package org.eclipse.basyx.extensions.aas.registration.authorization.internal;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.eclipse.basyx.aas.metamodel.map.descriptor.AASDescriptor;
import org.eclipse.basyx.aas.metamodel.map.descriptor.SubmodelDescriptor;
import org.eclipse.basyx.aas.registration.api.IAASRegistry;
import org.eclipse.basyx.extensions.aas.directory.tagged.api.TaggedAASDescriptor;
import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication;
import org.eclipse.basyx.extensions.shared.authorization.internal.ISubjectInformationProvider;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.NotAuthorizedException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
import org.eclipse.basyx.vab.exception.provider.ProviderException;
import org.eclipse.basyx.vab.exception.provider.ResourceNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jars/basyx.sdk-1.3.0.jar:org/eclipse/basyx/extensions/aas/registration/authorization/internal/AuthorizedAASRegistry.class */
public class AuthorizedAASRegistry<SubjectInformationType> implements IAASRegistry {
    public static final String SCOPE_AUTHORITY_PREFIX = "SCOPE_";
    public static final String READ_AUTHORITY = "SCOPE_urn:org.eclipse.basyx:scope:aas-registry:read";
    public static final String WRITE_AUTHORITY = "SCOPE_urn:org.eclipse.basyx:scope:aas-registry:write";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizedAASRegistry.class);
    protected final IAASRegistry decoratedRegistry;
    protected final IAASRegistryAuthorizer<SubjectInformationType> aasRegistryAuthorizer;
    protected final ISubjectInformationProvider<SubjectInformationType> subjectInformationProvider;

    public AuthorizedAASRegistry(IAASRegistry iAASRegistry, IAASRegistryAuthorizer<SubjectInformationType> iAASRegistryAuthorizer, ISubjectInformationProvider<SubjectInformationType> iSubjectInformationProvider) {
        this.decoratedRegistry = iAASRegistry;
        this.aasRegistryAuthorizer = iAASRegistryAuthorizer;
        this.subjectInformationProvider = iSubjectInformationProvider;
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public void register(AASDescriptor aASDescriptor) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedRegistry.register(aASDescriptor);
            return;
        }
        try {
            authorizeRegister(aASDescriptor);
            this.decoratedRegistry.register(aASDescriptor);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authorizeRegister(AASDescriptor aASDescriptor) throws InhibitException {
        this.aasRegistryAuthorizer.authorizeRegisterAas(this.subjectInformationProvider.get(), aASDescriptor);
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public void register(IIdentifier iIdentifier, SubmodelDescriptor submodelDescriptor) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedRegistry.register(iIdentifier, submodelDescriptor);
            return;
        }
        try {
            authorizeRegister(iIdentifier, submodelDescriptor);
            this.decoratedRegistry.register(iIdentifier, submodelDescriptor);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authorizeRegister(IIdentifier iIdentifier, SubmodelDescriptor submodelDescriptor) throws InhibitException {
        this.aasRegistryAuthorizer.authorizeRegisterSubmodel(this.subjectInformationProvider.get(), iIdentifier, submodelDescriptor);
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public void delete(IIdentifier iIdentifier) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedRegistry.delete(iIdentifier);
            return;
        }
        try {
            authorizeDelete(iIdentifier);
            this.decoratedRegistry.delete(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeDelete(IIdentifier iIdentifier) throws InhibitException {
        this.aasRegistryAuthorizer.authorizeUnregisterAas(this.subjectInformationProvider.get(), iIdentifier);
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public void delete(IIdentifier iIdentifier, IIdentifier iIdentifier2) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            this.decoratedRegistry.delete(iIdentifier, iIdentifier2);
            return;
        }
        try {
            authorizeDelete(iIdentifier, iIdentifier2);
            this.decoratedRegistry.delete(iIdentifier, iIdentifier2);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected void authorizeDelete(IIdentifier iIdentifier, IIdentifier iIdentifier2) throws InhibitException {
        this.aasRegistryAuthorizer.authorizeUnregisterSubmodel(this.subjectInformationProvider.get(), iIdentifier, iIdentifier2);
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public AASDescriptor lookupAAS(IIdentifier iIdentifier) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedRegistry.lookupAAS(iIdentifier);
        }
        try {
            return authorizeLookupAAS(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AASDescriptor authorizeLookupAAS(IIdentifier iIdentifier) throws InhibitException {
        AASDescriptor authorizeAASDescriptorOnly = authorizeAASDescriptorOnly(iIdentifier);
        if (authorizeAASDescriptorOnly == null) {
            throw new ResourceNotFoundException("AAS with Id " + iIdentifier.getId() + " does not exist");
        }
        return shallowCopyAndSubstituteSubmodels(authorizeAASDescriptorOnly, (Collection) authorizeAASDescriptorOnly.getSubmodelDescriptors().stream().map(submodelDescriptor -> {
            try {
                return authorizeLookupSubmodel(iIdentifier, submodelDescriptor.getIdentifier());
            } catch (InhibitException e) {
                logger.info(e.getMessage(), (Throwable) e);
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()));
    }

    private AASDescriptor shallowCopyAndSubstituteSubmodels(AASDescriptor aASDescriptor, Collection<SubmodelDescriptor> collection) {
        AASDescriptor shallowCopyAASDescriptor = shallowCopyAASDescriptor(aASDescriptor);
        Collection<SubmodelDescriptor> submodelDescriptors = shallowCopyAASDescriptor.getSubmodelDescriptors();
        if (!submodelDescriptors.isEmpty()) {
            ArrayList arrayList = new ArrayList(submodelDescriptors);
            arrayList.retainAll(collection);
            shallowCopyAASDescriptor.put2("submodels", (String) arrayList);
        }
        return shallowCopyAASDescriptor;
    }

    private AASDescriptor shallowCopyAASDescriptor(AASDescriptor aASDescriptor) {
        return aASDescriptor instanceof TaggedAASDescriptor ? TaggedAASDescriptor.createAsFacade(new HashMap(aASDescriptor)) : new AASDescriptor(new HashMap(aASDescriptor));
    }

    private AASDescriptor authorizeAASDescriptorOnly(IIdentifier iIdentifier) throws InhibitException {
        return this.aasRegistryAuthorizer.authorizeLookupAAS(this.subjectInformationProvider.get(), iIdentifier, () -> {
            return this.decoratedRegistry.lookupAAS(iIdentifier);
        });
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public List<AASDescriptor> lookupAll() throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedRegistry.lookupAll();
        }
        try {
            return authorizeLookupAll();
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected List<AASDescriptor> authorizeLookupAll() throws InhibitException {
        return (List) authorizeAASDescriptorListOnly().stream().map(aASDescriptor -> {
            try {
                return authorizeLookupAAS(aASDescriptor.getIdentifier());
            } catch (InhibitException e) {
                logger.info(e.getMessage(), (Throwable) e);
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private List<AASDescriptor> authorizeAASDescriptorListOnly() throws InhibitException {
        IAASRegistryAuthorizer<SubjectInformationType> iAASRegistryAuthorizer = this.aasRegistryAuthorizer;
        SubjectInformationType subjectinformationtype = this.subjectInformationProvider.get();
        IAASRegistry iAASRegistry = this.decoratedRegistry;
        Objects.requireNonNull(iAASRegistry);
        return iAASRegistryAuthorizer.authorizeLookupAll(subjectinformationtype, iAASRegistry::lookupAll);
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public List<SubmodelDescriptor> lookupSubmodels(IIdentifier iIdentifier) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedRegistry.lookupSubmodels(iIdentifier);
        }
        try {
            return authorizeLookupSubmodels(iIdentifier);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    protected List<SubmodelDescriptor> authorizeLookupSubmodels(IIdentifier iIdentifier) throws InhibitException {
        return (List) authorizeSubmodelListOnly(iIdentifier).stream().map(submodelDescriptor -> {
            try {
                return authorizeLookupSubmodel(iIdentifier, submodelDescriptor.getIdentifier());
            } catch (InhibitException e) {
                logger.info(e.getMessage(), (Throwable) e);
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    private List<SubmodelDescriptor> authorizeSubmodelListOnly(IIdentifier iIdentifier) throws InhibitException {
        return this.aasRegistryAuthorizer.authorizeLookupSubmodels(this.subjectInformationProvider.get(), iIdentifier, () -> {
            return this.decoratedRegistry.lookupSubmodels(iIdentifier);
        });
    }

    @Override // org.eclipse.basyx.aas.registration.api.IAASRegistry
    public SubmodelDescriptor lookupSubmodel(IIdentifier iIdentifier, IIdentifier iIdentifier2) throws ProviderException {
        if (ElevatedCodeAuthentication.isCodeAuthentication()) {
            return this.decoratedRegistry.lookupSubmodel(iIdentifier, iIdentifier2);
        }
        try {
            return authorizeLookupSubmodel(iIdentifier, iIdentifier2);
        } catch (InhibitException e) {
            throw new NotAuthorizedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SubmodelDescriptor authorizeLookupSubmodel(IIdentifier iIdentifier, IIdentifier iIdentifier2) throws InhibitException {
        return this.aasRegistryAuthorizer.authorizeLookupSubmodel(this.subjectInformationProvider.get(), iIdentifier, iIdentifier2, () -> {
            return this.decoratedRegistry.lookupSubmodel(iIdentifier, iIdentifier2);
        });
    }
}
