package se.arkalix.core.plugin;

import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.arkalix.ArService;
import se.arkalix.ArSystem;
import se.arkalix.core.plugin.dto.ErrorDto;
import se.arkalix.core.plugin.dto.OrchestrationOption;
import se.arkalix.core.plugin.dto.OrchestrationQueryBuilder;
import se.arkalix.core.plugin.dto.ServiceDetails;
import se.arkalix.core.plugin.dto.ServiceQueryBuilder;
import se.arkalix.core.plugin.dto.ServiceQueryDto;
import se.arkalix.core.plugin.dto.ServiceQueryResultDto;
import se.arkalix.core.plugin.dto.ServiceRegistrationBuilder;
import se.arkalix.core.plugin.dto.ServiceRegistrationDto;
import se.arkalix.core.plugin.dto.SystemDetailsBuilder;
import se.arkalix.core.plugin.dto.SystemDetailsDto;
import se.arkalix.description.ProviderDescription;
import se.arkalix.description.ServiceDescription;
import se.arkalix.descriptor.EncodingDescriptor;
import se.arkalix.descriptor.InterfaceDescriptor;
import se.arkalix.descriptor.SecurityDescriptor;
import se.arkalix.descriptor.TransportDescriptor;
import se.arkalix.dto.DtoEncoding;
import se.arkalix.internal.security.identity.X509Keys;
import se.arkalix.net.http.HttpStatus;
import se.arkalix.net.http.client.HttpClient;
import se.arkalix.net.http.client.HttpClientConnection;
import se.arkalix.net.http.client.HttpClientResponseRejectedException;
import se.arkalix.plugin.Plug;
import se.arkalix.plugin.Plugin;
import se.arkalix.query.ServiceQuery;
import se.arkalix.security.access.AccessByToken;
import se.arkalix.security.access.AccessPolicy;
import se.arkalix.security.identity.SystemIdentity;
import se.arkalix.security.identity.UnsupportedKeyAlgorithm;
import se.arkalix.util.Result;
import se.arkalix.util.concurrent.Future;
import se.arkalix.util.concurrent.FutureAnnouncement;

/* loaded from: input_file:se/arkalix/core/plugin/HttpJsonCoreIntegrator.class */
public class HttpJsonCoreIntegrator implements Plugin {
    private static final Logger logger = LoggerFactory.getLogger(HttpJsonCoreIntegrator.class);
    private final InetSocketAddress serviceRegistrySocketAddress;
    private final String serviceDiscoveryBasePath;
    private final ArOrchestrationStrategy orchestrationStrategy;
    private final Object serviceDiscoveryLock = new Object();
    private FutureAnnouncement<HttpJsonServiceDiscovery> serviceDiscoveryAnnouncement = null;
    private final Object orchestrationLock = new Object();
    private FutureAnnouncement<HttpJsonOrchestration> orchestrationAnnouncement = null;
    private HttpClient client = null;
    private final Object authorizationKeyLock = new Object();
    private FutureAnnouncement<PublicKey> authorizationKeyAnnouncement = null;

    /* loaded from: input_file:se/arkalix/core/plugin/HttpJsonCoreIntegrator$Builder.class */
    public static class Builder {
        private String serviceDiscoveryBasePath;
        private InetSocketAddress serviceRegistrySocketAddress;
        private ArOrchestrationStrategy orchestrationStrategy;

        public Builder serviceDiscoveryBasePath(String str) {
            this.serviceDiscoveryBasePath = str;
            return this;
        }

        public Builder serviceRegistrySocketAddress(InetSocketAddress inetSocketAddress) {
            this.serviceRegistrySocketAddress = inetSocketAddress;
            return this;
        }

        public Builder orchestrationStrategy(ArOrchestrationStrategy arOrchestrationStrategy) {
            this.orchestrationStrategy = arOrchestrationStrategy;
            return this;
        }

        public HttpJsonCoreIntegrator build() {
            return new HttpJsonCoreIntegrator(this);
        }
    }

    private HttpJsonCoreIntegrator(Builder builder) {
        this.serviceDiscoveryBasePath = (String) Objects.requireNonNullElse(builder.serviceDiscoveryBasePath, "/serviceregistry");
        this.serviceRegistrySocketAddress = (InetSocketAddress) Objects.requireNonNull(builder.serviceRegistrySocketAddress, "Expected serviceRegistrySocketAddress");
        this.orchestrationStrategy = (ArOrchestrationStrategy) Objects.requireNonNullElse(builder.orchestrationStrategy, ArOrchestrationStrategy.STORED_THEN_DYNAMIC);
    }

    public static HttpJsonCoreIntegrator viaServiceRegistryAt(InetSocketAddress inetSocketAddress) {
        return new Builder().serviceRegistrySocketAddress(inetSocketAddress).build();
    }

    public void onAttach(Plug plug) throws Exception {
        this.client = HttpClient.from(plug.system());
        if (logger.isInfoEnabled()) {
            logger.info("HTTP/JSON core integrator attached to \"{}\"", plug.system().name());
        }
    }

    public void onDetach(Plug plug) {
        if (logger.isInfoEnabled()) {
            logger.info("HTTP/JSON core integrator detached from \"{}\"", plug.system().name());
        }
    }

    public void onDetach(Plug plug, Throwable th) {
        if (logger.isErrorEnabled()) {
            logger.error("HTTP/JSON core integrator forcibly detached from \"" + plug.system().name() + "\"", th);
        }
    }

    public Future<?> onServicePrepared(Plug plug, ArService arService) {
        AccessPolicy accessPolicy = arService.accessPolicy();
        return accessPolicy instanceof AccessByToken ? requestAuthorizationKey().map(publicKey -> {
            ((AccessByToken) accessPolicy).authorizationKey(publicKey);
            return null;
        }) : Future.done();
    }

    public Future<?> onServiceProvided(Plug plug, ServiceDescription serviceDescription) {
        if (logger.isInfoEnabled()) {
            logger.info("System \"{}\" is now registering \"{}\" ...", plug.system().name(), serviceDescription.name());
        }
        ProviderDescription provider = serviceDescription.provider();
        InetSocketAddress socketAddress = provider.socketAddress();
        ServiceRegistrationDto build = new ServiceRegistrationBuilder().name(serviceDescription.name()).provider(new SystemDetailsBuilder().name(provider.name()).hostname(socketAddress.getAddress().getHostAddress()).port(socketAddress.getPort()).publicKeyBase64(provider.isSecure() ? Base64.getEncoder().encodeToString(provider.publicKey().getEncoded()) : null).build()).uri(serviceDescription.uri()).security(serviceDescription.security()).metadata(serviceDescription.metadata()).version(Integer.valueOf(serviceDescription.version())).interfaces(new ArrayList(serviceDescription.interfaces())).build();
        return requestServiceDiscovery().flatMap(httpJsonServiceDiscovery -> {
            return httpJsonServiceDiscovery.register(build).flatMapCatch(HttpClientResponseRejectedException.class, httpClientResponseRejectedException -> {
                return httpClientResponseRejectedException.status() == HttpStatus.BAD_REQUEST ? httpClientResponseRejectedException.unwrap().bodyAs(DtoEncoding.JSON, ErrorDto.class).flatMap(errorDto -> {
                    return !"INVALID_PARAMETER".equals(errorDto.type()) ? Future.failure(errorDto.toException()) : httpJsonServiceDiscovery.unregister(serviceDescription.name(), provider.name(), socketAddress.getHostString(), socketAddress.getPort()).flatMap(obj -> {
                        return httpJsonServiceDiscovery.register(build).pass((Object) null);
                    });
                }).pass((Object) null) : Future.failure(httpClientResponseRejectedException);
            }).mapResult(result -> {
                if (result.isSuccess()) {
                    if (logger.isInfoEnabled()) {
                        logger.info("System \"{}\" has registered \"{}\"", plug.system().name(), serviceDescription.name());
                    }
                } else if (logger.isErrorEnabled()) {
                    logger.error("System \"" + plug.system().name() + "\" failed to register \"" + serviceDescription.name() + "\"", result.fault());
                }
                return result;
            });
        });
    }

    public void onServiceDismissed(Plug plug, ServiceDescription serviceDescription) {
        if (logger.isInfoEnabled()) {
            logger.info("System \"{}\" is now unregistering \"{}\" ...", plug.system().name(), serviceDescription.name());
        }
        ProviderDescription provider = serviceDescription.provider();
        InetSocketAddress socketAddress = provider.socketAddress();
        requestServiceDiscovery().flatMap(httpJsonServiceDiscovery -> {
            return httpJsonServiceDiscovery.unregister(serviceDescription.name(), provider.name(), socketAddress.getAddress().getHostAddress(), socketAddress.getPort());
        }).onResult(result -> {
            if (result.isSuccess()) {
                if (logger.isInfoEnabled()) {
                    logger.info("System \"{}\" has unregistered \"{}\"", plug.system().name(), serviceDescription.name());
                }
            } else if (logger.isWarnEnabled()) {
                logger.warn("Failed to unregister service \"" + serviceDescription.name() + "\"", result.fault());
            }
        });
    }

    public Future<Collection<ServiceDescription>> onServiceQueried(Plug plug, ServiceQuery serviceQuery) {
        ArSystem system = plug.system();
        switch (this.orchestrationStrategy) {
            case STORED_ONLY:
                return queryOrchestratorForStoredRules(system);
            case STORED_THEN_DYNAMIC:
                return queryOrchestratorForStoredRules(system).flatMap(collection -> {
                    Stream stream = collection.stream();
                    Objects.requireNonNull(serviceQuery);
                    return stream.anyMatch(serviceQuery::matches) ? Future.success(collection) : queryOrchestratorForDynamicRules(system, serviceQuery);
                });
            case DYNAMIC_ONLY:
                return queryOrchestratorForDynamicRules(system, serviceQuery);
            default:
                throw new IllegalStateException("Unsupported orchestration strategy: " + this.orchestrationStrategy);
        }
    }

    private Future<HttpJsonServiceDiscovery> requestServiceDiscovery() {
        Future<HttpJsonServiceDiscovery> subscribe;
        synchronized (this.serviceDiscoveryLock) {
            if (this.serviceDiscoveryAnnouncement == null) {
                if (logger.isInfoEnabled()) {
                    logger.info("HTTP/JSON core integrator connecting to \"service_registry\" system at {} ...", this.serviceRegistrySocketAddress);
                }
                this.serviceDiscoveryAnnouncement = this.client.connect(this.serviceRegistrySocketAddress).mapResult(result -> {
                    ProviderDescription providerDescription;
                    if (result.isFailure()) {
                        return Result.failure(result.fault());
                    }
                    HttpClientConnection httpClientConnection = (HttpClientConnection) result.value();
                    boolean isSecure = httpClientConnection.isSecure();
                    if (isSecure) {
                        SystemIdentity systemIdentity = new SystemIdentity(httpClientConnection.certificateChain());
                        String name = systemIdentity.name();
                        if (!Objects.equals(name, "service_registry")) {
                            return Result.failure(new ArCoreIntegrationException("HTTP/JSON core integrator connected to system at " + this.serviceRegistrySocketAddress + " and found that its certificate name is \"" + name + "\" while expecting it to be \"service_registry\"; failed to resolve service discovery service "));
                        }
                        providerDescription = new ProviderDescription(name, this.serviceRegistrySocketAddress, systemIdentity.publicKey());
                    } else {
                        providerDescription = new ProviderDescription("service_registry", this.serviceRegistrySocketAddress);
                    }
                    HttpJsonServiceDiscovery httpJsonServiceDiscovery = new HttpJsonServiceDiscovery(this.client, new ServiceDescription.Builder().name("service-discovery").provider(providerDescription).uri(this.serviceDiscoveryBasePath).security(isSecure ? SecurityDescriptor.CERTIFICATE : SecurityDescriptor.NOT_SECURE).interfaces(new InterfaceDescriptor[]{InterfaceDescriptor.getOrCreate(TransportDescriptor.HTTP, isSecure, EncodingDescriptor.JSON)}).build());
                    httpClientConnection.close();
                    if (logger.isInfoEnabled()) {
                        logger.info("HTTP/JSON core integrator connected to \"service_registry\" system at {}", this.serviceRegistrySocketAddress);
                    }
                    return Result.success(httpJsonServiceDiscovery);
                }).ifFailure(Throwable.class, th -> {
                    if (logger.isErrorEnabled()) {
                        logger.error("HTTP/JSON core integrator failed to connect to \"service_registry\" system at " + this.serviceRegistrySocketAddress, th);
                    }
                }).toAnnouncement();
            }
            subscribe = this.serviceDiscoveryAnnouncement.subscribe();
        }
        return subscribe;
    }

    private Future<PublicKey> requestAuthorizationKey() {
        Future<PublicKey> subscribe;
        synchronized (this.authorizationKeyLock) {
            if (this.authorizationKeyAnnouncement == null) {
                if (logger.isInfoEnabled()) {
                    logger.info("HTTP/JSON core integrator requesting authorization key ...");
                }
                this.authorizationKeyAnnouncement = requestServiceDiscovery().flatMap(httpJsonServiceDiscovery -> {
                    return httpJsonServiceDiscovery.query(new ServiceQueryBuilder().name("auth-public-key").build());
                }).mapResult(result -> {
                    if (result.isFailure()) {
                        return Result.failure(result.fault());
                    }
                    List<ServiceDetails> services = ((ServiceQueryResultDto) result.value()).services();
                    if (services.size() == 0) {
                        return Result.failure(new ArCoreIntegrationException("No \"auth-public-key\" service seems to be available via the service registry at: " + this.serviceRegistrySocketAddress + "; token authorization not possible"));
                    }
                    String str = null;
                    Iterator<ServiceDetails> it = services.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Optional<String> publicKeyBase64 = it.next().provider().publicKeyBase64();
                        if (publicKeyBase64.isPresent()) {
                            str = publicKeyBase64.get();
                            break;
                        }
                    }
                    if (str == null) {
                        return Result.failure(new ArCoreIntegrationException("Even though the service registry provided descriptions for " + services.size() + " \"auth-public-key\" service(s), none of them contains an authorization system public key; token authorization not possible"));
                    }
                    try {
                        PublicKey parsePublicKey = X509Keys.parsePublicKey(str);
                        if (logger.isInfoEnabled()) {
                            logger.info("Authorization key retrieved: {}", str);
                        }
                        return Result.success(parsePublicKey);
                    } catch (UnsupportedKeyAlgorithm e) {
                        return Result.failure(new ArCoreIntegrationException("The \"auth-public-key\" service provider public key seems to use an unsupported key algorithm; token authorization not possible", e));
                    }
                }).ifFailure(Throwable.class, th -> {
                    if (logger.isWarnEnabled()) {
                        logger.warn("Failed to retrieve authorization key", th);
                    }
                }).toAnnouncement();
            }
            subscribe = this.authorizationKeyAnnouncement.subscribe();
        }
        return subscribe;
    }

    private Future<HttpJsonOrchestration> requestOrchestration() {
        Future<HttpJsonOrchestration> subscribe;
        synchronized (this.orchestrationLock) {
            if (this.orchestrationAnnouncement == null) {
                if (logger.isInfoEnabled()) {
                    logger.info("HTTP/JSON core integrator connecting to \"orchestrator\" system ...");
                }
                boolean isSecure = this.client.isSecure();
                this.orchestrationAnnouncement = requestServiceDiscovery().flatMap(httpJsonServiceDiscovery -> {
                    ServiceQueryBuilder interfaces = new ServiceQueryBuilder().name("orchestration-service").interfaces(InterfaceDescriptor.getOrCreate(TransportDescriptor.HTTP, isSecure, EncodingDescriptor.JSON));
                    SecurityDescriptor[] securityDescriptorArr = new SecurityDescriptor[1];
                    securityDescriptorArr[0] = isSecure ? SecurityDescriptor.CERTIFICATE : SecurityDescriptor.NOT_SECURE;
                    return httpJsonServiceDiscovery.query(interfaces.securityModes(securityDescriptorArr).build());
                }).flatMapResult(result -> {
                    if (result.isFailure()) {
                        return Future.failure(result.fault());
                    }
                    List<ServiceDetails> services = ((ServiceQueryResultDto) result.value()).services();
                    if (services.isEmpty()) {
                        return Future.failure(new ArCoreIntegrationException("No orchestration service available; cannot request orchestration rules"));
                    }
                    HttpJsonOrchestration httpJsonOrchestration = new HttpJsonOrchestration(this.client, services.get(0).toServiceDescription());
                    if (logger.isInfoEnabled()) {
                        logger.info("Orchestration service resolved at {}", httpJsonOrchestration.service().provider().socketAddress());
                    }
                    return Future.success(httpJsonOrchestration);
                }).ifFailure(Throwable.class, th -> {
                    if (logger.isErrorEnabled()) {
                        logger.error("HTTP/JSON core integrator failed to connect to \"orchestrator\" system", th);
                    }
                }).toAnnouncement();
            }
            subscribe = this.orchestrationAnnouncement.subscribe();
        }
        return subscribe;
    }

    private Future<Collection<ServiceDescription>> queryOrchestratorForDynamicRules(ArSystem arSystem, ServiceQuery serviceQuery) {
        HashMap hashMap = new HashMap();
        hashMap.put(OrchestrationOption.OVERRIDE_STORE, true);
        if (!serviceQuery.metadata().isEmpty()) {
            hashMap.put(OrchestrationOption.METADATA_SEARCH, true);
        }
        return requestOrchestration().flatMap(httpJsonOrchestration -> {
            return httpJsonOrchestration.query(new OrchestrationQueryBuilder().requester(systemToSystemDetailsDto(arSystem)).service(queryToServiceQueryDto(serviceQuery)).options(hashMap).build());
        }).map(orchestrationQueryResultDto -> {
            return (Collection) orchestrationQueryResultDto.services().stream().map((v0) -> {
                return v0.toServiceDescription();
            }).collect(Collectors.toUnmodifiableList());
        });
    }

    private Future<Collection<ServiceDescription>> queryOrchestratorForStoredRules(ArSystem arSystem) {
        return requestOrchestration().flatMap(httpJsonOrchestration -> {
            return httpJsonOrchestration.query(new OrchestrationQueryBuilder().requester(systemToSystemDetailsDto(arSystem)).build());
        }).map(orchestrationQueryResultDto -> {
            return (Collection) orchestrationQueryResultDto.services().stream().map((v0) -> {
                return v0.toServiceDescription();
            }).collect(Collectors.toUnmodifiableList());
        });
    }

    private static ServiceQueryDto queryToServiceQueryDto(ServiceQuery serviceQuery) {
        boolean isSecure = serviceQuery.isSecure();
        return new ServiceQueryBuilder().name((String) serviceQuery.name().orElse(null)).interfaces((List<InterfaceDescriptor>) serviceQuery.transports().stream().flatMap(transportDescriptor -> {
            return serviceQuery.encodings().stream().map(encodingDescriptor -> {
                return InterfaceDescriptor.getOrCreate(transportDescriptor, isSecure, encodingDescriptor);
            });
        }).collect(Collectors.toUnmodifiableList())).metadata(serviceQuery.metadata()).version((Integer) serviceQuery.version().orElse(null)).versionMax((Integer) serviceQuery.versionMax().orElse(null)).versionMin((Integer) serviceQuery.versionMin().orElse(null)).build();
    }

    private static SystemDetailsDto systemToSystemDetailsDto(ArSystem arSystem) {
        return new SystemDetailsBuilder().name(arSystem.name()).hostname(arSystem.localSocketAddress().getAddress().getHostAddress()).port(arSystem.localPort()).publicKeyBase64(arSystem.isSecure() ? Base64.getEncoder().encodeToString(arSystem.identity().publicKey().getEncoded()) : null).build();
    }
}
