package io.camunda.zeebe.engine.processing.tenant;

import io.camunda.zeebe.engine.processing.distribution.CommandDistributionBehavior;
import io.camunda.zeebe.engine.processing.identity.AuthorizationCheckBehavior;
import io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.StateWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedRejectionWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedResponseWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.Writers;
import io.camunda.zeebe.engine.state.distribution.DistributionQueue;
import io.camunda.zeebe.engine.state.immutable.TenantState;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.intent.TenantIntent;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.stream.api.records.TypedRecord;
import io.camunda.zeebe.stream.api.state.KeyGenerator;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/tenant/TenantCreateProcessor.class */
public class TenantCreateProcessor implements DistributedTypedRecordProcessor<TenantRecord> {
    private final TenantState tenantState;
    private final AuthorizationCheckBehavior authCheckBehavior;
    private final KeyGenerator keyGenerator;
    private final StateWriter stateWriter;
    private final TypedRejectionWriter rejectionWriter;
    private final TypedResponseWriter responseWriter;
    private final CommandDistributionBehavior commandDistributionBehavior;

    public TenantCreateProcessor(TenantState tenantState, AuthorizationCheckBehavior authorizationCheckBehavior, KeyGenerator keyGenerator, Writers writers, CommandDistributionBehavior commandDistributionBehavior) {
        this.tenantState = tenantState;
        this.authCheckBehavior = authorizationCheckBehavior;
        this.keyGenerator = keyGenerator;
        this.stateWriter = writers.state();
        this.rejectionWriter = writers.rejection();
        this.responseWriter = writers.response();
        this.commandDistributionBehavior = commandDistributionBehavior;
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processNewCommand(TypedRecord<TenantRecord> typedRecord) {
        if (isAuthorizedToCreate(typedRecord)) {
            TenantRecord tenantRecord = (TenantRecord) typedRecord.getValue();
            if (tenantAlreadyExists(tenantRecord.getTenantId())) {
                rejectCommand(typedRecord, RejectionType.ALREADY_EXISTS, "Expected to create tenant with ID '%s', but a tenant with this ID already exists".formatted(tenantRecord.getTenantId()));
            } else {
                createTenant(typedRecord, tenantRecord);
                distributeCommand(typedRecord, tenantRecord);
            }
        }
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processDistributedCommand(TypedRecord<TenantRecord> typedRecord) {
        this.stateWriter.appendFollowUpEvent(typedRecord.getKey(), TenantIntent.CREATED, typedRecord.getValue());
        this.commandDistributionBehavior.acknowledgeCommand(typedRecord);
    }

    private boolean isAuthorizedToCreate(TypedRecord<TenantRecord> typedRecord) {
        AuthorizationCheckBehavior.AuthorizationRequest authorizationRequest = new AuthorizationCheckBehavior.AuthorizationRequest(typedRecord, AuthorizationResourceType.TENANT, PermissionType.CREATE);
        if (this.authCheckBehavior.isAuthorized(authorizationRequest)) {
            return true;
        }
        rejectCommandWithUnauthorizedError(typedRecord, authorizationRequest);
        return false;
    }

    private boolean tenantAlreadyExists(String str) {
        return this.tenantState.getTenantKeyById(str).isPresent();
    }

    private void createTenant(TypedRecord<TenantRecord> typedRecord, TenantRecord tenantRecord) {
        long nextKey = this.keyGenerator.nextKey();
        tenantRecord.setTenantKey(nextKey);
        this.stateWriter.appendFollowUpEvent(nextKey, TenantIntent.CREATED, tenantRecord);
        this.responseWriter.writeEventOnCommand(nextKey, TenantIntent.CREATED, tenantRecord, typedRecord);
    }

    private void distributeCommand(TypedRecord<TenantRecord> typedRecord, TenantRecord tenantRecord) {
        this.commandDistributionBehavior.withKey(tenantRecord.getTenantKey()).inQueue(DistributionQueue.IDENTITY.getQueueId()).distribute(typedRecord);
    }

    private void rejectCommandWithUnauthorizedError(TypedRecord<TenantRecord> typedRecord, AuthorizationCheckBehavior.AuthorizationRequest authorizationRequest) {
        rejectCommand(typedRecord, RejectionType.UNAUTHORIZED, AuthorizationCheckBehavior.UNAUTHORIZED_ERROR_MESSAGE.formatted(authorizationRequest.getPermissionType(), authorizationRequest.getResourceType()));
    }

    private void rejectCommand(TypedRecord<TenantRecord> typedRecord, RejectionType rejectionType, String str) {
        this.rejectionWriter.appendRejection(typedRecord, rejectionType, str);
        this.responseWriter.writeRejectionOnCommand(typedRecord, rejectionType, str);
    }
}
