar:org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/AuthorizedSubmodelAggregator.class */
public class AuthorizedSubmodelAggregator<SubjectInformationType> implements ISubmodelAggregator {
    private static final String SCOPE_AUTHORITY_PREFIX = "SCOPE_";
    public static final String READ_AUTHORITY = "SCOPE_urn:org.eclipse.basyx:scope:sm-aggregator:read";
    public static final String WRITE_AUTHORITY = "SCOPE_urn:org.eclipse.basyx:scope:sm-aggregator:write";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizedSubmodelAggregator.class);
    protected final IAssetAdministrationShell aas;
    protected final ISubmodelAggregator decoratedSubmodelAggregator;
    protected final ISubmodelAggregatorAuthorizer<SubjectInformationType> submodelAggregatorAuthorizer;
    protected final ISubjectInformationProvider<SubjectInformationType> subjectInformationProvider;

    public AuthorizedSubmodelAggregator(IAssetAdministrationShell iAssetAdministrationShell, ISubmodelAggregator iSubmodelAggregator, ISubmodelAggregatorAuthorizer<SubjectInformationType> iSubmodelAggregatorAuthorizer, ISubjectInformationProvider<SubjectInformationType> iSubjectInformationProvider) {
        this.aas = iAssetAdministrationShell;
        this.decoratedSubmodelAggregator = iSubmodelAggregator;
        this.submodelAggregatorAuthorizer = iSubmodelAggregatorAuthorizer;
        this.subjectInformationProvider = iSubjectInformationProvider;
    }

    public AuthorizedSubmodelAggregator(ISubmodelAggregator iSubmodelAggregator, ISubmodelAggregatorAuthorizer<SubjectInformationType> iSubmodelAggregatorAuthorizer, ISubjectInformationProvider<SubjectInformationType> iSubjectInformationProvider) {
        this(null, iSubmodelAggregator, iSubmodelAggregatorAuthorizer, iSubjectInformationProvider);
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public Collection<ISubmodel> getSubmodelList() {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedSubmodelAggregator.getSubmodelList();
        }
        try {
            return authorizeGetSubmodelList();
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected Collection<ISubmodel> authorizeGetSubmodelList() throws InhibitException {
        return (Collection) getSubmodelIdentifierList().stream().map(iIdentifier -> {
            try {
                return authorizeGetSubmodel(iIdentifier);
            } catch (InhibitException e) {
                logger.info(e.getMessage(), (Throwable) e);
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private Collection<IIdentifier> getSubmodelIdentifierList() throws InhibitException {
        ISubmodelAggregatorAuthorizer<SubjectInformationType> iSubmodelAggregatorAuthorizer = this.submodelAggregatorAuthorizer;
        SubjectInformationType subjectinformationtype = this.subjectInformationProvider.get();
        IAssetAdministrationShell iAssetAdministrationShell = this.aas;
        ISubmodelAggregator iSubmodelAggregator = this.decoratedSubmodelAggregator;
        Objects.requireNonNull(iSubmodelAggregator);
        return (Collection) iSubmodelAggregatorAuthorizer.authorizeGetSubmodelList(subjectinformationtype, iAssetAdministrationShell, iSubmodelAggregator::getSubmodelList).stream().map((v0) -> {
            return v0.getIdentification();
        }).collect(Collectors.toList());
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public ISubmodel getSubmodel(IIdentifier iIdentifier) throws ResourceNotFoundException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedSubmodelAggregator.getSubmodel(iIdentifier);
        }
        try {
            return authorizeGetSubmodel(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected ISubmodel authorizeGetSubmodel(IIdentifier iIdentifier) throws ResourceNotFoundException, InhibitException {
        return this.submodelAggregatorAuthorizer.authorizeGetSubmodel(this.subjectInformationProvider.get(), this.aas, iIdentifier, () -> {
            return this.decoratedSubmodelAggregator.getSubmodel(iIdentifier);
        });
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public ISubmodel getSubmodelbyIdShort(String str) throws ResourceNotFoundException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedSubmodelAggregator.getSubmodelbyIdShort(str);
        }
        try {
            return authorizeGetSubmodelbyIdShort(str);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected ISubmodel authorizeGetSubmodelbyIdShort(String str) throws ResourceNotFoundException, InhibitException {
        return this.submodelAggregatorAuthorizer.authorizeGetSubmodelbyIdShort(this.subjectInformationProvider.get(), this.aas, str, () -> {
            return this.decoratedSubmodelAggregator.getSubmodelbyIdShort(str);
        });
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public ISubmodelAPI getSubmodelAPIById(IIdentifier iIdentifier) throws ResourceNotFoundException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedSubmodelAggregator.getSubmodelAPIById(iIdentifier);
        }
        try {
            return authorizeGetSubmodelAPIById(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected ISubmodelAPI authorizeGetSubmodelAPIById(IIdentifier iIdentifier) throws ResourceNotFoundException, InhibitException {
        return this.submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(this.subjectInformationProvider.get(), this.aas, iIdentifier, () -> {
            return this.decoratedSubmodelAggregator.getSubmodelAPIById(iIdentifier);
        });
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public ISubmodelAPI getSubmodelAPIByIdShort(String str) throws ResourceNotFoundException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedSubmodelAggregator.getSubmodelAPIByIdShort(str);
        }
        try {
            return authorizeGetSubmodelAPIByIdShort(str);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected ISubmodelAPI authorizeGetSubmodelAPIByIdShort(String str) throws ResourceNotFoundException, InhibitException {
        try {
            try {
                return this.submodelAggregatorAuthorizer.authorizeGetSubmodelAPIByIdShort(this.subjectInformationProvider.get(), this.aas, str, () -> {
                    return this.decoratedSubmodelAggregator.getSubmodelAPIByIdShort(str);
                });
            } catch (InhibitException e) {
                throw e.reduceSmIdToSmIdShortPath(str);
            }
        } catch (ResourceNotFoundException e2) {
            this.submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(this.subjectInformationProvider.get(), this.aas, new ModelUrn("*"), () -> {
                return null;
            });
            throw e2;
        }
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public void createSubmodel(Submodel submodel) {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedSubmodelAggregator.createSubmodel(submodel);
            return;
        }
        try {
            authorizeCreateSubmodel(submodel.getIdentification());
            this.decoratedSubmodelAggregator.createSubmodel(submodel);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeCreateSubmodel(IIdentifier iIdentifier) throws InhibitException {
        this.submodelAggregatorAuthorizer.authorizeCreateSubmodel(this.subjectInformationProvider.get(), this.aas, iIdentifier);
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public void createSubmodel(ISubmodelAPI iSubmodelAPI) {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedSubmodelAggregator.createSubmodel(iSubmodelAPI);
            return;
        }
        try {
            authorizeCreateSubmodel(iSubmodelAPI);
            this.decoratedSubmodelAggregator.createSubmodel(iSubmodelAPI);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeCreateSubmodel(ISubmodelAPI iSubmodelAPI) throws InhibitException {
        this.submodelAggregatorAuthorizer.authorizeCreateSubmodel(this.subjectInformationProvider.get(), this.aas, (IIdentifier) Optional.ofNullable(iSubmodelAPI).map((v0) -> {
            return v0.getSubmodel();
        }).map((v0) -> {
            return v0.getIdentification();
        }).orElse(null));
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public void updateSubmodel(Submodel submodel) throws ResourceNotFoundException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedSubmodelAggregator.updateSubmodel(submodel);
            return;
        }
        try {
            authorizeUpdateSubmodel((IIdentifier) Optional.ofNullable(submodel).map((v0) -> {
                return v0.getIdentification();
            }).orElse(null));
            this.decoratedSubmodelAggregator.updateSubmodel(submodel);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeUpdateSubmodel(IIdentifier iIdentifier) throws InhibitException {
        this.submodelAggregatorAuthorizer.authorizeUpdateSubmodel(this.subjectInformationProvider.get(), this.aas, iIdentifier);
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public void deleteSubmodelByIdentifier(IIdentifier iIdentifier) {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedSubmodelAggregator.deleteSubmodelByIdentifier(iIdentifier);
            return;
        }
        try {
            authorizeDeleteSubmodelByIdentifier(iIdentifier);
            this.decoratedSubmodelAggregator.deleteSubmodelByIdentifier(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeDeleteSubmodelByIdentifier(IIdentifier iIdentifier) throws InhibitException {
        this.submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(this.subjectInformationProvider.get(), this.aas, iIdentifier);
    }

    @Override // org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator
    public void deleteSubmodelByIdShort(String str) {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedSubmodelAggregator.deleteSubmodelByIdShort(str);
            return;
        }
        try {
            authorizeDeleteSubmodelByIdShort(str);
            this.decoratedSubmodelAggregator.deleteSubmodelByIdShort(str);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeDeleteSubmodelByIdShort(String str) throws InhibitException {
        this.submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(this.subjectInformationProvider.get(), this.aas, getSmIdUnsecured(getSmUnsecured(str)));
    }

    private ISubmodel getSmUnsecured(String str) throws ResourceNotFoundException {
        ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler enterElevatedCodeAuthenticationArea = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea();
        try {
            ISubmodel submodelbyIdShort = this.decoratedSubmodelAggregator.getSubmodelbyIdShort(str);
            if (enterElevatedCodeAuthenticationArea != null) {
                enterElevatedCodeAuthenticationArea.close();
            }
            return submodelbyIdShort;
        } catch (Throwable th) {
            if (enterElevatedCodeAuthenticationArea != null) {
                try {
                    enterElevatedCodeAuthenticationArea.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private IIdentifier getSmIdUnsecured(ISubmodel iSubmodel) throws ResourceNotFoundException {
        if (iSubmodel == null) {
            return null;
        }
        ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler enterElevatedCodeAuthenticationArea = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea();
        try {
            IIdentifier identification = iSubmodel.getIdentification();
            if (enterElevatedCodeAuthenticationArea != null) {
                enterElevatedCodeAuthenticationArea.close();
            }
            return identification;
        } catch (Throwable th) {
            if (enterElevatedCodeAuthenticationArea != null) {
                try {
                    enterElevatedCodeAuthenticationArea.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
