package org.yamcs.web.rest;

import io.protostuff.Schema;
import java.util.Iterator;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yamcs.Processor;
import org.yamcs.YamcsException;
import org.yamcs.management.ManagementService;
import org.yamcs.protobuf.Rest;
import org.yamcs.protobuf.SchemaRest;
import org.yamcs.protobuf.SchemaYamcsManagement;
import org.yamcs.protobuf.YamcsManagement;
import org.yamcs.security.AuthenticationToken;
import org.yamcs.security.Privilege;
import org.yamcs.web.BadRequestException;
import org.yamcs.web.ForbiddenException;
import org.yamcs.web.HttpException;
import org.yamcs.yarch.rocksdb.TablespaceRepresenter;

/* loaded from: input_file:org/yamcs/web/rest/ClientRestHandler.class */
public class ClientRestHandler extends RestHandler {
    private static final Logger log = LoggerFactory.getLogger(ClientRestHandler.class);

    @Route(path = "/api/clients", method = {"GET"})
    public void listClients(RestRequest restRequest) throws HttpException {
        Set<YamcsManagement.ClientInfo> clientInfo = ManagementService.getInstance().getClientInfo();
        Rest.ListClientsResponse.Builder newBuilder = Rest.ListClientsResponse.newBuilder();
        Iterator<YamcsManagement.ClientInfo> it = clientInfo.iterator();
        while (it.hasNext()) {
            newBuilder.addClient(YamcsManagement.ClientInfo.newBuilder(it.next()).setState(YamcsManagement.ClientInfo.ClientState.CONNECTED));
        }
        completeOK(restRequest, newBuilder.build(), (Schema<Rest.ListClientsResponse>) SchemaRest.ListClientsResponse.WRITE);
    }

    @Route(path = "/api/clients/:id", method = {"GET"})
    public void getClient(RestRequest restRequest) throws HttpException {
        completeOK(restRequest, YamcsManagement.ClientInfo.newBuilder(verifyClient(restRequest, restRequest.getIntegerRouteParam(TablespaceRepresenter.K_ID))).setState(YamcsManagement.ClientInfo.ClientState.CONNECTED).build(), (Schema<YamcsManagement.ClientInfo>) SchemaYamcsManagement.ClientInfo.WRITE);
    }

    @Route(path = "/api/clients/:id", method = {"PATCH", "PUT", "POST"})
    public void patchClient(RestRequest restRequest) throws HttpException {
        YamcsManagement.ClientInfo verifyClient = verifyClient(restRequest, restRequest.getIntegerRouteParam(TablespaceRepresenter.K_ID));
        Rest.EditClientRequest build = restRequest.bodyAsMessage(SchemaRest.EditClientRequest.MERGE).build();
        String str = null;
        String clientInfo = verifyClient.getInstance();
        if (build.hasInstance()) {
            clientInfo = build.getInstance();
        }
        if (build.hasProcessor()) {
            str = build.getProcessor();
        }
        if (restRequest.hasQueryParameter("processor")) {
            str = restRequest.getQueryParameter("processor");
        }
        if (restRequest.hasQueryParameter("instance")) {
            clientInfo = restRequest.getQueryParameter("instance");
        }
        if (str == null) {
            completeOK(restRequest);
            return;
        }
        Processor processor = Processor.getInstance(clientInfo, str);
        if (processor == null) {
            throw new BadRequestException("Cannot switch user to non-existing processor '" + str + "' (instance: '" + clientInfo + "')");
        }
        verifyPermission(processor, verifyClient.getId(), restRequest.getAuthToken());
        ManagementService managementService = ManagementService.getInstance();
        YamcsManagement.ProcessorManagementRequest.Builder newBuilder = YamcsManagement.ProcessorManagementRequest.newBuilder();
        newBuilder.setInstance(clientInfo);
        newBuilder.setName(str);
        newBuilder.setOperation(YamcsManagement.ProcessorManagementRequest.Operation.CONNECT_TO_PROCESSOR);
        newBuilder.addClientId(verifyClient.getId());
        try {
            managementService.connectToProcessor(newBuilder.build());
            completeOK(restRequest);
        } catch (YamcsException e) {
            throw new BadRequestException(e.getMessage());
        }
    }

    private void verifyPermission(Processor processor, int i, AuthenticationToken authenticationToken) throws HttpException {
        String username = Privilege.getUsername(authenticationToken);
        if (Privilege.getInstance().hasPrivilege1(authenticationToken, Privilege.SystemPrivilege.MayControlProcessor)) {
            return;
        }
        if (!processor.isPersistent() && !processor.getCreator().equals(username)) {
            log.warn("User {} is not allowed to connect users to processor {}", username, processor.getName());
            throw new ForbiddenException("not allowed to connect clients other than yours");
        }
        YamcsManagement.ClientInfo clientInfo = ManagementService.getInstance().getClientInfo(i);
        if (clientInfo == null) {
            throw new BadRequestException("Invalid client id " + i);
        }
        if (clientInfo.getUsername().equals(username)) {
            return;
        }
        log.warn("User {} is not allowed to connect {} to new processor", username, clientInfo.getUsername());
        throw new ForbiddenException("Not allowed to connect other client than your own");
    }
}
