package org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal;

import java.util.Collection;
import java.util.function.Supplier;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
import org.eclipse.basyx.extensions.shared.authorization.internal.BaSyxObjectTargetInformation;
import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRbacRuleChecker;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRoleAuthenticator;
import org.eclipse.basyx.extensions.shared.authorization.internal.IdHelper;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.SimpleRbacHelper;
import org.eclipse.basyx.extensions.submodel.aggregator.authorization.SubmodelAggregatorScopes;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;

/* loaded from: input_file:BOOT-INF/lib/basyx.sdk-1.3.0.jar:org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/SimpleRbacSubmodelAggregatorAuthorizer.class */
public class SimpleRbacSubmodelAggregatorAuthorizer<SubjectInformationType> implements ISubmodelAggregatorAuthorizer<SubjectInformationType> {
    protected IRbacRuleChecker rbacRuleChecker;
    protected IRoleAuthenticator<SubjectInformationType> roleAuthenticator;

    public SimpleRbacSubmodelAggregatorAuthorizer(IRbacRuleChecker iRbacRuleChecker, IRoleAuthenticator<SubjectInformationType> iRoleAuthenticator) {
        this.rbacRuleChecker = iRbacRuleChecker;
        this.roleAuthenticator = iRoleAuthenticator;
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public Collection<ISubmodel> authorizeGetSubmodelList(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, Supplier<Collection<ISubmodel>> supplier) throws InhibitException {
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public ISubmodel authorizeGetSubmodel(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, IIdentifier iIdentifier, Supplier<ISubmodel> supplier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(iIdentifier), null));
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public ISubmodel authorizeGetSubmodelbyIdShort(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, String str, Supplier<ISubmodel> supplier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(getSmIdUnsecured(supplier)), null));
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public ISubmodelAPI authorizeGetSubmodelAPIById(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, IIdentifier iIdentifier, Supplier<ISubmodelAPI> supplier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(iIdentifier), null));
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, String str, Supplier<ISubmodelAPI> supplier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(getSmIdUnsecuredByAPI(supplier)), null));
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public void authorizeCreateSubmodel(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, IIdentifier iIdentifier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(iIdentifier), null));
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public void authorizeUpdateSubmodel(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, IIdentifier iIdentifier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(iIdentifier), null));
    }

    @Override // org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal.ISubmodelAggregatorAuthorizer
    public void authorizeDeleteSubmodelByIdentifier(SubjectInformationType subjectinformationtype, IAssetAdministrationShell iAssetAdministrationShell, IIdentifier iIdentifier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAASId(iAssetAdministrationShell)), IdHelper.getIdentifierId(iIdentifier), null));
    }

    private IIdentifier getAASId(IAssetAdministrationShell iAssetAdministrationShell) {
        if (iAssetAdministrationShell != null) {
            return iAssetAdministrationShell.getIdentification();
        }
        return null;
    }

    private IIdentifier getSmIdUnsecured(Supplier<ISubmodel> supplier) {
        ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler enterElevatedCodeAuthenticationArea = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea();
        try {
            ISubmodel iSubmodel = supplier.get();
            if (iSubmodel == null) {
                if (enterElevatedCodeAuthenticationArea != null) {
                    enterElevatedCodeAuthenticationArea.close();
                }
                return null;
            }
            IIdentifier identification = iSubmodel.getIdentification();
            if (enterElevatedCodeAuthenticationArea != null) {
                enterElevatedCodeAuthenticationArea.close();
            }
            return identification;
        } catch (Throwable th) {
            if (enterElevatedCodeAuthenticationArea != null) {
                try {
                    enterElevatedCodeAuthenticationArea.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private IIdentifier getSmIdUnsecuredByAPI(Supplier<ISubmodelAPI> supplier) {
        ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler enterElevatedCodeAuthenticationArea = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea();
        try {
            ISubmodelAPI iSubmodelAPI = supplier.get();
            if (iSubmodelAPI == null) {
                if (enterElevatedCodeAuthenticationArea != null) {
                    enterElevatedCodeAuthenticationArea.close();
                }
                return null;
            }
            ISubmodel submodel = iSubmodelAPI.getSubmodel();
            if (submodel == null) {
                if (enterElevatedCodeAuthenticationArea != null) {
                    enterElevatedCodeAuthenticationArea.close();
                }
                return null;
            }
            IIdentifier identification = submodel.getIdentification();
            if (enterElevatedCodeAuthenticationArea != null) {
                enterElevatedCodeAuthenticationArea.close();
            }
            return identification;
        } catch (Throwable th) {
            if (enterElevatedCodeAuthenticationArea != null) {
                try {
                    enterElevatedCodeAuthenticationArea.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
