package io.camunda.zeebe.engine.processing.tenant;

import io.camunda.zeebe.engine.processing.distribution.CommandDistributionBehavior;
import io.camunda.zeebe.engine.processing.identity.AuthorizationCheckBehavior;
import io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.StateWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedRejectionWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedResponseWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.Writers;
import io.camunda.zeebe.engine.state.distribution.DistributionQueue;
import io.camunda.zeebe.engine.state.immutable.TenantState;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.intent.TenantIntent;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.stream.api.records.TypedRecord;
import io.camunda.zeebe.stream.api.state.KeyGenerator;
import java.util.Optional;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/tenant/TenantUpdateProcessor.class */
public class TenantUpdateProcessor implements DistributedTypedRecordProcessor<TenantRecord> {
    private final TenantState tenantState;
    private final AuthorizationCheckBehavior authCheckBehavior;
    private final KeyGenerator keyGenerator;
    private final StateWriter stateWriter;
    private final TypedRejectionWriter rejectionWriter;
    private final TypedResponseWriter responseWriter;
    private final CommandDistributionBehavior commandDistributionBehavior;

    public TenantUpdateProcessor(TenantState tenantState, AuthorizationCheckBehavior authorizationCheckBehavior, KeyGenerator keyGenerator, Writers writers, CommandDistributionBehavior commandDistributionBehavior) {
        this.tenantState = tenantState;
        this.authCheckBehavior = authorizationCheckBehavior;
        this.keyGenerator = keyGenerator;
        this.stateWriter = writers.state();
        this.rejectionWriter = writers.rejection();
        this.responseWriter = writers.response();
        this.commandDistributionBehavior = commandDistributionBehavior;
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processNewCommand(TypedRecord<TenantRecord> typedRecord) {
        TenantRecord tenantRecord = (TenantRecord) typedRecord.getValue();
        long tenantKey = tenantRecord.getTenantKey();
        Optional<TenantRecord> tenantByKey = this.tenantState.getTenantByKey(tenantKey);
        if (tenantByKey.isEmpty()) {
            rejectCommand(typedRecord, RejectionType.NOT_FOUND, "Expected to update tenant with key '%s', but no tenant with this key exists.".formatted(Long.valueOf(tenantKey)));
            return;
        }
        if (isAuthorizedToUpdate(typedRecord, tenantByKey.get())) {
            if (tenantIdConflict(tenantRecord)) {
                rejectCommand(typedRecord, RejectionType.ALREADY_EXISTS, "Expected to update tenant with ID '%s', but a tenant with this ID already exists.".formatted(tenantRecord.getTenantId()));
            } else {
                updateExistingTenant(tenantByKey.get(), tenantRecord);
                updateStateAndDistribute(typedRecord, tenantByKey.get());
            }
        }
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processDistributedCommand(TypedRecord<TenantRecord> typedRecord) {
        this.stateWriter.appendFollowUpEvent(typedRecord.getValue().getTenantKey(), TenantIntent.UPDATED, typedRecord.getValue());
        this.commandDistributionBehavior.acknowledgeCommand(typedRecord);
    }

    private boolean isAuthorizedToUpdate(TypedRecord<TenantRecord> typedRecord, TenantRecord tenantRecord) {
        AuthorizationCheckBehavior.AuthorizationRequest addResourceId = new AuthorizationCheckBehavior.AuthorizationRequest(typedRecord, AuthorizationResourceType.TENANT, PermissionType.UPDATE).addResourceId(tenantRecord.getTenantId());
        if (this.authCheckBehavior.isAuthorized(addResourceId)) {
            return true;
        }
        rejectCommandWithUnauthorizedError(typedRecord, addResourceId, tenantRecord.getTenantId());
        return false;
    }

    private boolean tenantIdConflict(TenantRecord tenantRecord) {
        Optional<Long> tenantKeyById = this.tenantState.getTenantKeyById(tenantRecord.getTenantId());
        return tenantKeyById.isPresent() && !tenantKeyById.get().equals(Long.valueOf(tenantRecord.getTenantKey()));
    }

    private void updateExistingTenant(TenantRecord tenantRecord, TenantRecord tenantRecord2) {
        if (!tenantRecord2.getTenantId().isEmpty()) {
            tenantRecord.setTenantId(tenantRecord2.getTenantId());
        }
        if (tenantRecord2.getName().isEmpty()) {
            return;
        }
        tenantRecord.setName(tenantRecord2.getName());
    }

    private void updateStateAndDistribute(TypedRecord<TenantRecord> typedRecord, TenantRecord tenantRecord) {
        this.stateWriter.appendFollowUpEvent(tenantRecord.getTenantKey(), TenantIntent.UPDATED, tenantRecord);
        this.responseWriter.writeEventOnCommand(tenantRecord.getTenantKey(), TenantIntent.UPDATED, tenantRecord, typedRecord);
        distributeCommand(typedRecord);
    }

    private void distributeCommand(TypedRecord<TenantRecord> typedRecord) {
        this.commandDistributionBehavior.withKey(this.keyGenerator.nextKey()).inQueue(DistributionQueue.IDENTITY.getQueueId()).distribute(typedRecord);
    }

    private void rejectCommandWithUnauthorizedError(TypedRecord<TenantRecord> typedRecord, AuthorizationCheckBehavior.AuthorizationRequest authorizationRequest, String str) {
        rejectCommand(typedRecord, RejectionType.UNAUTHORIZED, AuthorizationCheckBehavior.UNAUTHORIZED_ERROR_MESSAGE_WITH_RESOURCE.formatted(authorizationRequest.getPermissionType(), authorizationRequest.getResourceType(), "tenant id '%s'".formatted(str)));
    }

    private void rejectCommand(TypedRecord<TenantRecord> typedRecord, RejectionType rejectionType, String str) {
        this.rejectionWriter.appendRejection(typedRecord, rejectionType, str);
        this.responseWriter.writeRejectionOnCommand(typedRecord, rejectionType, str);
    }
}
