package org.openremote.manager.notification;

import com.fasterxml.jackson.databind.JsonNode;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.util.Collections;
import java.util.HashMap;
import java.util.logging.Logger;
import org.openremote.container.message.MessageBrokerService;
import org.openremote.container.web.WebResource;
import org.openremote.manager.asset.AssetStorageService;
import org.openremote.manager.security.ManagerIdentityService;
import org.openremote.model.asset.Asset;
import org.openremote.model.http.RequestParams;
import org.openremote.model.notification.Notification;
import org.openremote.model.notification.NotificationResource;
import org.openremote.model.notification.SentNotification;
import org.openremote.model.query.AssetQuery;
import org.openremote.model.util.ValueUtil;

/* loaded from: input_file:org/openremote/manager/notification/NotificationResourceImpl.class */
public class NotificationResourceImpl extends WebResource implements NotificationResource {
    private static final Logger LOG = Logger.getLogger(NotificationResourceImpl.class.getName());
    protected final NotificationService notificationService;
    protected final MessageBrokerService messageBrokerService;
    protected final AssetStorageService assetStorageService;
    protected final ManagerIdentityService managerIdentityService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openremote.manager.notification.NotificationResourceImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/openremote/manager/notification/NotificationResourceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openremote$model$notification$Notification$TargetType = new int[Notification.TargetType.values().length];

        static {
            try {
                $SwitchMap$org$openremote$model$notification$Notification$TargetType[Notification.TargetType.REALM.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openremote$model$notification$Notification$TargetType[Notification.TargetType.USER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openremote$model$notification$Notification$TargetType[Notification.TargetType.ASSET.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public NotificationResourceImpl(NotificationService notificationService, MessageBrokerService messageBrokerService, AssetStorageService assetStorageService, ManagerIdentityService managerIdentityService) {
        this.notificationService = notificationService;
        this.messageBrokerService = messageBrokerService;
        this.assetStorageService = assetStorageService;
        this.managerIdentityService = managerIdentityService;
    }

    public SentNotification[] getNotifications(RequestParams requestParams, Long l, String str, Long l2, Long l3, String str2, String str3, String str4) {
        try {
            return (SentNotification[]) this.notificationService.getNotifications(l != null ? Collections.singletonList(l) : null, str != null ? Collections.singletonList(str) : null, l2, l3, str2 != null ? Collections.singletonList(str2) : null, str3 != null ? Collections.singletonList(str3) : null, str4 != null ? Collections.singletonList(str4) : null).toArray(new SentNotification[0]);
        } catch (IllegalArgumentException e) {
            throw new WebApplicationException("Invalid criteria set", Response.Status.BAD_REQUEST);
        }
    }

    public void removeNotifications(RequestParams requestParams, Long l, String str, Long l2, Long l3, String str2, String str3, String str4) {
        try {
            this.notificationService.removeNotifications(l != null ? Collections.singletonList(l) : null, str != null ? Collections.singletonList(str) : null, l2, l3, str2 != null ? Collections.singletonList(str2) : null, str3 != null ? Collections.singletonList(str3) : null, str4 != null ? Collections.singletonList(str4) : null);
        } catch (IllegalArgumentException e) {
            throw new WebApplicationException("Invalid criteria set", Response.Status.BAD_REQUEST);
        }
    }

    public void removeNotification(RequestParams requestParams, Long l) {
        if (l == null) {
            throw new WebApplicationException("Missing notification ID", Response.Status.BAD_REQUEST);
        }
        this.notificationService.removeNotification(l);
    }

    public void sendNotification(RequestParams requestParams, Notification notification) {
        HashMap hashMap = new HashMap();
        hashMap.put(Notification.HEADER_SOURCE, Notification.Source.CLIENT);
        if (isAuthenticated()) {
            hashMap.put("AUTH_CONTEXT", getAuthContext());
        }
        if (!((Boolean) this.messageBrokerService.getFluentProducerTemplate().withBody(notification).withHeaders(hashMap).to(NotificationService.NOTIFICATION_QUEUE).request(Boolean.class)).booleanValue()) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
    }

    public void notificationDelivered(RequestParams requestParams, String str, Long l) {
        if (l == null) {
            throw new WebApplicationException("Missing notification ID", Response.Status.BAD_REQUEST);
        }
        verifyAccess(this.notificationService.getSentNotification(l), str);
        this.notificationService.setNotificationDelivered(l.longValue());
    }

    public void notificationAcknowledged(RequestParams requestParams, String str, Long l, JsonNode jsonNode) {
        if (l == null) {
            throw new WebApplicationException("Missing notification ID", Response.Status.BAD_REQUEST);
        }
        verifyAccess(this.notificationService.getSentNotification(l), str);
        this.notificationService.setNotificationAcknowledged(l.longValue(), jsonNode == null ? null : (String) ValueUtil.asJSON(jsonNode).orElse(null));
    }

    protected void verifyAccess(SentNotification sentNotification, String str) {
        if (sentNotification == null) {
            LOG.fine("DENIED: Notification not found");
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        if (sentNotification.getTargetId() == null || !sentNotification.getTargetId().equals(str)) {
            LOG.fine("DENIED: Notification target ID doesn't match supplied target ID");
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        if (isSuperUser()) {
            LOG.finest("ALLOWED: Request from super user so allowing");
            return;
        }
        if (!isAuthenticated()) {
            if (sentNotification.getTarget() != Notification.TargetType.ASSET) {
                LOG.fine("DENIED: Anonymous request to update a notification not sent to a public asset");
                throw new WebApplicationException("Anonymous request can only update public assets", Response.Status.FORBIDDEN);
            }
            if (this.assetStorageService.find(sentNotification.getTargetId(), false, AssetQuery.Access.PUBLIC) == null) {
                LOG.fine("DENIED: Anonymous request to update a notification sent to an asset that doesn't exist or isn't public");
                throw new WebApplicationException("Anonymous request can only update public assets not linked to a user", Response.Status.FORBIDDEN);
            }
            return;
        }
        boolean isRestrictedUser = this.managerIdentityService.getIdentityProvider().isRestrictedUser(getAuthContext());
        switch (AnonymousClass1.$SwitchMap$org$openremote$model$notification$Notification$TargetType[sentNotification.getTarget().ordinal()]) {
            case 1:
                if (isRestrictedUser) {
                    LOG.fine("DENIED: Restricted user request to update a notification sent to a realm");
                    throw new WebApplicationException("Restricted users cannot update a realm notification", Response.Status.FORBIDDEN);
                }
                return;
            case 2:
                if (sentNotification.getTargetId().equals(getUserId())) {
                    return;
                }
                LOG.fine("DENIED: User request to update a notification sent to a different user");
                throw new WebApplicationException("Regular and restricted users can only update user notifications sent to themselves", Response.Status.FORBIDDEN);
            case 3:
                Asset<?> find = this.assetStorageService.find(sentNotification.getTargetId(), false);
                if (find == null) {
                    LOG.fine("DENIED: User request to update a notification sent to an asset that doesn't exist");
                    throw new WebApplicationException("Asset not found", Response.Status.NOT_FOUND);
                }
                if (!find.getRealm().equals(getAuthenticatedRealmName())) {
                    LOG.fine("DENIED: User request to update a notification sent to an asset that is in another realm");
                    throw new WebApplicationException("Asset not in users realm", Response.Status.FORBIDDEN);
                }
                if (!isRestrictedUser || this.assetStorageService.isUserAsset(getUserId(), find.getId())) {
                    return;
                }
                LOG.fine("DENIED: Restricted user request to update a notification sent to an asset that isn't linked to themselves");
                throw new WebApplicationException("Asset not linked to restricted user", Response.Status.FORBIDDEN);
            default:
                return;
        }
    }
}
