package io.bdeploy.jersey.cli;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.ning.http.util.AsyncHttpProviderUtils;
import io.bdeploy.common.ActivityReporter;
import io.bdeploy.common.ActivitySnapshot;
import io.bdeploy.common.NoThrowAutoCloseable;
import io.bdeploy.common.cfg.Configuration;
import io.bdeploy.common.cfg.ExistingPathValidator;
import io.bdeploy.common.cfg.RemoteValidator;
import io.bdeploy.common.cli.ToolBase;
import io.bdeploy.common.cli.data.RenderableResult;
import io.bdeploy.common.security.OnDiscKeyStore;
import io.bdeploy.common.security.RemoteService;
import io.bdeploy.common.util.JacksonHelper;
import io.bdeploy.jersey.JerseyClientFactory;
import io.bdeploy.jersey.activity.JerseyBroadcastingActivityReporter;
import io.bdeploy.jersey.ws.change.client.ObjectChangeClientWebSocket;
import io.bdeploy.jersey.ws.change.msg.ObjectScope;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Consumer;

/* loaded from: input_file:io/bdeploy/jersey/cli/RemoteServiceTool.class */
public abstract class RemoteServiceTool<T extends Annotation> extends ToolBase.ConfiguredCliTool<T> {
    private final ObjectMapper serializer;

    /* JADX INFO: Access modifiers changed from: private */
    @Configuration.Help("Configuration for remote access")
    /* loaded from: input_file:io/bdeploy/jersey/cli/RemoteServiceTool$RemoteConfig.class */
    public @interface RemoteConfig {
        @Configuration.EnvironmentFallback("BDEPLOY_REMOTE")
        @Configuration.Help("URI of remote BHive. Supports file:, jar:file:")
        @Configuration.Validator({RemoteValidator.class})
        String remote();

        @Configuration.Help("Path to keystore containing access token.")
        @Configuration.Validator({ExistingPathValidator.class})
        String keystore();

        @Configuration.Help("Passphrase for the keystore.")
        String passphrase();

        @Configuration.EnvironmentFallback("BDEPLOY_TOKEN")
        @Configuration.Help("Token for the remote access. Can be given alternatively to a keystore.")
        String token();

        @Configuration.EnvironmentFallback("BDEPLOY_TOKENFILE")
        @Configuration.Help("Path to a file containing the access token. Can be given alternatively to a keystore.")
        @Configuration.Validator({ExistingPathValidator.class})
        String tokenFile();

        @Configuration.EnvironmentFallback("BDEPLOY_LOGIN")
        @Configuration.Help("Override which named login session to use for this command.")
        String useLogin();
    }

    @Target({ElementType.PARAMETER})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:io/bdeploy/jersey/cli/RemoteServiceTool$RemoteOptional.class */
    protected @interface RemoteOptional {
    }

    public RemoteServiceTool(Class<T> cls) {
        super(cls);
        this.serializer = JacksonHelper.createObjectMapper(JacksonHelper.MapperType.JSON);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.bdeploy.common.cli.ToolBase.ConfiguredCliTool
    public List<Class<? extends Annotation>> getConfigsForHelp() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(RemoteConfig.class);
        arrayList.addAll(super.getConfigsForHelp());
        return arrayList;
    }

    private boolean isOptional() {
        try {
            return getClass().getDeclaredMethod("run", getPrimaryConfigClass(), RemoteService.class).getParameters()[1].getAnnotation(RemoteOptional.class) != null;
        } catch (NoSuchMethodException e) {
            out().println("WARN: cannot determine whether remote is optional: " + e.toString());
            return false;
        }
    }

    @Override // io.bdeploy.common.cli.ToolBase.ConfiguredCliTool
    protected final RenderableResult run(T t) {
        RemoteConfig remoteConfig = (RemoteConfig) getConfig(RemoteConfig.class);
        boolean isOptional = isOptional();
        boolean isTestModeLLM = ToolBase.isTestModeLLM();
        LocalLoginManager localLoginManager = new LocalLoginManager();
        if (!isOptional && !isTestModeLLM && localLoginManager.getCurrent() == null && remoteConfig.useLogin() == null) {
            helpAndFailIfMissing(remoteConfig.remote(), "Missing --remote, --useLogin, or current login using `bdeploy login`");
        }
        RemoteService remoteService = null;
        if (remoteConfig.remote() != null) {
            remoteService = createServiceFromCli(remoteConfig, isOptional);
        } else if (!isTestModeLLM) {
            remoteService = createServiceFromLLM(remoteConfig, isOptional, localLoginManager);
        }
        if (getActivityReporter() instanceof ActivityReporter.Stream) {
            ((ActivityReporter.Stream) getActivityReporter()).setProxyConnector(this::connectProxy);
        }
        JerseyClientFactory.setDefaultReporter(getActivityReporter());
        NoThrowAutoCloseable proxyActivities = getActivityReporter().proxyActivities(remoteService);
        try {
            RenderableResult run = run(t, remoteService);
            if (proxyActivities != null) {
                proxyActivities.close();
            }
            return run;
        } catch (Throwable th) {
            if (proxyActivities != null) {
                try {
                    proxyActivities.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected SecurityContext getLocalContext() {
        return null;
    }

    private RemoteService createServiceFromLLM(RemoteConfig remoteConfig, boolean z, LocalLoginManager localLoginManager) {
        RemoteService namedService = remoteConfig.useLogin() != null ? localLoginManager.getNamedService(remoteConfig.useLogin()) : localLoginManager.getCurrentService();
        if (!z && namedService == null) {
            helpAndFail("Need either --tokenFile, --token or --keystore arguments or a current login session to access remote service");
        }
        return namedService;
    }

    private RemoteService createServiceFromCli(RemoteConfig remoteConfig, boolean z) {
        URI uri = null;
        if (remoteConfig.remote() != null) {
            uri = UriBuilder.fromUri(remoteConfig.remote()).build(new Object[0]);
        }
        if (remoteConfig.tokenFile() != null && remoteConfig.token() != null) {
            out().println("WARNING: both tokenFile and token are given, preferring tokenFile (Hint: check arguments and environment)");
        }
        return createRemoteService(remoteConfig, z, uri);
    }

    private NoThrowAutoCloseable connectProxy(final RemoteService remoteService, final Consumer<List<ActivitySnapshot>> consumer) {
        return new NoThrowAutoCloseable() { // from class: io.bdeploy.jersey.cli.RemoteServiceTool.1
            private ObjectChangeClientWebSocket ws;

            {
                try {
                    JerseyClientFactory jerseyClientFactory = JerseyClientFactory.get(remoteService);
                    Consumer consumer2 = consumer;
                    this.ws = jerseyClientFactory.getObjectChangeWebSocket(objectChangeDto -> {
                        try {
                            consumer2.accept((List) RemoteServiceTool.this.serializer.readValue(objectChangeDto.details.get(JerseyBroadcastingActivityReporter.OCT_ACTIVIES), ActivitySnapshot.LIST_TYPE));
                        } catch (Exception e) {
                            RemoteServiceTool.this.out().println("Cannot read remote activities");
                            e.printStackTrace(RemoteServiceTool.this.out());
                        }
                    });
                    this.ws.subscribe(JerseyBroadcastingActivityReporter.OCT_ACTIVIES, ObjectScope.EMPTY);
                } catch (Exception e) {
                    RemoteServiceTool.this.out().println("Cannot initialize Acitivities WebSocket");
                }
            }

            @Override // io.bdeploy.common.NoThrowAutoCloseable, java.lang.AutoCloseable
            public void close() {
                if (this.ws != null) {
                    this.ws.close();
                }
            }
        };
    }

    private RemoteService createRemoteService(RemoteConfig remoteConfig, boolean z, URI uri) {
        RemoteService remoteService = null;
        if (remoteConfig.tokenFile() != null) {
            try {
                remoteService = new RemoteService(uri, new String(Files.readAllBytes(Paths.get(remoteConfig.tokenFile(), new String[0])), StandardCharsets.UTF_8));
            } catch (IOException e) {
                throw new IllegalStateException("Cannot read token from " + remoteConfig.tokenFile(), e);
            }
        } else if (remoteConfig.token() != null) {
            remoteService = new RemoteService(uri, remoteConfig.token());
        } else if (remoteConfig.keystore() != null) {
            helpAndFailIfMissing(remoteConfig.passphrase(), "Missing --passphrase");
            remoteService = new RemoteService(uri, new OnDiscKeyStore(Paths.get(remoteConfig.keystore(), new String[0]), remoteConfig.passphrase()));
        } else if (uri != null && (uri.getScheme() == null || !uri.getScheme().equals(AsyncHttpProviderUtils.HTTPS))) {
            remoteService = uri.getScheme() == null ? new RemoteService(UriBuilder.fromUri(uri).scheme("file").build(new Object[0])) : new RemoteService(UriBuilder.fromUri(uri).build(new Object[0]));
        } else if (!z) {
            helpAndFail("Need either --tokenFile, --token or --keystore arguments to access remote service");
        }
        return remoteService;
    }

    protected abstract RenderableResult run(T t, RemoteService remoteService);
}
