package org.thingsboard.server.service.security;

import com.google.common.base.Function;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.function.BiConsumer;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.async.DeferredResult;
import org.thingsboard.server.common.data.EntityType;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.AssetId;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.DeviceId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.EntityIdFactory;
import org.thingsboard.server.common.data.id.EntityViewId;
import org.thingsboard.server.common.data.id.RuleChainId;
import org.thingsboard.server.common.data.id.RuleNodeId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.controller.HttpValidationCallback;
import org.thingsboard.server.dao.alarm.AlarmService;
import org.thingsboard.server.dao.asset.AssetService;
import org.thingsboard.server.dao.customer.CustomerService;
import org.thingsboard.server.dao.device.DeviceService;
import org.thingsboard.server.dao.entityview.EntityViewService;
import org.thingsboard.server.dao.rule.RuleChainService;
import org.thingsboard.server.dao.tenant.TenantService;
import org.thingsboard.server.dao.user.UserService;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.permission.AccessControlService;
import org.thingsboard.server.service.security.permission.Operation;
import org.thingsboard.server.service.security.permission.Resource;
import org.thingsboard.server.service.telemetry.exception.ToErrorResponseEntity;

@Component
/* loaded from: input_file:org/thingsboard/server/service/security/AccessValidator.class */
public class AccessValidator {
    public static final String CUSTOMER_USER_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION = "Customer user is not allowed to perform this operation!";
    public static final String SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION = "System administrator is not allowed to perform this operation!";
    public static final String DEVICE_WITH_REQUESTED_ID_NOT_FOUND = "Device with requested id wasn't found!";
    public static final String ENTITY_VIEW_WITH_REQUESTED_ID_NOT_FOUND = "Entity-view with requested id wasn't found!";

    @Autowired
    protected TenantService tenantService;

    @Autowired
    protected CustomerService customerService;

    @Autowired
    protected UserService userService;

    @Autowired
    protected DeviceService deviceService;

    @Autowired
    protected AssetService assetService;

    @Autowired
    protected AlarmService alarmService;

    @Autowired
    protected RuleChainService ruleChainService;

    @Autowired
    protected EntityViewService entityViewService;

    @Autowired
    protected AccessControlService accessControlService;
    private ExecutorService executor;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thingsboard.server.service.security.AccessValidator$3, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/service/security/AccessValidator$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$EntityType = new int[EntityType.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.DEVICE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.ASSET.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.RULE_CHAIN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.CUSTOMER.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.TENANT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$EntityType[EntityType.ENTITY_VIEW.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* loaded from: input_file:org/thingsboard/server/service/security/AccessValidator$ThreeConsumer.class */
    public interface ThreeConsumer<A, B, C> {
        void accept(A a, B b, C c);
    }

    @PostConstruct
    public void initExecutor() {
        this.executor = Executors.newSingleThreadExecutor();
    }

    @PreDestroy
    public void shutdownExecutor() {
        if (this.executor != null) {
            this.executor.shutdownNow();
        }
    }

    public DeferredResult<ResponseEntity> validateEntityAndCallback(SecurityUser securityUser, Operation operation, String str, String str2, ThreeConsumer<DeferredResult<ResponseEntity>, TenantId, EntityId> threeConsumer) throws ThingsboardException {
        return validateEntityAndCallback(securityUser, operation, str, str2, threeConsumer, (deferredResult, th) -> {
            handleError(th, deferredResult, HttpStatus.INTERNAL_SERVER_ERROR);
        });
    }

    public DeferredResult<ResponseEntity> validateEntityAndCallback(SecurityUser securityUser, Operation operation, String str, String str2, ThreeConsumer<DeferredResult<ResponseEntity>, TenantId, EntityId> threeConsumer, BiConsumer<DeferredResult<ResponseEntity>, Throwable> biConsumer) throws ThingsboardException {
        return validateEntityAndCallback(securityUser, operation, EntityIdFactory.getByTypeAndId(str, str2), threeConsumer, biConsumer);
    }

    public DeferredResult<ResponseEntity> validateEntityAndCallback(SecurityUser securityUser, Operation operation, EntityId entityId, ThreeConsumer<DeferredResult<ResponseEntity>, TenantId, EntityId> threeConsumer) throws ThingsboardException {
        return validateEntityAndCallback(securityUser, operation, entityId, threeConsumer, (deferredResult, th) -> {
            handleError(th, deferredResult, HttpStatus.INTERNAL_SERVER_ERROR);
        });
    }

    public DeferredResult<ResponseEntity> validateEntityAndCallback(final SecurityUser securityUser, Operation operation, final EntityId entityId, final ThreeConsumer<DeferredResult<ResponseEntity>, TenantId, EntityId> threeConsumer, final BiConsumer<DeferredResult<ResponseEntity>, Throwable> biConsumer) throws ThingsboardException {
        final DeferredResult<ResponseEntity> deferredResult = new DeferredResult<>();
        validate(securityUser, operation, entityId, new HttpValidationCallback(deferredResult, new FutureCallback<DeferredResult<ResponseEntity>>() { // from class: org.thingsboard.server.service.security.AccessValidator.1
            public void onSuccess(@Nullable DeferredResult<ResponseEntity> deferredResult2) {
                threeConsumer.accept(deferredResult, securityUser.getTenantId(), entityId);
            }

            public void onFailure(Throwable th) {
                biConsumer.accept(deferredResult, th);
            }
        }));
        return deferredResult;
    }

    public void validate(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        switch (AnonymousClass3.$SwitchMap$org$thingsboard$server$common$data$EntityType[entityId.getEntityType().ordinal()]) {
            case 1:
                validateDevice(securityUser, operation, entityId, futureCallback);
                return;
            case 2:
                validateAsset(securityUser, operation, entityId, futureCallback);
                return;
            case 3:
                validateRuleChain(securityUser, operation, entityId, futureCallback);
                return;
            case 4:
                validateCustomer(securityUser, operation, entityId, futureCallback);
                return;
            case 5:
                validateTenant(securityUser, operation, entityId, futureCallback);
                return;
            case 6:
                validateEntityView(securityUser, operation, entityId, futureCallback);
                return;
            default:
                throw new IllegalStateException("Not Implemented!");
        }
    }

    private void validateDevice(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isSystemAdmin()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.deviceService.findDeviceByIdAsync(securityUser.getTenantId(), new DeviceId(entityId.getId())), getCallback(futureCallback, device -> {
                if (device == null) {
                    return ValidationResult.entityNotFound(DEVICE_WITH_REQUESTED_ID_NOT_FOUND);
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.DEVICE, operation, entityId, device);
                    return ValidationResult.ok(device);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateAsset(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isSystemAdmin()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.assetService.findAssetByIdAsync(securityUser.getTenantId(), new AssetId(entityId.getId())), getCallback(futureCallback, asset -> {
                if (asset == null) {
                    return ValidationResult.entityNotFound("Asset with requested id wasn't found!");
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.ASSET, operation, entityId, asset);
                    return ValidationResult.ok(asset);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateRuleChain(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isCustomerUser()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(CUSTOMER_USER_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.ruleChainService.findRuleChainByIdAsync(securityUser.getTenantId(), new RuleChainId(entityId.getId())), getCallback(futureCallback, ruleChain -> {
                if (ruleChain == null) {
                    return ValidationResult.entityNotFound("Rule chain with requested id wasn't found!");
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.RULE_CHAIN, operation, entityId, ruleChain);
                    return ValidationResult.ok(ruleChain);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateRule(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isCustomerUser()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(CUSTOMER_USER_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.ruleChainService.findRuleNodeByIdAsync(securityUser.getTenantId(), new RuleNodeId(entityId.getId())), getCallback(futureCallback, ruleNode -> {
                if (ruleNode == null) {
                    return ValidationResult.entityNotFound("Rule node with requested id wasn't found!");
                }
                if (ruleNode.getRuleChainId() == null) {
                    return ValidationResult.entityNotFound("Rule chain with requested node id wasn't found!");
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.RULE_CHAIN, operation, ruleNode.getRuleChainId(), this.ruleChainService.findRuleChainById(securityUser.getTenantId(), ruleNode.getRuleChainId()));
                    return ValidationResult.ok(ruleNode);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateCustomer(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isSystemAdmin()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.customerService.findCustomerByIdAsync(securityUser.getTenantId(), new CustomerId(entityId.getId())), getCallback(futureCallback, customer -> {
                if (customer == null) {
                    return ValidationResult.entityNotFound("Customer with requested id wasn't found!");
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.CUSTOMER, operation, entityId, customer);
                    return ValidationResult.ok(customer);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateTenant(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isCustomerUser()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(CUSTOMER_USER_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else if (securityUser.isSystemAdmin()) {
            futureCallback.onSuccess(ValidationResult.ok(null));
        } else {
            Futures.addCallback(this.tenantService.findTenantByIdAsync(securityUser.getTenantId(), new TenantId(entityId.getId())), getCallback(futureCallback, tenant -> {
                if (tenant == null) {
                    return ValidationResult.entityNotFound("Tenant with requested id wasn't found!");
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.TENANT, operation, entityId, tenant);
                    return ValidationResult.ok(tenant);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private void validateEntityView(SecurityUser securityUser, Operation operation, EntityId entityId, FutureCallback<ValidationResult> futureCallback) {
        if (securityUser.isSystemAdmin()) {
            futureCallback.onSuccess(ValidationResult.accessDenied(SYSTEM_ADMINISTRATOR_IS_NOT_ALLOWED_TO_PERFORM_THIS_OPERATION));
        } else {
            Futures.addCallback(this.entityViewService.findEntityViewByIdAsync(securityUser.getTenantId(), new EntityViewId(entityId.getId())), getCallback(futureCallback, entityView -> {
                if (entityView == null) {
                    return ValidationResult.entityNotFound(ENTITY_VIEW_WITH_REQUESTED_ID_NOT_FOUND);
                }
                try {
                    this.accessControlService.checkPermission(securityUser, Resource.ENTITY_VIEW, operation, entityId, entityView);
                    return ValidationResult.ok(entityView);
                } catch (ThingsboardException e) {
                    return ValidationResult.accessDenied(e.getMessage());
                }
            }), this.executor);
        }
    }

    private <T, V> FutureCallback<T> getCallback(final FutureCallback<ValidationResult> futureCallback, final Function<T, ValidationResult<V>> function) {
        return new FutureCallback<T>() { // from class: org.thingsboard.server.service.security.AccessValidator.2
            public void onSuccess(@Nullable T t) {
                futureCallback.onSuccess(function.apply(t));
            }

            public void onFailure(Throwable th) {
                futureCallback.onFailure(th);
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void handleError(Throwable th, DeferredResult<ResponseEntity> deferredResult, HttpStatus httpStatus) {
        deferredResult.setResult((th == 0 || !(th instanceof ToErrorResponseEntity)) ? (th == 0 || !(th instanceof IllegalArgumentException)) ? new ResponseEntity<>(httpStatus) : new ResponseEntity<>(th.getMessage(), HttpStatus.BAD_REQUEST) : ((ToErrorResponseEntity) th).toErrorResponseEntity());
    }
}
