package io.scalecube.organization.operation;

import io.scalecube.account.api.ApiKey;
import io.scalecube.account.api.GetOrganizationResponse;
import io.scalecube.account.api.InvalidAuthenticationToken;
import io.scalecube.account.api.NotAnOrganizationMemberException;
import io.scalecube.account.api.OrganizationInfo;
import io.scalecube.account.api.OrganizationNotFoundException;
import io.scalecube.account.api.Role;
import io.scalecube.account.api.ServiceOperationException;
import io.scalecube.account.api.Token;
import io.scalecube.organization.domain.Organization;
import io.scalecube.organization.repository.OrganizationsRepository;
import io.scalecube.organization.repository.exception.AccessPermissionException;
import io.scalecube.organization.repository.exception.EntityNotFoundException;
import io.scalecube.organization.tokens.TokenVerifier;
import io.scalecube.security.api.Profile;
import java.util.Objects;
import java.util.function.Predicate;

/* loaded from: input_file:io/scalecube/organization/operation/ServiceOperation.class */
public abstract class ServiceOperation<I, O> {
    private final TokenVerifier tokenVerifier;
    private final OrganizationsRepository repository;

    /* JADX INFO: Access modifiers changed from: protected */
    public ServiceOperation(TokenVerifier tokenVerifier, OrganizationsRepository organizationsRepository) {
        this.tokenVerifier = tokenVerifier;
        this.repository = organizationsRepository;
    }

    public O execute(I i) throws ServiceOperationException {
        Objects.requireNonNull(this.repository, "repository");
        Objects.requireNonNull(i, "request is a required argument");
        try {
            OperationServiceContext operationServiceContext = new OperationServiceContext(verifyToken(getToken(i)), this.repository);
            validate(i, operationServiceContext);
            return process(i, operationServiceContext);
        } catch (Throwable th) {
            throw new ServiceOperationException(i.toString(), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(I i, OperationServiceContext operationServiceContext) throws Throwable {
    }

    protected abstract Token getToken(I i);

    private Profile verifyToken(Token token) throws Throwable {
        Objects.requireNonNull(this.tokenVerifier, "tokenVerifier");
        Objects.requireNonNull(token, "token");
        requireNonNullOrEmpty(token.token(), "token");
        Profile verify = this.tokenVerifier.verify(token);
        if (verify == null) {
            throw new InvalidAuthenticationToken();
        }
        return verify;
    }

    protected abstract O process(I i, OperationServiceContext operationServiceContext) throws Throwable;

    /* JADX INFO: Access modifiers changed from: protected */
    public Organization getOrganization(String str) throws OrganizationNotFoundException {
        Objects.requireNonNull(this.repository, "repository");
        try {
            return this.repository.findById(str).orElseThrow(() -> {
                return new OrganizationNotFoundException(str);
            });
        } catch (EntityNotFoundException e) {
            throw new OrganizationNotFoundException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GetOrganizationResponse getOrganizationResponse(Organization organization, Predicate<ApiKey> predicate) {
        return new GetOrganizationResponse(organizationInfo(organization, predicate));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OrganizationInfo.Builder organizationInfo(Organization organization, Predicate<ApiKey> predicate) {
        return OrganizationInfo.builder().id(organization.id()).name(organization.name()).apiKeys((ApiKey[]) organization.apiKeys().stream().filter(predicate).toArray(i -> {
            return new ApiKey[i];
        })).email(organization.email());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void requireNonNullOrEmpty(Object obj, String str) {
        Objects.requireNonNull(obj, str);
        if (obj.toString().length() == 0) {
            throw new IllegalArgumentException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkMemberAccess(Organization organization, Profile profile) throws AccessPermissionException, EntityNotFoundException {
        if (!isOwner(organization, profile) && !organization.isMember(profile.userId())) {
            throw new AccessPermissionException(String.format("user: '%s', name: '%s', is not a member of organization: '%s'", profile.name(), profile.userId(), organization.id()));
        }
    }

    protected boolean isOwner(Organization organization, Profile profile) throws EntityNotFoundException {
        return isInRole(profile.userId(), organization, Role.Owner);
    }

    protected boolean isLastOwner(Organization organization, String str) throws EntityNotFoundException {
        return organization.members().stream().filter(organizationMember -> {
            return !organizationMember.id().equals(str);
        }).noneMatch(organizationMember2 -> {
            return Role.Owner.name().equals(organizationMember2.role());
        });
    }

    protected boolean isSuperUser(Organization organization, Profile profile) throws EntityNotFoundException {
        return isOwner(organization, profile) || isInRole(profile.userId(), organization, Role.Admin);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Role getRole(String str, Organization organization) {
        return (Role) organization.members().stream().filter(organizationMember -> {
            return Objects.equals(organizationMember.id(), str);
        }).map(organizationMember2 -> {
            return Role.valueOf(organizationMember2.role());
        }).findFirst().orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Role toRole(String str) {
        try {
            return Role.valueOf(str);
        } catch (Throwable th) {
            throw new IllegalArgumentException("Unknown role: " + str);
        }
    }

    protected boolean isInRole(String str, Organization organization, Role role) throws EntityNotFoundException {
        return organization.members().stream().anyMatch(organizationMember -> {
            return Objects.equals(organizationMember.id(), str) && Objects.equals(organizationMember.role(), role.toString());
        });
    }

    protected static void throwNotOrgOwnerException(Profile profile, Organization organization) throws AccessPermissionException {
        throw new AccessPermissionException(String.format("user: '%s', name: '%s', is not in role Owner of organization: '%s'", profile.name(), profile.userId(), organization.name()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkOwnerAccess(Organization organization, Profile profile) throws AccessPermissionException, EntityNotFoundException {
        if (isOwner(organization, profile)) {
            return;
        }
        throwNotOrgOwnerException(profile, organization);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSuperUserAccess(Organization organization, Profile profile) throws AccessPermissionException, EntityNotFoundException {
        if (!isSuperUser(organization, profile)) {
            throw new AccessPermissionException(String.format("user: '%s', name: '%s', not in role Owner or Admin of organization: '%s'", profile.userId(), profile.name(), organization.name()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkLastOwner(String str, Organization organization) throws EntityNotFoundException {
        if (isLastOwner(organization, str)) {
            throw new IllegalStateException(String.format("At least one Owner should be persisted in the organization: '%s'", organization.id()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkIsMember(String str, Organization organization) throws NotAnOrganizationMemberException {
        if (!organization.isMember(str)) {
            throw new NotAnOrganizationMemberException(String.format("user: %s is not a member of organization: %s", str, organization.id()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Predicate<ApiKey> apiKeyFilterBy(Role role) {
        return apiKey -> {
            try {
                String str = (String) apiKey.claims().get("role");
                if (str != null) {
                    return role.isEqualsOrHigherThan(Role.valueOf(str));
                }
                return false;
            } catch (Exception e) {
                return false;
            }
        };
    }
}
