package keywhiz.service.resources.automation.v2;

import com.google.common.collect.Sets;
import io.dropwizard.auth.Auth;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import keywhiz.api.automation.v2.CreateSecretRequestV2;
import keywhiz.api.automation.v2.ModifyGroupsRequestV2;
import keywhiz.api.automation.v2.SecretDetailResponseV2;
import keywhiz.api.model.AutomationClient;
import keywhiz.api.model.Secret;
import keywhiz.api.model.SecretSeries;
import keywhiz.api.model.VersionGenerator;
import keywhiz.service.daos.AclDAO;
import keywhiz.service.daos.GroupDAO;
import keywhiz.service.daos.SecretController;
import keywhiz.service.daos.SecretDAO;
import keywhiz.service.daos.SecretSeriesDAO;
import keywhiz.service.exceptions.ConflictException;
import org.apache.commons.lang3.NotImplementedException;
import org.jooq.exception.DataAccessException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/automation/v2/secrets")
/* loaded from: input_file:keywhiz/service/resources/automation/v2/SecretResource.class */
public class SecretResource {
    private static final Logger logger = LoggerFactory.getLogger(SecretResource.class);
    private final SecretController secretController;
    private final AclDAO aclDAO;
    private final GroupDAO groupDAO;
    private final SecretDAO secretDAO;
    private final SecretSeriesDAO secretSeriesDAO;

    @Inject
    public SecretResource(SecretController secretController, AclDAO.AclDAOFactory aclDAOFactory, GroupDAO.GroupDAOFactory groupDAOFactory, SecretDAO.SecretDAOFactory secretDAOFactory, SecretSeriesDAO.SecretSeriesDAOFactory secretSeriesDAOFactory) {
        this.secretController = secretController;
        this.aclDAO = aclDAOFactory.readwrite();
        this.groupDAO = groupDAOFactory.readwrite();
        this.secretDAO = secretDAOFactory.readwrite();
        this.secretSeriesDAO = secretSeriesDAOFactory.readwrite();
    }

    @POST
    @Consumes({"application/json"})
    public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 createSecretRequestV2) {
        String name = createSecretRequestV2.name();
        SecretController.SecretBuilder withType = this.secretController.builder(name, createSecretRequestV2.content(), automationClient.getName()).withDescription(createSecretRequestV2.description()).withMetadata(createSecretRequestV2.metadata()).withType(createSecretRequestV2.type());
        if (createSecretRequestV2.versioned()) {
            withType.withVersion(VersionGenerator.now().toHex());
        }
        try {
            Secret build = withType.build();
            long id = build.getId();
            groupsToGroupIds(createSecretRequestV2.groups()).forEach(optional -> {
                optional.ifPresent(l -> {
                    this.aclDAO.findAndAllowAccess(id, l.longValue());
                });
            });
            UriBuilder path = UriBuilder.fromResource(SecretResource.class).path(name);
            if (createSecretRequestV2.versioned()) {
                path.path(build.getVersion());
            }
            return Response.created(path.build(new Object[0])).build();
        } catch (DataAccessException e) {
            logger.warn("Cannot create secret {}: {}", name, e);
            throw new ConflictException(String.format("Cannot create secret %s.", name));
        }
    }

    @GET
    @Produces({"application/json"})
    public Iterable<String> secretListing(@Auth AutomationClient automationClient) {
        return (Iterable) this.secretController.getSanitizedSecrets().stream().map((v0) -> {
            return v0.name();
        }).collect(Collectors.toSet());
    }

    @POST
    @Produces({"application/json"})
    @Path("{name}")
    public SecretDetailResponseV2 modifySecretSeries(@Auth AutomationClient automationClient, @PathParam("name") String str) {
        throw new NotImplementedException("Need to implement mutation methods in DAO for secret " + this.secretSeriesDAO.getSecretSeriesByName(str).orElseThrow(NotFoundException::new).name());
    }

    @GET
    @Produces({"application/json"})
    @Path("{name}")
    public SecretDetailResponseV2 secretInfo(@Auth AutomationClient automationClient, @PathParam("name") String str) {
        SecretSeries orElseThrow = this.secretSeriesDAO.getSecretSeriesByName(str).orElseThrow(NotFoundException::new);
        return SecretDetailResponseV2.builder().series(orElseThrow).versions(this.secretController.getVersionsForName(str)).build();
    }

    @GET
    @Path("{name}/groups")
    public Iterable<String> secretGroupsListing(@Auth AutomationClient automationClient, @PathParam("name") String str) {
        return (Iterable) this.aclDAO.getGroupsFor(this.secretController.getSecretByNameAndVersion(str, "").orElseThrow(NotFoundException::new)).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
    }

    @Path("{name}/groups")
    @Consumes({"application/json"})
    @Produces({"application/json"})
    @PUT
    public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String str, @Valid ModifyGroupsRequestV2 modifyGroupsRequestV2) {
        Secret orElseThrow = this.secretController.getSecretByNameAndVersion(str, "").orElseThrow(NotFoundException::new);
        long id = orElseThrow.getId();
        Set set = (Set) this.aclDAO.getGroupsFor(orElseThrow).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Sets.SetView difference = Sets.difference(modifyGroupsRequestV2.addGroups(), set);
        Sets.SetView intersection = Sets.intersection(modifyGroupsRequestV2.removeGroups(), set);
        groupsToGroupIds(difference).forEach(optional -> {
            optional.ifPresent(l -> {
                this.aclDAO.findAndAllowAccess(id, l.longValue());
            });
        });
        groupsToGroupIds(intersection).forEach(optional2 -> {
            optional2.ifPresent(l -> {
                this.aclDAO.findAndRevokeAccess(id, l.longValue());
            });
        });
        return (Iterable) this.aclDAO.getGroupsFor(orElseThrow).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
    }

    @GET
    @Produces({"application/json"})
    @Path("{name}/{version:.*}")
    public SecretDetailResponseV2 secretVersionInfo(@Auth AutomationClient automationClient, @PathParam("name") String str, @PathParam("version") String str2) {
        return SecretDetailResponseV2.builder().secret(this.secretController.getSecretByNameAndVersion(str, str2).orElseThrow(NotFoundException::new)).build();
    }

    @Path("{name}")
    @DELETE
    public Response deleteSecretSeries(@Auth AutomationClient automationClient, @PathParam("name") String str) {
        this.secretSeriesDAO.getSecretSeriesByName(str).orElseThrow(NotFoundException::new);
        this.secretDAO.deleteSecretsByName(str);
        return Response.noContent().build();
    }

    @Path("{name}/{version:.*}")
    @DELETE
    public Response deleteSecretVersion(@Auth AutomationClient automationClient, @PathParam("name") String str, @PathParam("version") String str2) {
        this.secretController.getSecretByNameAndVersion(str, str2).orElseThrow(NotFoundException::new);
        this.secretDAO.deleteSecretByNameAndVersion(str, str2);
        return Response.noContent().build();
    }

    private Stream<Optional<Long>> groupsToGroupIds(Set<String> set) {
        Stream<String> stream = set.stream();
        GroupDAO groupDAO = this.groupDAO;
        groupDAO.getClass();
        return stream.map(groupDAO::getGroup).map(optional -> {
            return optional.map((v0) -> {
                return v0.getId();
            });
        });
    }
}
