package io.scalecube.configuration.operation;

import io.scalecube.configuration.Role;
import io.scalecube.configuration.api.AccessRequest;
import io.scalecube.configuration.api.BadRequest;
import io.scalecube.configuration.api.InvalidAuthenticationToken;
import io.scalecube.configuration.api.InvalidPermissionsException;
import io.scalecube.configuration.repository.Repository;
import io.scalecube.configuration.repository.RepositoryEntryKey;
import io.scalecube.configuration.tokens.InvalidAuthenticationException;
import io.scalecube.configuration.tokens.TokenVerifier;
import io.scalecube.security.Profile;
import java.util.Objects;

/* loaded from: input_file:io/scalecube/configuration/operation/ServiceOperation.class */
public abstract class ServiceOperation<I extends AccessRequest, O> {
    public static final String ROLE_CLAIM_NAME = "role";

    public O execute(I i, ServiceOperationContext serviceOperationContext) throws Throwable {
        validate(i);
        Profile verifyToken = verifyToken(serviceOperationContext.tokenVerifier(), i.token());
        validateProfile(verifyToken);
        authorize(getRole(verifyToken), serviceOperationContext);
        return process(i, verifyToken, serviceOperationContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(I i) throws Throwable {
        if (i == null) {
            throw new BadRequest("Request is a required argument");
        }
        if (i.token() == null || i.token().toString().length() == 0) {
            throw new BadRequest("Token is a required argument");
        }
    }

    private Profile verifyToken(TokenVerifier tokenVerifier, Object obj) throws InvalidAuthenticationException {
        Profile verify = tokenVerifier.verify(obj);
        if (verify == null) {
            throw new InvalidAuthenticationException();
        }
        return verify;
    }

    private void validateProfile(Profile profile) throws InvalidAuthenticationToken {
        if (profile == null) {
            throw new InvalidAuthenticationToken();
        }
        if (profile.getTenant() == null || profile.getTenant().length() == 0) {
            throw new InvalidAuthenticationToken("missing tenant");
        }
        if (profile.getClaims() == null) {
            throw new InvalidAuthenticationToken("missing claims");
        }
    }

    private void authorize(Role role, ServiceOperationContext serviceOperationContext) throws InvalidPermissionsException {
        serviceOperationContext.authorizationService().authorize(role, serviceOperationContext.operationType());
    }

    private Role getRole(Profile profile) throws InvalidAuthenticationToken {
        Objects.requireNonNull(profile, "profile");
        Objects.requireNonNull(profile.getClaims(), "profile.claims");
        Object obj = profile.getClaims().get(ROLE_CLAIM_NAME);
        if (obj == null || obj.toString().length() == 0) {
            throw new InvalidAuthenticationToken("Invalid role: " + obj);
        }
        return (Role) Enum.valueOf(Role.class, obj.toString());
    }

    protected abstract O process(I i, Profile profile, ServiceOperationContext serviceOperationContext);

    /* JADX INFO: Access modifiers changed from: protected */
    public static Repository repository(Profile profile, AccessRequest accessRequest) {
        return Repository.builder().namespace(profile.getTenant()).name(accessRequest.repository()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RepositoryEntryKey key(Profile profile, AccessRequest accessRequest, String str) {
        return RepositoryEntryKey.builder().repository(repository(profile, accessRequest)).key(str).build();
    }
}
