package org.eclipse.basyx.extensions.aas.api.authorization.internal;

import java.util.function.Supplier;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
import org.eclipse.basyx.extensions.aas.api.authorization.AASAPIScopes;
import org.eclipse.basyx.extensions.shared.authorization.internal.BaSyxObjectTargetInformation;
import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRbacRuleChecker;
import org.eclipse.basyx.extensions.shared.authorization.internal.IRoleAuthenticator;
import org.eclipse.basyx.extensions.shared.authorization.internal.IdHelper;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.SimpleRbacHelper;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;

/* loaded from: input_file:BOOT-INF/lib/basyx.sdk-1.3.0.jar:org/eclipse/basyx/extensions/aas/api/authorization/internal/SimpleRbacAASAPIAuthorizer.class */
public class SimpleRbacAASAPIAuthorizer<SubjectInformationType> implements IAASAPIAuthorizer<SubjectInformationType> {
    protected IRbacRuleChecker rbacRuleChecker;
    protected IRoleAuthenticator<SubjectInformationType> roleAuthenticator;

    public SimpleRbacAASAPIAuthorizer(IRbacRuleChecker iRbacRuleChecker, IRoleAuthenticator<SubjectInformationType> iRoleAuthenticator) {
        this.rbacRuleChecker = iRbacRuleChecker;
        this.roleAuthenticator = iRoleAuthenticator;
    }

    @Override // org.eclipse.basyx.extensions.aas.api.authorization.internal.IAASAPIAuthorizer
    public IAssetAdministrationShell authorizeGetAAS(SubjectInformationType subjectinformationtype, Supplier<IAssetAdministrationShell> supplier) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, AASAPIScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAasId(supplier)), null, null));
        return supplier.get();
    }

    @Override // org.eclipse.basyx.extensions.aas.api.authorization.internal.IAASAPIAuthorizer
    public void authorizeAddSubmodel(SubjectInformationType subjectinformationtype, Supplier<IAssetAdministrationShell> supplier, IReference iReference) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAasId(supplier)), IdHelper.getReferenceId(iReference), null));
    }

    @Override // org.eclipse.basyx.extensions.aas.api.authorization.internal.IAASAPIAuthorizer
    public void authorizeRemoveSubmodel(SubjectInformationType subjectinformationtype, Supplier<IAssetAdministrationShell> supplier, String str) throws InhibitException {
        SimpleRbacHelper.checkRule(this.rbacRuleChecker, this.roleAuthenticator, subjectinformationtype, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(getAasId(supplier)), str, null));
    }

    private IIdentifier getAasId(Supplier<IAssetAdministrationShell> supplier) {
        ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler enterElevatedCodeAuthenticationArea = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea();
        try {
            IAssetAdministrationShell iAssetAdministrationShell = supplier.get();
            if (iAssetAdministrationShell == null) {
                if (enterElevatedCodeAuthenticationArea != null) {
                    enterElevatedCodeAuthenticationArea.close();
                }
                return null;
            }
            IIdentifier identification = iAssetAdministrationShell.getIdentification();
            if (enterElevatedCodeAuthenticationArea != null) {
                enterElevatedCodeAuthenticationArea.close();
            }
            return identification;
        } catch (Throwable th) {
            if (enterElevatedCodeAuthenticationArea != null) {
                try {
                    enterElevatedCodeAuthenticationArea.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
