package com.dynfi.services;

import com.dynfi.security.PermissionKeys;
import com.dynfi.services.dto.OpnRuleId;
import com.dynfi.services.dto.RichConfig;
import com.dynfi.services.dto.RichRules;
import com.dynfi.services.dto.RulesDto;
import com.dynfi.services.dto.RulesStatesDto;
import com.dynfi.storage.entities.Device;
import com.dynfi.storage.entities.RestrictedRules;
import com.dynfi.storage.entities.Rules;
import com.dynfi.tasks.TaskFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Streams;
import dev.morphia.Datastore;
import dev.morphia.query.FindOptions;
import dev.morphia.query.Sort;
import dev.morphia.query.filters.Filters;
import io.crnk.core.engine.internal.jackson.ErrorDataSerializer;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/dynfi/services/RulesServiceImpl.class */
public class RulesServiceImpl implements RulesService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) RulesServiceImpl.class);
    private final DeviceTaskService deviceTaskService;
    private final UserService userService;
    private final ConfigService configService;
    private final DeviceContactService deviceContactService;
    private final TaskFactory taskFactory;
    private final Datastore datastore;
    private final ConcurrentHashMap<UUID, RichRules> richRulesCache = new ConcurrentHashMap<>();
    private Instant nextCacheClearing = Instant.now().plus(2L, (TemporalUnit) ChronoUnit.HOURS);

    @Inject
    public RulesServiceImpl(Datastore datastore, DeviceTaskService deviceTaskService, UserService userService, ConfigService configService, DeviceContactService deviceContactService, TaskFactory taskFactory) {
        this.datastore = datastore;
        this.deviceTaskService = deviceTaskService;
        this.userService = userService;
        this.configService = configService;
        this.deviceContactService = deviceContactService;
        this.taskFactory = taskFactory;
    }

    @Override // com.dynfi.services.RulesService
    public boolean requestRulesCheck(UUID uuid) {
        return this.deviceTaskService.putTaskIfNotAlreadyQueued(this.taskFactory.createUpdateRulesTask(uuid));
    }

    @Override // com.dynfi.services.RulesService
    public void save(Rules rules) {
        this.datastore.save((Datastore) rules);
        try {
            this.richRulesCache.put(rules.getDevice().getId(), RichRules.apply(rules));
        } catch (Exception e) {
            logger.error("Unable to parse rules for cache.", (Throwable) e);
            this.richRulesCache.remove(rules.getDevice().getId());
        }
    }

    @Override // com.dynfi.services.RulesService
    public RulesDto getRules(UUID uuid) {
        RichRules latestRichRules = getLatestRichRules(uuid);
        if (latestRichRules.contentMd5() == null) {
            return new RulesDto(Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList());
        }
        RichConfig latestRichConfigForDevice = this.configService.getLatestRichConfigForDevice(uuid);
        Set<String> restrictedRules = getRestrictedRules(uuid);
        boolean userHasPermission = this.userService.userHasPermission(this.userService.getCurrentUser(), PermissionKeys.RULES__READ_RESTRICTED);
        return new RulesDto((Collection) Stream.concat(latestRichRules.rules().stream(), ((Collection) latestRichConfigForDevice.rules().stream().map(rule -> {
            return rule.setId(latestRichRules.opnUuidsToIds().getOrDefault(rule.uuid(), new OpnRuleId(rule.uuid(), rule.id(), "")).label());
        }).collect(Collectors.toList())).stream()).map(rule2 -> {
            return (restrictedRules.contains(rule2.id()) || restrictedRules.contains(rule2.uuid())) ? rule2.restrictRule() : rule2;
        }).filter(rule3 -> {
            return (rule3.restricted() && userHasPermission) || !rule3.restricted();
        }).collect(Collectors.toList()), latestRichConfigForDevice.interfaces(), latestRichRules.gateways(), latestRichConfigForDevice.schedules());
    }

    @Override // com.dynfi.services.RulesService
    public Rules getLatestRules(UUID uuid) {
        return (Rules) this.datastore.find(Rules.class).filter(Filters.eq("device", uuid)).first(new FindOptions().sort(Sort.descending("createdAt")));
    }

    @Override // com.dynfi.services.RulesService
    public RichRules getLatestRichRules(UUID uuid) {
        RichRules richRules = this.richRulesCache.get(uuid);
        clearCacheIfNeeded();
        if (noCacheEntry(richRules)) {
            RichRules apply = RichRules.apply(getLatestRules(uuid));
            this.richRulesCache.put(uuid, apply);
            richRules = apply;
        }
        return richRules;
    }

    @Override // com.dynfi.services.RulesService
    public void restrictRules(UUID uuid, Set<String> set) {
        RestrictedRules restrictedRules = (RestrictedRules) this.datastore.find(RestrictedRules.class).filter(Filters.eq("device", uuid)).first();
        if (restrictedRules != null) {
            restrictedRules.setRuleIds(set, this.userService.getCurrentUser());
        } else {
            restrictedRules = new RestrictedRules((Device) this.datastore.find(Device.class).filter(Filters.eq(ErrorDataSerializer.ID, uuid)).first(), set, this.userService.getCurrentUser());
        }
        this.datastore.save((Datastore) restrictedRules);
    }

    @Override // com.dynfi.services.RulesService
    public Set<String> getRestrictedRules(UUID uuid) {
        RestrictedRules restrictedRules = (RestrictedRules) this.datastore.find(RestrictedRules.class).filter(Filters.eq("device", uuid)).first();
        return restrictedRules != null ? restrictedRules.getRuleIds() : new HashSet();
    }

    @Override // com.dynfi.services.RulesService
    public RulesStatesDto getRulesStates(UUID uuid) {
        return new RulesStatesDto(parseRuleStates(this.deviceContactService.getRuleStatesJson(uuid)));
    }

    private static Map<String, RulesStatesDto.RuleState> parseRuleStates(String str) {
        try {
            JsonNode readTree = new ObjectMapper().readTree(str);
            return readTree.isArray() ? parsePfSenseRuleStates(readTree) : parseOpnsenseRuleStates(readTree);
        } catch (JsonProcessingException e) {
            logger.error("Unable to parse rule states.", (Throwable) e);
            return new HashMap();
        }
    }

    private static Map<String, RulesStatesDto.RuleState> parseOpnsenseRuleStates(JsonNode jsonNode) {
        HashMap hashMap = new HashMap();
        jsonNode.fields().forEachRemaining(entry -> {
            String str = (String) entry.getKey();
            JsonNode jsonNode2 = (JsonNode) entry.getValue();
            hashMap.put(str, new RulesStatesDto.RuleState(str, Long.valueOf(jsonNode2.get("evaluations").asLong()), Long.valueOf(jsonNode2.get("packets").asLong()), Long.valueOf(jsonNode2.get("bytes").asLong()), Long.valueOf(jsonNode2.get("states").asLong())));
        });
        return hashMap;
    }

    private static Map<String, RulesStatesDto.RuleState> parsePfSenseRuleStates(JsonNode jsonNode) {
        HashMap hashMap = new HashMap();
        Iterator<JsonNode> it = jsonNode.iterator();
        while (it.hasNext()) {
            JsonNode next = it.next();
            String asText = next.get("tracker").asText();
            Iterator it2 = Map.of("10\\d\\d\\d", "10000-10999", "11\\d\\d\\d", "11000-11999", "12\\d\\d\\d", "12000-12999").entrySet().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) it2.next();
                if (asText.matches((String) entry.getKey())) {
                    asText = (String) entry.getValue();
                    break;
                }
            }
            RulesStatesDto.RuleState ruleState = (RulesStatesDto.RuleState) hashMap.get(asText);
            hashMap.put(asText, ruleState != null ? new RulesStatesDto.RuleState(asText, Long.valueOf(next.get("evaluations").asLong() + ruleState.getEvaluations().longValue()), Long.valueOf(next.get("packets").asLong() + ruleState.getPackets().longValue()), Long.valueOf(next.get("bytes").asLong() + ruleState.getBytes().longValue()), Long.valueOf(next.get("states").asLong() + ruleState.getStates().longValue())) : new RulesStatesDto.RuleState(asText, Long.valueOf(next.get("evaluations").asLong()), Long.valueOf(next.get("packets").asLong()), Long.valueOf(next.get("bytes").asLong()), Long.valueOf(next.get("states").asLong())));
        }
        return hashMap;
    }

    private boolean noCacheEntry(RichRules richRules) {
        return richRules == null;
    }

    private void clearCacheIfNeeded() {
        if (this.nextCacheClearing.isBefore(Instant.now())) {
            this.nextCacheClearing = Instant.now().plus(2L, (TemporalUnit) ChronoUnit.HOURS);
            this.richRulesCache.keySet().retainAll((Set) Streams.stream(this.datastore.find(Device.class).iterator(new FindOptions().projection().include(ErrorDataSerializer.ID))).map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
        }
    }
}
