package com.hivemq.extensions.handler;

import com.google.common.collect.UnmodifiableIterator;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.MoreExecutors;
import com.google.common.util.concurrent.SettableFuture;
import com.hivemq.bootstrap.ClientConnection;
import com.hivemq.bootstrap.ClientConnectionContext;
import com.hivemq.configuration.service.InternalConfigurations;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extension.sdk.api.auth.parameter.AuthorizerProviderInput;
import com.hivemq.extension.sdk.api.client.parameter.ServerInformation;
import com.hivemq.extension.sdk.api.services.auth.provider.AuthorizerProvider;
import com.hivemq.extensions.ExtensionPriorityComparator;
import com.hivemq.extensions.HiveMQExtensions;
import com.hivemq.extensions.auth.parameter.AuthorizerProviderInputImpl;
import com.hivemq.extensions.auth.parameter.PublishAuthorizerInputImpl;
import com.hivemq.extensions.auth.parameter.PublishAuthorizerOutputImpl;
import com.hivemq.extensions.auth.parameter.SubscriptionAuthorizerInputImpl;
import com.hivemq.extensions.auth.parameter.SubscriptionAuthorizerOutputImpl;
import com.hivemq.extensions.client.ClientAuthorizers;
import com.hivemq.extensions.client.ClientAuthorizersImpl;
import com.hivemq.extensions.executor.PluginOutPutAsyncer;
import com.hivemq.extensions.executor.PluginTaskExecutorService;
import com.hivemq.extensions.handler.tasks.AllTopicsProcessedTask;
import com.hivemq.extensions.handler.tasks.PublishAuthorizationProcessedTask;
import com.hivemq.extensions.handler.tasks.PublishAuthorizerContext;
import com.hivemq.extensions.handler.tasks.PublishAuthorizerResult;
import com.hivemq.extensions.handler.tasks.PublishAuthorizerTask;
import com.hivemq.extensions.handler.tasks.SubscriptionAuthorizerContext;
import com.hivemq.extensions.handler.tasks.SubscriptionAuthorizerTask;
import com.hivemq.extensions.handler.tasks.WillPublishAuthorizationProcessedTask;
import com.hivemq.extensions.packets.general.UserPropertiesImpl;
import com.hivemq.extensions.services.auth.Authorizers;
import com.hivemq.mqtt.handler.disconnect.MqttServerDisconnector;
import com.hivemq.mqtt.handler.publish.IncomingPublishService;
import com.hivemq.mqtt.handler.subscribe.IncomingSubscribeService;
import com.hivemq.mqtt.message.connect.CONNECT;
import com.hivemq.mqtt.message.publish.PUBLISH;
import com.hivemq.mqtt.message.reason.Mqtt5DisconnectReasonCode;
import com.hivemq.mqtt.message.subscribe.SUBSCRIBE;
import com.hivemq.mqtt.message.subscribe.Topic;
import com.hivemq.util.Topics;
import io.netty.channel.ChannelHandlerContext;
import java.util.ArrayList;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:com/hivemq/extensions/handler/PluginAuthorizerServiceImpl.class */
public class PluginAuthorizerServiceImpl implements PluginAuthorizerService {

    @NotNull
    private final Authorizers authorizers;

    @NotNull
    private final PluginOutPutAsyncer asyncer;

    @NotNull
    private final PluginTaskExecutorService pluginTaskExecutorService;

    @NotNull
    private final ServerInformation serverInformation;

    @NotNull
    private final MqttServerDisconnector mqttServerDisconnector;

    @NotNull
    private final ExtensionPriorityComparator extensionPriorityComparator;

    @NotNull
    private final IncomingPublishService incomingPublishService;

    @NotNull
    private final IncomingSubscribeService incomingSubscribeService;
    private final boolean allowDollarTopics = InternalConfigurations.MQTT_ALLOW_DOLLAR_TOPICS.get();

    /* loaded from: input_file:com/hivemq/extensions/handler/PluginAuthorizerServiceImpl$AuthorizeWillResultEvent.class */
    public static class AuthorizeWillResultEvent {

        @NotNull
        private final CONNECT connect;

        @NotNull
        private final PublishAuthorizerResult result;

        public AuthorizeWillResultEvent(@NotNull CONNECT connect, @NotNull PublishAuthorizerResult publishAuthorizerResult) {
            this.connect = connect;
            this.result = publishAuthorizerResult;
        }

        @NotNull
        public CONNECT getConnect() {
            return this.connect;
        }

        @NotNull
        public PublishAuthorizerResult getResult() {
            return this.result;
        }
    }

    @Inject
    public PluginAuthorizerServiceImpl(@NotNull Authorizers authorizers, @NotNull PluginOutPutAsyncer pluginOutPutAsyncer, @NotNull PluginTaskExecutorService pluginTaskExecutorService, @NotNull ServerInformation serverInformation, @NotNull HiveMQExtensions hiveMQExtensions, @NotNull MqttServerDisconnector mqttServerDisconnector, @NotNull IncomingPublishService incomingPublishService, @NotNull IncomingSubscribeService incomingSubscribeService) {
        this.authorizers = authorizers;
        this.asyncer = pluginOutPutAsyncer;
        this.pluginTaskExecutorService = pluginTaskExecutorService;
        this.serverInformation = serverInformation;
        this.incomingPublishService = incomingPublishService;
        this.mqttServerDisconnector = mqttServerDisconnector;
        this.extensionPriorityComparator = new ExtensionPriorityComparator(hiveMQExtensions);
        this.incomingSubscribeService = incomingSubscribeService;
    }

    @Override // com.hivemq.extensions.handler.PluginAuthorizerService
    public void authorizePublish(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull PUBLISH publish) {
        if (!Topics.isValidTopicToPublish(publish.getTopic())) {
            disconnectWithReasonCode(channelHandlerContext, "an invalid topic ('" + publish.getTopic() + "')", "an invalid topic");
            return;
        }
        if (!this.allowDollarTopics && Topics.isDollarTopic(publish.getTopic())) {
            disconnectWithReasonCode(channelHandlerContext, "a topic that starts with '$' ('" + publish.getTopic() + "')", "a topic that starts with '$'");
            return;
        }
        String clientId = ClientConnection.of(channelHandlerContext.channel()).getClientId();
        if (clientId == null) {
            this.incomingPublishService.processPublish(channelHandlerContext, publish, null);
            return;
        }
        if (!this.authorizers.areAuthorizersAvailable()) {
            this.incomingPublishService.processPublish(channelHandlerContext, publish, null);
            return;
        }
        Map<String, AuthorizerProvider> authorizerProviderMap = this.authorizers.getAuthorizerProviderMap();
        if (authorizerProviderMap.isEmpty()) {
            this.incomingPublishService.processPublish(channelHandlerContext, publish, null);
        } else {
            Futures.addCallback(executePublishAuthorizer(clientId, authorizerProviderMap, getClientAuthorizers(channelHandlerContext), new AuthorizerProviderInputImpl(channelHandlerContext.channel(), this.serverInformation, clientId), new PublishAuthorizerInputImpl(publish, channelHandlerContext.channel(), clientId), new PublishAuthorizerOutputImpl(this.asyncer), channelHandlerContext), new PublishAuthorizationProcessedTask(publish, channelHandlerContext, this.mqttServerDisconnector, this.incomingPublishService), MoreExecutors.directExecutor());
        }
    }

    @Override // com.hivemq.extensions.handler.PluginAuthorizerService
    public void authorizeWillPublish(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull CONNECT connect) {
        String clientId = ClientConnectionContext.of(channelHandlerContext.channel()).getClientId();
        if (clientId == null || !channelHandlerContext.channel().isActive()) {
            return;
        }
        if (!this.authorizers.areAuthorizersAvailable() || connect.getWillPublish() == null) {
            channelHandlerContext.pipeline().fireUserEventTriggered(new AuthorizeWillResultEvent(connect, new PublishAuthorizerResult(null, null, false)));
            return;
        }
        Map<String, AuthorizerProvider> authorizerProviderMap = this.authorizers.getAuthorizerProviderMap();
        if (authorizerProviderMap.isEmpty()) {
            channelHandlerContext.pipeline().fireUserEventTriggered(new AuthorizeWillResultEvent(connect, new PublishAuthorizerResult(null, null, false)));
        } else {
            Futures.addCallback(executePublishAuthorizer(clientId, authorizerProviderMap, getClientAuthorizers(channelHandlerContext), new AuthorizerProviderInputImpl(channelHandlerContext.channel(), this.serverInformation, clientId), new PublishAuthorizerInputImpl(connect.getWillPublish(), channelHandlerContext.channel(), clientId), new PublishAuthorizerOutputImpl(this.asyncer), channelHandlerContext), new WillPublishAuthorizationProcessedTask(connect, channelHandlerContext), MoreExecutors.directExecutor());
        }
    }

    @NotNull
    private SettableFuture<PublishAuthorizerOutputImpl> executePublishAuthorizer(@NotNull String str, @NotNull Map<String, AuthorizerProvider> map, @NotNull ClientAuthorizers clientAuthorizers, @NotNull AuthorizerProviderInput authorizerProviderInput, @NotNull PublishAuthorizerInputImpl publishAuthorizerInputImpl, @NotNull PublishAuthorizerOutputImpl publishAuthorizerOutputImpl, @NotNull ChannelHandlerContext channelHandlerContext) {
        SettableFuture<PublishAuthorizerOutputImpl> create = SettableFuture.create();
        PublishAuthorizerContext publishAuthorizerContext = new PublishAuthorizerContext(str, publishAuthorizerOutputImpl, create, map.size(), channelHandlerContext);
        for (Map.Entry<String, AuthorizerProvider> entry : map.entrySet()) {
            this.pluginTaskExecutorService.handlePluginInOutTaskExecution(publishAuthorizerContext, publishAuthorizerInputImpl, publishAuthorizerOutputImpl, new PublishAuthorizerTask(entry.getValue(), entry.getKey(), authorizerProviderInput, clientAuthorizers, channelHandlerContext));
        }
        return create;
    }

    @Override // com.hivemq.extensions.handler.PluginAuthorizerService
    public void authorizeSubscriptions(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull SUBSCRIBE subscribe) {
        String clientId = ClientConnectionContext.of(channelHandlerContext.channel()).getClientId();
        if (clientId == null || !channelHandlerContext.channel().isActive()) {
            return;
        }
        if (!this.authorizers.areAuthorizersAvailable()) {
            this.incomingSubscribeService.processSubscribe(channelHandlerContext, subscribe, false);
            return;
        }
        Map<String, AuthorizerProvider> authorizerProviderMap = this.authorizers.getAuthorizerProviderMap();
        if (authorizerProviderMap.isEmpty()) {
            this.incomingSubscribeService.processSubscribe(channelHandlerContext, subscribe, false);
            return;
        }
        ClientAuthorizers clientAuthorizers = getClientAuthorizers(channelHandlerContext);
        ArrayList arrayList = new ArrayList();
        AuthorizerProviderInputImpl authorizerProviderInputImpl = new AuthorizerProviderInputImpl(channelHandlerContext.channel(), this.serverInformation, clientId);
        UnmodifiableIterator it = subscribe.getTopics().iterator();
        while (it.hasNext()) {
            SubscriptionAuthorizerInputImpl subscriptionAuthorizerInputImpl = new SubscriptionAuthorizerInputImpl(UserPropertiesImpl.of(subscribe.getUserProperties().asList()), (Topic) it.next(), channelHandlerContext.channel(), clientId);
            SubscriptionAuthorizerOutputImpl subscriptionAuthorizerOutputImpl = new SubscriptionAuthorizerOutputImpl(this.asyncer);
            SettableFuture create = SettableFuture.create();
            arrayList.add(create);
            SubscriptionAuthorizerContext subscriptionAuthorizerContext = new SubscriptionAuthorizerContext(clientId, subscriptionAuthorizerOutputImpl, create, authorizerProviderMap.size());
            for (Map.Entry<String, AuthorizerProvider> entry : authorizerProviderMap.entrySet()) {
                this.pluginTaskExecutorService.handlePluginInOutTaskExecution(subscriptionAuthorizerContext, subscriptionAuthorizerInputImpl, subscriptionAuthorizerOutputImpl, new SubscriptionAuthorizerTask(entry.getValue(), entry.getKey(), authorizerProviderInputImpl, clientAuthorizers));
            }
        }
        Futures.whenAllComplete(arrayList).run(new AllTopicsProcessedTask(subscribe, arrayList, channelHandlerContext, this.mqttServerDisconnector, this.incomingSubscribeService), MoreExecutors.directExecutor());
    }

    @NotNull
    private ClientAuthorizers getClientAuthorizers(@NotNull ChannelHandlerContext channelHandlerContext) {
        ClientConnectionContext of = ClientConnectionContext.of(channelHandlerContext.channel());
        if (of.getExtensionClientAuthorizers() == null) {
            of.setExtensionClientAuthorizers(new ClientAuthorizersImpl(this.extensionPriorityComparator));
        }
        return of.getExtensionClientAuthorizers();
    }

    private void disconnectWithReasonCode(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull String str, @NotNull String str2) {
        if (channelHandlerContext.channel().isActive()) {
            String str3 = "Sent PUBLISH for " + str2;
            this.mqttServerDisconnector.disconnect(channelHandlerContext.channel(), "Client (IP: {}) sent PUBLISH for " + str + ". This is not allowed. Disconnecting client.", str3, Mqtt5DisconnectReasonCode.PROTOCOL_ERROR, str3);
            channelHandlerContext.close();
        }
    }
}
