package io.camunda.zeebe.engine.processing.identity;

import io.camunda.zeebe.engine.processing.ExcludeAuthorizationCheck;
import io.camunda.zeebe.engine.processing.distribution.CommandDistributionBehavior;
import io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.StateWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedRejectionWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.Writers;
import io.camunda.zeebe.engine.state.distribution.DistributionQueue;
import io.camunda.zeebe.engine.state.immutable.MappingState;
import io.camunda.zeebe.engine.state.immutable.ProcessingState;
import io.camunda.zeebe.engine.state.immutable.RoleState;
import io.camunda.zeebe.engine.state.immutable.TenantState;
import io.camunda.zeebe.engine.state.immutable.UserState;
import io.camunda.zeebe.protocol.impl.record.value.authorization.AuthorizationRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.IdentitySetupRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.MappingRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.Permission;
import io.camunda.zeebe.protocol.impl.record.value.authorization.RoleRecord;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.impl.record.value.user.UserRecord;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.intent.AuthorizationIntent;
import io.camunda.zeebe.protocol.record.intent.IdentitySetupIntent;
import io.camunda.zeebe.protocol.record.intent.MappingIntent;
import io.camunda.zeebe.protocol.record.intent.RoleIntent;
import io.camunda.zeebe.protocol.record.intent.TenantIntent;
import io.camunda.zeebe.protocol.record.intent.UserIntent;
import io.camunda.zeebe.protocol.record.value.AuthorizationOwnerType;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.EntityType;
import io.camunda.zeebe.protocol.record.value.MappingRecordValue;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.protocol.record.value.UserRecordValue;
import io.camunda.zeebe.stream.api.records.TypedRecord;
import io.camunda.zeebe.stream.api.state.KeyGenerator;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.agrona.collections.MutableBoolean;

@ExcludeAuthorizationCheck
/* loaded from: input_file:io/camunda/zeebe/engine/processing/identity/IdentitySetupInitializeProcessor.class */
public final class IdentitySetupInitializeProcessor implements DistributedTypedRecordProcessor<IdentitySetupRecord> {
    private final RoleState roleState;
    private final UserState userState;
    private final TenantState tenantState;
    private final StateWriter stateWriter;
    private final KeyGenerator keyGenerator;
    private final CommandDistributionBehavior commandDistributionBehavior;
    private final MappingState mappingState;
    private final TypedRejectionWriter rejectionWriter;

    public IdentitySetupInitializeProcessor(ProcessingState processingState, Writers writers, KeyGenerator keyGenerator, CommandDistributionBehavior commandDistributionBehavior) {
        this.roleState = processingState.getRoleState();
        this.userState = processingState.getUserState();
        this.tenantState = processingState.getTenantState();
        this.mappingState = processingState.getMappingState();
        this.stateWriter = writers.state();
        this.rejectionWriter = writers.rejection();
        this.keyGenerator = keyGenerator;
        this.commandDistributionBehavior = commandDistributionBehavior;
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processNewCommand(TypedRecord<IdentitySetupRecord> typedRecord) {
        IdentitySetupRecord value = typedRecord.getValue();
        if (!createNewEntities(value)) {
            this.rejectionWriter.appendRejection(typedRecord, RejectionType.ALREADY_EXISTS, "Entities already exist");
            return;
        }
        long nextKey = this.keyGenerator.nextKey();
        this.stateWriter.appendFollowUpEvent(nextKey, IdentitySetupIntent.INITIALIZED, value);
        this.commandDistributionBehavior.withKey(nextKey).inQueue(DistributionQueue.IDENTITY).distribute(typedRecord);
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processDistributedCommand(TypedRecord<IdentitySetupRecord> typedRecord) {
        createDistributedEntities(typedRecord.getKey(), typedRecord.getValue());
        this.stateWriter.appendFollowUpEvent(typedRecord.getKey(), IdentitySetupIntent.INITIALIZED, typedRecord.getValue());
        this.commandDistributionBehavior.acknowledgeCommand(typedRecord);
    }

    private boolean createNewEntities(IdentitySetupRecord identitySetupRecord) {
        MutableBoolean mutableBoolean = new MutableBoolean(false);
        RoleRecord defaultRole = identitySetupRecord.getDefaultRole();
        Optional<Long> roleKeyByName = this.roleState.getRoleKeyByName(defaultRole.getName());
        Objects.requireNonNull(defaultRole);
        roleKeyByName.ifPresentOrElse((v1) -> {
            r1.setRoleKey(v1);
        }, () -> {
            mutableBoolean.set(true);
            defaultRole.setRoleKey(this.keyGenerator.nextKey());
            createRole(defaultRole);
        });
        Stream<UserRecordValue> stream = identitySetupRecord.getUsers().stream();
        Class<UserRecord> cls = UserRecord.class;
        Objects.requireNonNull(UserRecord.class);
        stream.map((v1) -> {
            return r1.cast(v1);
        }).forEach(userRecord -> {
            this.userState.getUser(userRecord.getUsername()).map((v0) -> {
                return v0.getUserKey();
            }).ifPresentOrElse(l -> {
                userRecord.setUserKey(l.longValue());
                if (assignEntityToRole(defaultRole.getRoleKey(), l.longValue(), EntityType.USER)) {
                    mutableBoolean.set(true);
                }
            }, () -> {
                mutableBoolean.set(true);
                userRecord.setUserKey(this.keyGenerator.nextKey());
                createUser(userRecord, defaultRole.getRoleKey());
            });
        });
        TenantRecord defaultTenant = identitySetupRecord.getDefaultTenant();
        Optional<Long> tenantKeyById = this.tenantState.getTenantKeyById(defaultTenant.getTenantId());
        Objects.requireNonNull(defaultTenant);
        tenantKeyById.ifPresentOrElse((v1) -> {
            r1.setTenantKey(v1);
        }, () -> {
            mutableBoolean.set(true);
            defaultTenant.setTenantKey(this.keyGenerator.nextKey());
            createTenant(defaultTenant);
        });
        Stream<MappingRecordValue> stream2 = identitySetupRecord.getMappings().stream();
        Class<MappingRecord> cls2 = MappingRecord.class;
        Objects.requireNonNull(MappingRecord.class);
        stream2.map((v1) -> {
            return r1.cast(v1);
        }).forEach(mappingRecord -> {
            this.mappingState.get(mappingRecord.getClaimName(), mappingRecord.getClaimValue()).map((v0) -> {
                return v0.getMappingKey();
            }).ifPresentOrElse(l -> {
                mappingRecord.setMappingKey(l.longValue());
                if (assignEntityToRole(defaultRole.getRoleKey(), l.longValue(), EntityType.MAPPING)) {
                    mutableBoolean.set(true);
                }
            }, () -> {
                mutableBoolean.set(true);
                mappingRecord.setMappingKey(this.keyGenerator.nextKey());
                createMapping(mappingRecord, defaultRole.getRoleKey());
            });
        });
        return mutableBoolean.get();
    }

    private void createDistributedEntities(long j, IdentitySetupRecord identitySetupRecord) {
        RoleRecord defaultRole = identitySetupRecord.getDefaultRole();
        if (this.roleState.getRole(defaultRole.getRoleKey()).isEmpty()) {
            createRole(defaultRole);
        }
        Stream<UserRecordValue> stream = identitySetupRecord.getUsers().stream();
        Class<UserRecord> cls = UserRecord.class;
        Objects.requireNonNull(UserRecord.class);
        stream.map((v1) -> {
            return r1.cast(v1);
        }).forEach(userRecord -> {
            this.userState.getUser(userRecord.getUserKey().longValue()).ifPresentOrElse(persistedUser -> {
                assignEntityToRole(defaultRole.getRoleKey(), persistedUser.getUserKey(), EntityType.USER);
            }, () -> {
                createUser(userRecord, defaultRole.getRoleKey());
            });
        });
        if (this.tenantState.getTenantByKey(identitySetupRecord.getDefaultTenant().getTenantKey()).isEmpty()) {
            createTenant(identitySetupRecord.getDefaultTenant());
        }
        Stream<MappingRecordValue> stream2 = identitySetupRecord.getMappings().stream();
        Class<MappingRecord> cls2 = MappingRecord.class;
        Objects.requireNonNull(MappingRecord.class);
        stream2.map((v1) -> {
            return r1.cast(v1);
        }).forEach(mappingRecord -> {
            this.mappingState.get(mappingRecord.getClaimName(), mappingRecord.getClaimValue()).ifPresentOrElse(persistedMapping -> {
                assignEntityToRole(defaultRole.getRoleKey(), persistedMapping.getMappingKey(), EntityType.MAPPING);
            }, () -> {
                createMapping(mappingRecord, defaultRole.getRoleKey());
            });
        });
    }

    private void createRole(RoleRecord roleRecord) {
        this.stateWriter.appendFollowUpEvent(roleRecord.getRoleKey(), RoleIntent.CREATED, roleRecord);
        addAllPermissions(roleRecord.getRoleKey());
    }

    private void createUser(UserRecord userRecord, long j) {
        this.stateWriter.appendFollowUpEvent(userRecord.getUserKey().longValue(), UserIntent.CREATED, userRecord);
        assignEntityToRole(j, userRecord.getUserKey().longValue(), EntityType.USER);
    }

    private void createTenant(TenantRecord tenantRecord) {
        this.stateWriter.appendFollowUpEvent(tenantRecord.getTenantKey(), TenantIntent.CREATED, tenantRecord);
    }

    private void createMapping(MappingRecord mappingRecord, long j) {
        this.stateWriter.appendFollowUpEvent(mappingRecord.getMappingKey(), MappingIntent.CREATED, mappingRecord);
        assignEntityToRole(j, mappingRecord.getMappingKey(), EntityType.MAPPING);
    }

    private boolean assignEntityToRole(long j, long j2, EntityType entityType) {
        if (this.roleState.getEntityType(j, j2).isPresent()) {
            return false;
        }
        this.stateWriter.appendFollowUpEvent(j, RoleIntent.ENTITY_ADDED, new RoleRecord().setRoleKey(j).setEntityKey(j2).setEntityType(entityType));
        return true;
    }

    private void addAllPermissions(long j) {
        for (AuthorizationResourceType authorizationResourceType : AuthorizationResourceType.values()) {
            AuthorizationRecord ownerType = new AuthorizationRecord().setOwnerKey(Long.valueOf(j)).setOwnerType(AuthorizationOwnerType.ROLE);
            ownerType.setResourceType(authorizationResourceType);
            for (PermissionType permissionType : PermissionType.values()) {
                ownerType.addPermission(new Permission().setPermissionType(permissionType).addResourceId("*"));
            }
            this.stateWriter.appendFollowUpEvent(j, AuthorizationIntent.PERMISSION_ADDED, ownerType);
        }
    }
}
