package org.eclipse.hawkbit.amqp;

import java.net.URISyntaxException;
import java.util.Optional;
import java.util.UUID;
import org.eclipse.hawkbit.api.HostnameResolver;
import org.eclipse.hawkbit.cache.DownloadArtifactCache;
import org.eclipse.hawkbit.cache.DownloadIdCache;
import org.eclipse.hawkbit.cache.DownloadType;
import org.eclipse.hawkbit.dmf.json.model.DmfArtifact;
import org.eclipse.hawkbit.dmf.json.model.DmfArtifactHash;
import org.eclipse.hawkbit.dmf.json.model.DmfDownloadResponse;
import org.eclipse.hawkbit.repository.ArtifactManagement;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.model.Artifact;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.amqp.AmqpRejectAndDontRequeueException;
import org.springframework.amqp.core.Message;
import org.springframework.amqp.rabbit.annotation.RabbitListener;
import org.springframework.amqp.rabbit.core.RabbitTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-dmf-amqp-0.2.0M6.jar:org/eclipse/hawkbit/amqp/AmqpAuthenticationMessageHandler.class */
public class AmqpAuthenticationMessageHandler extends BaseAmqpService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AmqpAuthenticationMessageHandler.class);
    private final AmqpControllerAuthentication authenticationManager;
    private final ArtifactManagement artifactManagement;
    private final DownloadIdCache cache;
    private final HostnameResolver hostnameResolver;
    private final ControllerManagement controllerManagement;
    private final TenantAware tenantAware;

    public AmqpAuthenticationMessageHandler(RabbitTemplate rabbitTemplate, AmqpControllerAuthentication amqpControllerAuthentication, ArtifactManagement artifactManagement, DownloadIdCache downloadIdCache, HostnameResolver hostnameResolver, ControllerManagement controllerManagement, TenantAware tenantAware) {
        super(rabbitTemplate);
        this.authenticationManager = amqpControllerAuthentication;
        this.artifactManagement = artifactManagement;
        this.cache = downloadIdCache;
        this.hostnameResolver = hostnameResolver;
        this.controllerManagement = controllerManagement;
        this.tenantAware = tenantAware;
    }

    @RabbitListener(queues = {"${hawkbit.dmf.rabbitmq.authenticationReceiverQueue:authentication_receiver}"}, containerFactory = "listenerContainerFactory")
    public Message onAuthenticationRequest(Message message) {
        checkContentTypeJson(message);
        SecurityContext context = SecurityContextHolder.getContext();
        try {
            try {
                Message handleAuthenticationMessage = handleAuthenticationMessage(message);
                SecurityContextHolder.setContext(context);
                return handleAuthenticationMessage;
            } catch (RuntimeException e) {
                throw new AmqpRejectAndDontRequeueException(e);
            }
        } catch (Throwable th) {
            SecurityContextHolder.setContext(context);
            throw th;
        }
    }

    private void checkIfArtifactIsAssignedToTarget(DmfTenantSecurityToken dmfTenantSecurityToken, String str) {
        if (dmfTenantSecurityToken.getControllerId() != null) {
            checkByControllerId(str, dmfTenantSecurityToken.getControllerId());
        } else if (dmfTenantSecurityToken.getTargetId() != null) {
            checkByTargetId(str, dmfTenantSecurityToken.getTargetId());
        } else {
            LOG.info("anonymous download no authentication check for artifact {}", str);
        }
    }

    private void checkByTargetId(String str, Long l) {
        LOG.debug("no anonymous download request, doing authentication check for target {} and artifact {}", l, str);
        if (this.controllerManagement.hasTargetArtifactAssigned(l.longValue(), str)) {
            LOG.info("download security check for target {} and artifact {} granted", l, str);
        } else {
            LOG.info("target {} tried to download artifact {} which is not assigned to the target", l, str);
            throw new EntityNotFoundException();
        }
    }

    private void checkByControllerId(String str, String str2) {
        LOG.debug("no anonymous download request, doing authentication check for target {} and artifact {}", str2, str);
        if (this.controllerManagement.hasTargetArtifactAssigned(str2, str)) {
            LOG.info("download security check for target {} and artifact {} granted", str2, str);
        } else {
            LOG.info("target {} tried to download artifact {} which is not assigned to the target", str2, str);
            throw new EntityNotFoundException();
        }
    }

    private Optional<Artifact> findArtifactByFileResource(DmfTenantSecurityToken.FileResource fileResource) {
        return fileResource == null ? Optional.empty() : fileResource.getSha1() != null ? this.artifactManagement.findFirstBySHA1(fileResource.getSha1()) : fileResource.getFilename() != null ? this.artifactManagement.getByFilename(fileResource.getFilename()) : fileResource.getArtifactId() != null ? this.artifactManagement.get(fileResource.getArtifactId().longValue()) : fileResource.getSoftwareModuleFilenameResource() != null ? this.artifactManagement.getByFilenameAndSoftwareModule(fileResource.getSoftwareModuleFilenameResource().getFilename(), fileResource.getSoftwareModuleFilenameResource().getSoftwareModuleId().longValue()) : Optional.empty();
    }

    private static DmfArtifact convertDbArtifact(Artifact artifact) {
        DmfArtifact dmfArtifact = new DmfArtifact();
        dmfArtifact.setSize(artifact.getSize());
        dmfArtifact.setLastModified(artifact.getCreatedAt());
        dmfArtifact.setHashes(new DmfArtifactHash(artifact.getSha1Hash(), artifact.getMd5Hash()));
        return dmfArtifact;
    }

    private Message handleAuthenticationMessage(Message message) {
        DmfDownloadResponse dmfDownloadResponse = new DmfDownloadResponse();
        DmfTenantSecurityToken dmfTenantSecurityToken = (DmfTenantSecurityToken) convertMessage(message, DmfTenantSecurityToken.class);
        DmfTenantSecurityToken.FileResource fileResource = dmfTenantSecurityToken.getFileResource();
        try {
            SecurityContextHolder.getContext().setAuthentication(this.authenticationManager.doAuthenticate(dmfTenantSecurityToken));
            Artifact orElseThrow = findArtifactByFileResource(fileResource).orElseThrow(EntityNotFoundException::new);
            checkIfArtifactIsAssignedToTarget(dmfTenantSecurityToken, orElseThrow.getSha1Hash());
            dmfDownloadResponse.setArtifact(convertDbArtifact(orElseThrow));
            String uuid = UUID.randomUUID().toString();
            this.cache.put(uuid, new DownloadArtifactCache(DownloadType.BY_SHA1, orElseThrow.getSha1Hash()));
            dmfDownloadResponse.setDownloadUrl(UriComponentsBuilder.fromUri(this.hostnameResolver.resolveHostname().toURI()).path("/api/v1/downloadserver/downloadId/").path(this.tenantAware.getCurrentTenant()).path("/").path(uuid).build().toUriString());
            dmfDownloadResponse.setResponseCode(HttpStatus.OK.value());
        } catch (URISyntaxException e) {
            LOG.error("URI build exception", (Throwable) e);
            dmfDownloadResponse.setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
            dmfDownloadResponse.setMessage("Building download URI failed");
        } catch (EntityNotFoundException e2) {
            String str = "Artifact for resource " + fileResource + "not found ";
            LOG.warn(str, (Throwable) e2);
            dmfDownloadResponse.setResponseCode(HttpStatus.NOT_FOUND.value());
            dmfDownloadResponse.setMessage(str);
        } catch (AuthenticationServiceException | BadCredentialsException | CredentialsExpiredException e3) {
            LOG.error("Login failed", e3);
            dmfDownloadResponse.setResponseCode(HttpStatus.FORBIDDEN.value());
            dmfDownloadResponse.setMessage("Login failed");
        }
        return getMessageConverter().toMessage(dmfDownloadResponse, message.getMessageProperties());
    }
}
