package de.muenchen.oss.digiwf.process.instance.domain.service;

import de.muenchen.oss.digiwf.process.config.domain.service.ProcessConfigService;
import de.muenchen.oss.digiwf.process.config.process.ProcessConfigFunctions;
import de.muenchen.oss.digiwf.process.instance.domain.model.ServiceInstance;
import de.muenchen.oss.digiwf.s3.integration.client.repository.DocumentStorageFolderRepository;
import de.muenchen.oss.digiwf.shared.exception.IllegalResourceAccessException;
import de.muenchen.oss.digiwf.shared.file.AbstractFileService;
import de.muenchen.oss.digiwf.shared.file.presignedUrlAdapters.PresignedUrlAction;
import de.muenchen.oss.digiwf.shared.file.presignedUrlAdapters.PresignedUrlAdapter;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/process/instance/domain/service/ServiceInstanceFileService.class */
public class ServiceInstanceFileService extends AbstractFileService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ServiceInstanceFileService.class);
    private final ProcessConfigService processConfigService;
    private final ServiceInstanceService serviceInstanceService;
    private final ServiceInstanceDataService serviceInstanceDataService;
    private final ServiceInstanceAuthService serviceInstanceAuthService;

    public ServiceInstanceFileService(DocumentStorageFolderRepository documentStorageFolderRepository, List<PresignedUrlAdapter> list, ServiceInstanceService serviceInstanceService, ServiceInstanceDataService serviceInstanceDataService, ServiceInstanceAuthService serviceInstanceAuthService, ProcessConfigService processConfigService, ProcessConfigFunctions processConfigFunctions) {
        super(documentStorageFolderRepository, list, processConfigFunctions);
        this.serviceInstanceService = serviceInstanceService;
        this.processConfigService = processConfigService;
        this.serviceInstanceDataService = serviceInstanceDataService;
        this.serviceInstanceAuthService = serviceInstanceAuthService;
    }

    public List<String> getFileNames(String str, String str2, String str3) {
        ServiceInstance processInstanceId = getProcessInstanceId(str);
        String instanceId = processInstanceId.getInstanceId();
        if (!this.serviceInstanceAuthService.hasAccess(instanceId, str3)) {
            throw new AccessDeniedException("403 returned");
        }
        checkReadAccess(instanceId, str2);
        return super.getFileNames(str2, getFileContext(instanceId), getDocumentStorageUrl(processInstanceId.getDefinitionKey()));
    }

    public String getPresignedUrl(PresignedUrlAction presignedUrlAction, String str, String str2, String str3, String str4) {
        ServiceInstance processInstanceId = getProcessInstanceId(str);
        String instanceId = processInstanceId.getInstanceId();
        if (!this.serviceInstanceAuthService.hasAccess(instanceId, str4)) {
            throw new AccessDeniedException("403 returned");
        }
        if (presignedUrlAction.equals(PresignedUrlAction.GET)) {
            checkReadAccess(instanceId, str2);
        } else {
            checkWriteAccess(instanceId, str2);
        }
        return super.getPresignedUrl(presignedUrlAction, getFileContext(instanceId) + "/" + str2 + "/" + str3, getDocumentStorageUrl(processInstanceId.getDefinitionKey()));
    }

    private String getFileContext(String str) {
        return this.serviceInstanceDataService.getFileContext(str);
    }

    private void checkReadAccess(String str, String str2) {
        try {
            checkWriteAccess(str, str2);
        } catch (IllegalResourceAccessException e) {
            checkAccess(str2, (String) this.processConfigService.getProcessConfig(getDefinitionKey(str)).map((v0) -> {
                return v0.getInstanceFilePathsReadonly();
            }).orElse(null));
        }
    }

    private void checkWriteAccess(String str, String str2) {
        checkAccess(str2, (String) this.processConfigService.getProcessConfig(getDefinitionKey(str)).map((v0) -> {
            return v0.getInstanceFilePaths();
        }).orElse(null));
    }

    private void checkAccess(String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            throw new IllegalResourceAccessException(AbstractFileService.ERRTEXT_ILLEGAL_ACCESS);
        }
        Stream stream = Arrays.stream(str2.split(";"));
        Objects.requireNonNull(str);
        stream.filter(str::startsWith).findFirst().orElseThrow(() -> {
            return new IllegalResourceAccessException(AbstractFileService.ERRTEXT_ILLEGAL_ACCESS);
        });
    }

    private String getDefinitionKey(String str) {
        return (String) this.serviceInstanceService.getServiceInstanceByInstanceId(str).map((v0) -> {
            return v0.getDefinitionKey();
        }).orElseThrow();
    }

    private ServiceInstance getProcessInstanceId(String str) {
        return this.serviceInstanceService.getServiceInstanceById(str).orElseThrow();
    }
}
