package org.eclipse.hawkbit.repository.jpa.management;

import java.io.IOException;
import java.io.InputStream;
import java.util.Objects;
import java.util.Optional;
import java.util.function.ToLongFunction;
import javax.persistence.EntityManager;
import org.eclipse.hawkbit.artifact.repository.ArtifactRepository;
import org.eclipse.hawkbit.artifact.repository.ArtifactStoreException;
import org.eclipse.hawkbit.artifact.repository.HashNotMatchException;
import org.eclipse.hawkbit.artifact.repository.model.AbstractDbArtifact;
import org.eclipse.hawkbit.artifact.repository.model.DbArtifact;
import org.eclipse.hawkbit.artifact.repository.model.DbArtifactHash;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.ArtifactEncryptionService;
import org.eclipse.hawkbit.repository.ArtifactManagement;
import org.eclipse.hawkbit.repository.QuotaManagement;
import org.eclipse.hawkbit.repository.exception.ArtifactDeleteFailedException;
import org.eclipse.hawkbit.repository.exception.ArtifactUploadFailedException;
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
import org.eclipse.hawkbit.repository.exception.InvalidMD5HashException;
import org.eclipse.hawkbit.repository.exception.InvalidSHA1HashException;
import org.eclipse.hawkbit.repository.exception.InvalidSHA256HashException;
import org.eclipse.hawkbit.repository.jpa.EncryptionAwareDbArtifact;
import org.eclipse.hawkbit.repository.jpa.JpaManagementHelper;
import org.eclipse.hawkbit.repository.jpa.acm.AccessController;
import org.eclipse.hawkbit.repository.jpa.model.JpaArtifact;
import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
import org.eclipse.hawkbit.repository.jpa.repository.LocalArtifactRepository;
import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleRepository;
import org.eclipse.hawkbit.repository.jpa.specifications.ArtifactSpecifications;
import org.eclipse.hawkbit.repository.jpa.utils.FileSizeAndStorageQuotaCheckingInputStream;
import org.eclipse.hawkbit.repository.jpa.utils.QuotaHelper;
import org.eclipse.hawkbit.repository.model.Artifact;
import org.eclipse.hawkbit.repository.model.ArtifactUpload;
import org.eclipse.hawkbit.repository.model.BaseEntity;
import org.eclipse.hawkbit.repository.model.SoftwareModule;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.ConcurrencyFailureException;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.util.Streamable;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.Retryable;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionSynchronization;
import org.springframework.transaction.support.TransactionSynchronizationManager;
import org.springframework.validation.annotation.Validated;

@Transactional(readOnly = true)
@Validated
/* loaded from: input_file:BOOT-INF/lib/hawkbit-repository-jpa-0.4.0.jar:org/eclipse/hawkbit/repository/jpa/management/JpaArtifactManagement.class */
public class JpaArtifactManagement implements ArtifactManagement {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JpaArtifactManagement.class);
    private final EntityManager entityManager;
    private final LocalArtifactRepository localArtifactRepository;
    private final SoftwareModuleRepository softwareModuleRepository;
    private final ArtifactRepository artifactRepository;
    private final TenantAware tenantAware;
    private final QuotaManagement quotaManagement;

    public JpaArtifactManagement(EntityManager entityManager, LocalArtifactRepository localArtifactRepository, SoftwareModuleRepository softwareModuleRepository, ArtifactRepository artifactRepository, QuotaManagement quotaManagement, TenantAware tenantAware) {
        this.entityManager = entityManager;
        this.localArtifactRepository = localArtifactRepository;
        this.softwareModuleRepository = softwareModuleRepository;
        this.artifactRepository = artifactRepository;
        this.quotaManagement = quotaManagement;
        this.tenantAware = tenantAware;
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    @Transactional
    @Retryable(include = {ConcurrencyFailureException.class}, maxAttempts = 10, backoff = @Backoff(delay = 100))
    public Artifact create(ArtifactUpload artifactUpload) {
        long moduleId = artifactUpload.getModuleId();
        assertArtifactQuota(moduleId, 1);
        JpaSoftwareModule jpaSoftwareModule = (JpaSoftwareModule) this.softwareModuleRepository.findById(Long.valueOf(moduleId)).orElseThrow(() -> {
            return new EntityNotFoundException((Class<? extends BaseEntity>) SoftwareModule.class, Long.valueOf(moduleId));
        });
        String filename = artifactUpload.getFilename();
        Artifact orElse = jpaSoftwareModule.getArtifactByFilename(filename).orElse(null);
        if (orElse != null) {
            if (!artifactUpload.overrideExisting()) {
                throw new EntityAlreadyExistsException("File with that name already exists in the Software Module");
            }
            LOG.debug("overriding existing artifact with new filename {}", filename);
        }
        JpaManagementHelper.touch(this.entityManager, this.softwareModuleRepository, jpaSoftwareModule);
        AbstractDbArtifact storeArtifact = storeArtifact(artifactUpload, jpaSoftwareModule.isEncrypted());
        try {
            return storeArtifactMetadata(jpaSoftwareModule, filename, storeArtifact, orElse);
        } catch (Exception e) {
            this.artifactRepository.deleteBySha1(this.tenantAware.getCurrentTenant(), storeArtifact.getHashes().getSha1());
            throw e;
        }
    }

    private AbstractDbArtifact storeArtifact(ArtifactUpload artifactUpload, boolean z) {
        InputStream wrapInEncryptionStream;
        String currentTenant = this.tenantAware.getCurrentTenant();
        long moduleId = artifactUpload.getModuleId();
        InputStream inputStream = artifactUpload.getInputStream();
        String filename = artifactUpload.getFilename();
        String contentType = artifactUpload.getContentType();
        String providedSha1Sum = artifactUpload.getProvidedSha1Sum();
        String providedMd5Sum = artifactUpload.getProvidedMd5Sum();
        String providedSha256Sum = artifactUpload.getProvidedSha256Sum();
        if (z) {
            try {
                try {
                    wrapInEncryptionStream = wrapInEncryptionStream(moduleId, inputStream);
                } catch (HashNotMatchException e) {
                    if (e.getHashFunction().equals(HashNotMatchException.SHA1)) {
                        throw new InvalidSHA1HashException(e.getMessage(), e);
                    }
                    if (e.getHashFunction().equals("SHA-256")) {
                        throw new InvalidSHA256HashException(e.getMessage(), e);
                    }
                    throw new InvalidMD5HashException(e.getMessage(), e);
                }
            } catch (IOException | ArtifactStoreException e2) {
                throw new ArtifactUploadFailedException(e2);
            }
        } else {
            wrapInEncryptionStream = inputStream;
        }
        InputStream wrapInQuotaStream = wrapInQuotaStream(wrapInEncryptionStream);
        try {
            AbstractDbArtifact store = this.artifactRepository.store(currentTenant, wrapInQuotaStream, filename, contentType, new DbArtifactHash(providedSha1Sum, providedMd5Sum, providedSha256Sum));
            if (wrapInQuotaStream != null) {
                wrapInQuotaStream.close();
            }
            return store;
        } catch (Throwable th) {
            if (wrapInQuotaStream != null) {
                try {
                    wrapInQuotaStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private InputStream wrapInEncryptionStream(long j, InputStream inputStream) {
        return ArtifactEncryptionService.getInstance().encryptSoftwareModuleArtifact(j, inputStream);
    }

    private void assertArtifactQuota(long j, int i) {
        QuotaHelper.assertAssignmentQuota(Long.valueOf(j), i, this.quotaManagement.getMaxArtifactsPerSoftwareModule(), (Class<?>) Artifact.class, (Class<?>) SoftwareModule.class, (ToLongFunction<Long>) l -> {
            return this.localArtifactRepository.count(null, ArtifactSpecifications.bySoftwareModuleId(l));
        });
    }

    private InputStream wrapInQuotaStream(InputStream inputStream) {
        return new FileSizeAndStorageQuotaCheckingInputStream(inputStream, this.quotaManagement.getMaxArtifactSize(), this.quotaManagement.getMaxArtifactStorage() - this.localArtifactRepository.sumOfNonDeletedArtifactSize().orElse(0L).longValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_DELETE_REPOSITORY)
    public void clearArtifactBinary(final String str) {
        if (this.localArtifactRepository.countBySha1HashAndTenantAndSoftwareModuleDeletedIsFalse(str, this.tenantAware.getCurrentTenant()) <= 1) {
            TransactionSynchronizationManager.registerSynchronization(new TransactionSynchronization() { // from class: org.eclipse.hawkbit.repository.jpa.management.JpaArtifactManagement.1
                @Override // org.springframework.transaction.support.TransactionSynchronization
                public void afterCommit() {
                    try {
                        JpaArtifactManagement.LOG.debug("deleting artifact from repository {}", str);
                        JpaArtifactManagement.this.artifactRepository.deleteBySha1(JpaArtifactManagement.this.tenantAware.getCurrentTenant(), str);
                    } catch (ArtifactStoreException e) {
                        throw new ArtifactDeleteFailedException(e);
                    }
                }
            });
        }
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    @Transactional
    @Retryable(include = {ConcurrencyFailureException.class}, maxAttempts = 10, backoff = @Backoff(delay = 100))
    public void delete(long j) {
        JpaArtifact jpaArtifact = (JpaArtifact) get(j).orElseThrow(() -> {
            return new EntityNotFoundException((Class<? extends BaseEntity>) Artifact.class, Long.valueOf(j));
        });
        this.softwareModuleRepository.getAccessController().ifPresent(accessController -> {
            accessController.assertOperationAllowed(AccessController.Operation.UPDATE, (AccessController.Operation) jpaArtifact.getSoftwareModule());
        });
        ((JpaSoftwareModule) jpaArtifact.getSoftwareModule()).removeArtifact(jpaArtifact);
        this.softwareModuleRepository.save((JpaSoftwareModule) jpaArtifact.getSoftwareModule());
        this.localArtifactRepository.deleteById(Long.valueOf(j));
        clearArtifactBinary(jpaArtifact.getSha1Hash());
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Optional<Artifact> get(long j) {
        Optional<T> findById = this.localArtifactRepository.findById(Long.valueOf(j));
        Class<Artifact> cls = Artifact.class;
        Objects.requireNonNull(Artifact.class);
        return findById.map((v1) -> {
            return r1.cast(v1);
        });
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Optional<Artifact> getByFilenameAndSoftwareModule(String str, long j) {
        assertSoftwareModuleExists(j);
        return this.localArtifactRepository.findFirstByFilenameAndSoftwareModuleId(str, Long.valueOf(j));
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Optional<Artifact> findFirstBySHA1(String str) {
        return this.localArtifactRepository.findFirstBySha1Hash(str);
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Optional<Artifact> getByFilename(String str) {
        return this.localArtifactRepository.findFirstByFilename(str);
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Page<Artifact> findBySoftwareModule(Pageable pageable, long j) {
        assertSoftwareModuleExists(j);
        Streamable findAll = this.localArtifactRepository.findAll(ArtifactSpecifications.bySoftwareModuleId(Long.valueOf(j)), pageable);
        Class<Artifact> cls = Artifact.class;
        Objects.requireNonNull(Artifact.class);
        return findAll.map((v1) -> {
            return r1.cast(v1);
        });
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public long countBySoftwareModule(long j) {
        assertSoftwareModuleExists(j);
        return this.localArtifactRepository.count(ArtifactSpecifications.bySoftwareModuleId(Long.valueOf(j)));
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public long count() {
        return this.localArtifactRepository.count();
    }

    @Override // org.eclipse.hawkbit.repository.ArtifactManagement
    public Optional<DbArtifact> loadArtifactBinary(String str, long j, boolean z) {
        assertSoftwareModuleExists(j);
        String currentTenant = this.tenantAware.getCurrentTenant();
        if (!this.artifactRepository.existsByTenantAndSha1(currentTenant, str)) {
            return Optional.empty();
        }
        findFirstBySHA1(str).orElseThrow(InsufficientPermissionException::new);
        AbstractDbArtifact artifactBySha1 = this.artifactRepository.getArtifactBySha1(currentTenant, str);
        return Optional.ofNullable(z ? wrapInEncryptionAwareDbArtifact(j, artifactBySha1) : artifactBySha1);
    }

    private DbArtifact wrapInEncryptionAwareDbArtifact(long j, DbArtifact dbArtifact) {
        if (dbArtifact == null) {
            return null;
        }
        ArtifactEncryptionService artifactEncryptionService = ArtifactEncryptionService.getInstance();
        return new EncryptionAwareDbArtifact(dbArtifact, inputStream -> {
            return artifactEncryptionService.decryptSoftwareModuleArtifact(j, inputStream);
        }, artifactEncryptionService.encryptionSizeOverhead());
    }

    private Artifact storeArtifactMetadata(SoftwareModule softwareModule, String str, AbstractDbArtifact abstractDbArtifact, Artifact artifact) {
        JpaArtifact jpaArtifact;
        if (artifact == null) {
            jpaArtifact = new JpaArtifact(abstractDbArtifact.getHashes().getSha1(), str, softwareModule);
        } else {
            jpaArtifact = (JpaArtifact) artifact;
            jpaArtifact.setSha1Hash(abstractDbArtifact.getHashes().getSha1());
        }
        jpaArtifact.setMd5Hash(abstractDbArtifact.getHashes().getMd5());
        jpaArtifact.setSha256Hash(abstractDbArtifact.getHashes().getSha256());
        jpaArtifact.setSize(abstractDbArtifact.getSize());
        LOG.debug("storing new artifact into repository {}", jpaArtifact);
        return (Artifact) this.localArtifactRepository.save(AccessController.Operation.CREATE, jpaArtifact);
    }

    private void assertSoftwareModuleExists(long j) {
        if (!this.softwareModuleRepository.existsById(Long.valueOf(j))) {
            throw new EntityNotFoundException((Class<? extends BaseEntity>) SoftwareModule.class, Long.valueOf(j));
        }
    }
}
