package io.gravitee.am.management.service.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Strings;
import io.gravitee.am.management.service.DomainNotifierService;
import io.gravitee.am.management.service.EmailService;
import io.gravitee.am.management.service.impl.notifications.CertificateNotificationCondition;
import io.gravitee.am.management.service.impl.notifications.CertificateResendNotificationCondition;
import io.gravitee.am.management.service.impl.notifications.EmailNotifierConfiguration;
import io.gravitee.am.management.service.impl.notifications.ManagementUINotifierConfiguration;
import io.gravitee.am.management.service.impl.notifications.NotificationDefinitionUtils;
import io.gravitee.am.model.Certificate;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.Template;
import io.gravitee.am.model.User;
import io.gravitee.am.model.membership.MemberType;
import io.gravitee.am.model.permissions.DefaultRole;
import io.gravitee.am.model.permissions.SystemRole;
import io.gravitee.am.repository.management.api.search.MembershipCriteria;
import io.gravitee.am.service.DomainService;
import io.gravitee.am.service.EnvironmentService;
import io.gravitee.am.service.GroupService;
import io.gravitee.am.service.MembershipService;
import io.gravitee.am.service.OrganizationUserService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.exception.DomainNotFoundException;
import io.gravitee.node.api.notifier.NotificationDefinition;
import io.gravitee.node.api.notifier.NotifierService;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.io.IOException;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/impl/DomainNotifierServiceImpl.class */
public class DomainNotifierServiceImpl implements DomainNotifierService, InitializingBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(DomainNotifierServiceImpl.class);
    public static final String DEFAULT_CERTIFICATE_EXPIRY_THRESHOLDS = "20,15,10,5,1";

    @Value("${notifiers.email.enabled:false}")
    private boolean emailNotifierEnabled;

    @Value("${notifiers.ui.enabled:true}")
    private boolean uiNotifierEnabled;

    @Value("${services.certificate.cronExpression:0 0 5 * * *}")
    private String certificateCronExpression;
    private List<Integer> certificateExpiryThresholds;

    @Value("${services.certificate.enabled:true}")
    private boolean certificateNotificationEnabled = true;

    @Value("${notifiers.log.enabled:true}")
    private boolean isLogNotifierEnabled;

    @Autowired
    private Environment env;

    @Autowired
    private NotifierService notifierService;

    @Autowired
    private MembershipService membershipService;

    @Autowired
    private EnvironmentService environmentService;

    @Autowired
    private DomainService domainService;

    @Autowired
    private RoleService roleService;

    @Autowired
    private GroupService groupService;

    @Autowired
    private OrganizationUserService userService;

    @Autowired
    private EmailNotifierConfiguration emailConfiguration;

    @Autowired
    private EmailService emailService;

    @Autowired
    private ObjectMapper mapper;

    public void afterPropertiesSet() throws Exception {
        this.certificateExpiryThresholds = (List) List.of((Object[]) ((String) this.env.getProperty("services.certificate.expiryThresholds", String.class, DEFAULT_CERTIFICATE_EXPIRY_THRESHOLDS)).trim().split(",")).stream().map((v0) -> {
            return v0.trim();
        }).map(Integer::valueOf).sorted(Comparator.reverseOrder()).collect(Collectors.toList());
    }

    @Override // io.gravitee.am.management.service.DomainNotifierService
    public void registerCertificateExpiration(Certificate certificate) {
        if (this.certificateNotificationEnabled) {
            findDomain(certificate.getDomain()).flatMapPublisher(domain -> {
                return retrieveDomainOwners(domain).flatMap(user -> {
                    return Flowable.mergeArray(new Publisher[]{buildEmailNotificationDefinition(certificate, domain, user).toFlowable(), buildUINotificationDefinition(certificate, domain, user).toFlowable(), buildLogNotificationDefinition(certificate, domain).toFlowable()});
                });
            }).subscribe(notificationDefinition -> {
                this.notifierService.register(notificationDefinition, new CertificateNotificationCondition(this.certificateExpiryThresholds), new CertificateResendNotificationCondition(this.certificateExpiryThresholds));
            });
        }
    }

    @Override // io.gravitee.am.management.service.DomainNotifierService
    public void unregisterCertificateExpiration(String str, String str2) {
        if (this.certificateNotificationEnabled) {
            this.notifierService.unregisterAll(str2, "certificate");
        }
    }

    @Override // io.gravitee.am.management.service.DomainNotifierService
    public Completable deleteCertificateExpirationAcknowledgement(String str) {
        if (!this.certificateNotificationEnabled) {
            return Completable.complete();
        }
        LOGGER.debug("Remove All NotificationAcknowledge for the certificate {}", str);
        return this.notifierService.deleteAcknowledge(str, "certificate");
    }

    private Flowable<User> retrieveDomainOwners(Domain domain) {
        return findEnvironment(domain).flatMapPublisher(environment -> {
            return Maybe.concat(this.roleService.findSystemRole(SystemRole.DOMAIN_PRIMARY_OWNER, ReferenceType.DOMAIN), this.roleService.findDefaultRole(environment.getOrganizationId(), DefaultRole.DOMAIN_OWNER, ReferenceType.DOMAIN)).map((v0) -> {
                return v0.getId();
            }).flatMap(str -> {
                MembershipCriteria membershipCriteria = new MembershipCriteria();
                membershipCriteria.setRoleId(str);
                return this.membershipService.findByCriteria(ReferenceType.DOMAIN, domain.getId(), membershipCriteria);
            }).flatMap(membership -> {
                return membership.getMemberType() == MemberType.USER ? this.userService.findById(ReferenceType.ORGANIZATION, environment.getOrganizationId(), membership.getMemberId()).toFlowable() : readUsersFromAnOrganizationGroup(environment.getOrganizationId(), membership.getMemberId(), 0, 10);
            });
        });
    }

    private Single<io.gravitee.am.model.Environment> findEnvironment(Domain domain) {
        return this.environmentService.findById(domain.getReferenceId());
    }

    private Single<Domain> findDomain(String str) {
        return this.domainService.findById(str).switchIfEmpty(Single.error(new DomainNotFoundException(str)));
    }

    private Flowable<User> readUsersFromAnOrganizationGroup(String str, String str2, int i, int i2) {
        return this.groupService.findMembers(ReferenceType.ORGANIZATION, str, str2, i, i2).flatMapPublisher(page -> {
            return page.getTotalCount() == 0 ? Flowable.empty() : page.getData().size() < 10 ? Flowable.fromIterable(page.getData()) : Flowable.concat(Flowable.fromIterable(page.getData()), readUsersFromAnOrganizationGroup(str, str2, i + 1, i2));
        });
    }

    private Maybe<NotificationDefinition> buildEmailNotificationDefinition(Certificate certificate, Domain domain, User user) {
        if (!this.emailNotifierEnabled || Strings.isNullOrEmpty(user.getEmail())) {
            LOGGER.debug("Ignore email notification for certificate {}, email is disabled or email address is missing", certificate.getId());
            return Maybe.empty();
        }
        Map<String, Object> build = new NotificationDefinitionUtils.ParametersBuilder().withDomain(domain).withUser(user).withCertificate(certificate).build();
        return this.emailService.getFinalEmail(domain, null, Template.CERTIFICATE_EXPIRATION, user, build).map(email -> {
            EmailNotifierConfiguration emailNotifierConfiguration = new EmailNotifierConfiguration(this.emailConfiguration);
            emailNotifierConfiguration.setSubject(email.getSubject());
            emailNotifierConfiguration.setBody(email.getContent());
            emailNotifierConfiguration.setTo(user.getEmail());
            NotificationDefinition notificationDefinition = new NotificationDefinition();
            notificationDefinition.setType(NotificationDefinitionUtils.TYPE_EMAIL_NOTIFIER);
            notificationDefinition.setConfiguration(this.mapper.writeValueAsString(emailNotifierConfiguration));
            notificationDefinition.setResourceId(certificate.getId());
            notificationDefinition.setResourceType("certificate");
            notificationDefinition.setAudienceId(user.getId());
            notificationDefinition.setCron(this.certificateCronExpression);
            notificationDefinition.setData(build);
            return notificationDefinition;
        });
    }

    private Maybe<NotificationDefinition> buildUINotificationDefinition(Certificate certificate, Domain domain, User user) {
        if (this.uiNotifierEnabled) {
            try {
                Map<String, Object> build = new NotificationDefinitionUtils.ParametersBuilder().withDomain(domain).withUser(user).withCertificate(certificate).build();
                ManagementUINotifierConfiguration managementUINotifierConfiguration = new ManagementUINotifierConfiguration();
                managementUINotifierConfiguration.setTemplate(ManagementUINotifierConfiguration.CERTIFICATE_EXPIRY_TPL);
                NotificationDefinition notificationDefinition = new NotificationDefinition();
                notificationDefinition.setType(NotificationDefinitionUtils.TYPE_UI_NOTIFIER);
                notificationDefinition.setConfiguration(this.mapper.writeValueAsString(managementUINotifierConfiguration));
                notificationDefinition.setResourceId(certificate.getId());
                notificationDefinition.setResourceType("certificate");
                notificationDefinition.setAudienceId(user.getId());
                notificationDefinition.setCron(this.certificateCronExpression);
                notificationDefinition.setData(build);
                return Maybe.just(notificationDefinition);
            } catch (IOException e) {
                LOGGER.warn("Unable to generate ui configuration for certificate expiration", e);
            }
        } else {
            LOGGER.debug("Ignore email notification for certificate {}, email is disabled or email address is missing", certificate.getId());
        }
        return Maybe.empty();
    }

    private Maybe<NotificationDefinition> buildLogNotificationDefinition(Certificate certificate, Domain domain) {
        if (!this.isLogNotifierEnabled) {
            LOGGER.debug("Ignoring log notification for certificate {}, log notification is disabled.", certificate.getId());
            return Maybe.empty();
        }
        Map<String, Object> build = new NotificationDefinitionUtils.ParametersBuilder().withDomain(domain).withCertificate(certificate).build();
        NotificationDefinition notificationDefinition = new NotificationDefinition();
        notificationDefinition.setType(NotificationDefinitionUtils.TYPE_LOG_NOTIFIER);
        notificationDefinition.setResourceId(certificate.getId());
        notificationDefinition.setResourceType("certificate");
        notificationDefinition.setCron(this.certificateCronExpression);
        notificationDefinition.setData(build);
        return Maybe.just(notificationDefinition);
    }
}
