package org.dataone.bookkeeper.resources;

import com.codahale.metrics.annotation.Timed;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.dropwizard.jackson.Jackson;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import javax.annotation.security.PermitAll;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xpath.XPath;
import org.dataone.bookkeeper.api.Customer;
import org.dataone.bookkeeper.api.Feature;
import org.dataone.bookkeeper.api.Order;
import org.dataone.bookkeeper.api.OrderItem;
import org.dataone.bookkeeper.api.OrderList;
import org.dataone.bookkeeper.api.Product;
import org.dataone.bookkeeper.api.Quota;
import org.dataone.bookkeeper.api.Subscription;
import org.dataone.bookkeeper.jdbi.CustomerStore;
import org.dataone.bookkeeper.jdbi.OrderStore;
import org.dataone.bookkeeper.jdbi.ProductStore;
import org.dataone.bookkeeper.jdbi.SubscriptionStore;
import org.dataone.bookkeeper.security.DataONEAuthHelper;
import org.jdbi.v3.core.Jdbi;

@Produces({MediaType.APPLICATION_JSON})
@Path("/orders")
@Timed
/* loaded from: input_file:org/dataone/bookkeeper/resources/OrdersResource.class */
public class OrdersResource extends BaseResource {
    private final OrderStore orderStore;
    private final ProductStore productStore;
    private final SubscriptionStore subscriptionStore;
    private final CustomerStore customerStore;
    private final DataONEAuthHelper dataoneAuthHelper;
    private Log log = LogFactory.getLog(OrdersResource.class);
    private final ObjectMapper mapper = Jackson.newObjectMapper();

    public OrdersResource(Jdbi jdbi, DataONEAuthHelper dataONEAuthHelper) {
        this.orderStore = (OrderStore) jdbi.onDemand(OrderStore.class);
        this.productStore = (ProductStore) jdbi.onDemand(ProductStore.class);
        this.subscriptionStore = (SubscriptionStore) jdbi.onDemand(SubscriptionStore.class);
        this.customerStore = (CustomerStore) jdbi.onDemand(CustomerStore.class);
        this.dataoneAuthHelper = dataONEAuthHelper;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @PermitAll
    @Timed
    @Produces({MediaType.APPLICATION_JSON})
    public OrderList listOrders(@Context SecurityContext securityContext, @QueryParam("start") @DefaultValue("0") Integer num, @QueryParam("count") @DefaultValue("1000") Integer num2, @QueryParam("subject") String str, @QueryParam("customerId") Integer num3) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        List arrayList = new ArrayList();
        try {
            if (num3 != null) {
                if (!isAdmin) {
                    if (!customer.getSubject().equals(this.customerStore.getCustomer(num3).getSubject())) {
                        throw new Exception("Customer doesn't have access to this record.");
                    }
                }
                arrayList = this.orderStore.findOrdersByCustomerId(num3);
            } else if (!str.isEmpty()) {
                if (!isAdmin) {
                    if (!customer.getSubject().equals(this.customerStore.getCustomer(num3).getSubject())) {
                        throw new Exception("Customer doesn't have access to this record.");
                    }
                }
                arrayList = this.orderStore.findOrdersBySubject(str);
            } else if (isAdmin) {
                arrayList = this.orderStore.listOrders();
            }
            return new OrderList(arrayList);
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't list orders: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @PermitAll
    @Timed
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    public Order create(@Context SecurityContext securityContext, @NotNull @Valid Order order) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        try {
            order.setStatus("created");
            order.setCreated(new Integer((int) Instant.now().getEpochSecond()));
            for (OrderItem orderItem : order.getItems()) {
                Product product = this.productStore.getProduct(orderItem.getParent());
                if (product == null) {
                    throw new WebApplicationException("Couldn't find parent product for order item.", Response.Status.NOT_FOUND);
                }
                if (orderItem.getType().equals("sku")) {
                    orderItem.setAmount(product.getAmount());
                }
                orderItem.setCurrency("USD");
                orderItem.setDescription(product.getStatementDescriptor());
            }
            order.setAmount(order.getTotalAmount());
            if (!isAdmin) {
                order.setCustomer(customer.getId());
            }
            return this.orderStore.getOrder(this.orderStore.insert(order));
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't insert the order: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @GET
    @PermitAll
    @Path("{orderId}")
    @Timed
    @Produces({MediaType.APPLICATION_JSON})
    public Order retrieve(@Context SecurityContext securityContext, @PathParam("orderId") @NotNull Integer num) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        try {
            Order order = this.orderStore.getOrder(num);
            if (isAdmin || order.getCustomer().equals(customer.getId())) {
                return order;
            }
            throw new Exception("Customer doesn't have access to this order.");
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't get the order: " + e.getMessage(), Response.Status.NOT_FOUND);
        }
    }

    @PermitAll
    @Path("{orderId}")
    @Timed
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Order update(@Context SecurityContext securityContext, @NotNull @Valid Order order) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        Order order2 = this.orderStore.getOrder(order.getId());
        if (order2 == null) {
            throw new WebApplicationException("Couldn't find the order with id " + order.getId(), Response.Status.NOT_FOUND);
        }
        if (!isAdmin && !order2.getCustomer().equals(customer.getId())) {
            throw new WebApplicationException("Customer doesn't have access to this order.", Response.Status.UNAUTHORIZED);
        }
        try {
            order.setCreated(order2.getCreated());
            order.setCurrency(order2.getCurrency());
            if (order2.getEmail() != null) {
                order.setEmail(order2.getEmail());
            }
            order.setCustomer(order2.getCustomer());
            if (order2.getStatusTransitions() != null) {
                order.setStatusTransitions(order2.getStatusTransitions());
            }
            order.setStatus("created");
            order.setUpdated(new Integer((int) Instant.now().getEpochSecond()));
            for (OrderItem orderItem : order.getItems()) {
                Product product = this.productStore.getProduct(orderItem.getParent());
                if (product == null) {
                    throw new WebApplicationException("Couldn't find parent product for order item.", Response.Status.NOT_FOUND);
                }
                if (orderItem.getType().equals("sku")) {
                    orderItem.setAmount(product.getAmount());
                }
                orderItem.setCurrency("USD");
                orderItem.setDescription(product.getStatementDescriptor());
            }
            order.setAmount(order.getTotalAmount());
            this.orderStore.update(order);
            return order;
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't update the order: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @PermitAll
    @Path("{orderId}/pay")
    @Timed
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Order pay(@Context SecurityContext securityContext, @NotNull @PathParam("orderId") Integer num) throws WebApplicationException {
        Integer num2 = new Integer((int) Instant.now().getEpochSecond());
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        Integer num3 = new Integer((int) Instant.ofEpochSecond(num2.intValue()).plus(this.dataoneAuthHelper.getConfiguration().getTrialDurationDays(), (TemporalUnit) ChronoUnit.DAYS).getEpochSecond());
        try {
            Order order = this.orderStore.getOrder(num);
            if (!isAdmin && !order.getCustomer().equals(customer.getId())) {
                throw new WebApplicationException("Customer doesn't have access to this order.", Response.Status.UNAUTHORIZED);
            }
            if (order == null) {
                throw new WebApplicationException("Couldn't find the order for order id " + num, Response.Status.NOT_FOUND);
            }
            List<OrderItem> items = order.getItems();
            Customer customer2 = this.customerStore.getCustomer(order.getCustomer());
            for (OrderItem orderItem : items) {
                if (orderItem.getType().equals("sku")) {
                    Product product = this.productStore.getProduct(orderItem.getParent());
                    Subscription subscription = new Subscription();
                    subscription.setObject("subscription");
                    subscription.setProduct(product);
                    subscription.setStatus("trialing");
                    subscription.setCanceledAt(null);
                    subscription.setCollectionMethod("send_invoice");
                    subscription.setCreated(num2);
                    subscription.setCustomerId(order.getCustomer());
                    subscription.setQuantity(orderItem.getQuantity());
                    subscription.setTrialStart(num2);
                    subscription.setTrialEnd(num3);
                    subscription.setStartDate(num3);
                    LinkedHashMap linkedHashMap = new LinkedHashMap();
                    Iterator<JsonNode> elements = product.getMetadata().get("features").elements();
                    while (elements.hasNext()) {
                        Quota quota = ((Feature) this.mapper.readValue(((ObjectNode) elements.next()).toString(), Feature.class)).getQuota();
                        if (quota != null) {
                            quota.setUsage(Double.valueOf(XPath.MATCH_SCORE_QNAME));
                            quota.setSubject(customer2.getSubject());
                            if (linkedHashMap.containsKey(quota.getQuotaType())) {
                                Quota quota2 = (Quota) linkedHashMap.get(quota.getQuotaType());
                                quota.setSoftLimit(Double.valueOf(quota2.getSoftLimit().doubleValue() + quota.getSoftLimit().doubleValue()));
                                quota.setHardLimit(Double.valueOf(quota2.getHardLimit().doubleValue() + quota.getHardLimit().doubleValue()));
                                linkedHashMap.put(quota.getQuotaType(), quota);
                            } else {
                                linkedHashMap.put(quota.getQuotaType(), quota);
                            }
                        }
                    }
                    this.subscriptionStore.insertWithQuotas(subscription, linkedHashMap.values());
                }
            }
            order.setUpdated(new Integer((int) Instant.now().getEpochSecond()));
            order.setStatus("paid");
            this.orderStore.update(order);
            return order;
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't pay the order: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @PermitAll
    @Path("{orderId}")
    @Timed
    @DELETE
    public Response delete(@Context SecurityContext securityContext, @PathParam("orderId") @Valid Integer num) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        if (!this.dataoneAuthHelper.isBookkeeperAdmin(customer.getSubject())) {
            throw new WebApplicationException("Bookkeeper admin privilege is required to delete an order, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
        }
        if (num == null) {
            throw new WebApplicationException("The orderId cannot be null.", Response.Status.BAD_REQUEST);
        }
        try {
            this.orderStore.delete(num);
            return Response.ok().build();
        } catch (Exception e) {
            this.log.error("Deleting the order with id " + num + " failed: " + e.getMessage());
            e.printStackTrace();
            throw e;
        }
    }
}
