package keywhiz.generators;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.List;
import javax.ws.rs.BadRequestException;
import keywhiz.api.TemplatedSecretsGeneratorRequest;
import keywhiz.api.model.Secret;
import keywhiz.api.model.VersionGenerator;
import keywhiz.service.daos.SecretController;
import keywhiz.utility.SecretTemplateCompiler;
import org.skife.jdbi.v2.exceptions.StatementException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:keywhiz/generators/TemplatedSecretGenerator.class */
public class TemplatedSecretGenerator extends SecretGenerator<TemplatedSecretsGeneratorRequest> {
    private static final Logger logger = LoggerFactory.getLogger(TemplatedSecretGenerator.class);
    private final SecureRandom secureRandom;

    @Inject
    public TemplatedSecretGenerator(SecretController secretController, SecureRandom secureRandom) {
        super(secretController);
        this.secureRandom = secureRandom;
    }

    @Override // keywhiz.generators.SecretGenerator
    public List<Secret> generate(String str, TemplatedSecretsGeneratorRequest templatedSecretsGeneratorRequest) throws BadRequestException {
        String name = templatedSecretsGeneratorRequest.getName();
        try {
            String encodeToString = Base64.getEncoder().encodeToString(new SecretTemplateCompiler(this.secureRandom).compile(templatedSecretsGeneratorRequest.getTemplate()).getBytes(StandardCharsets.UTF_8));
            Logger logger2 = logger;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = templatedSecretsGeneratorRequest.getName();
            objArr[2] = templatedSecretsGeneratorRequest.isWithVersion() ? "with" : "without";
            logger2.info("User '{}' creating templated secret '{}' {} versioning.", objArr);
            SecretController.SecretBuilder withGenerationOptions = this.secretController.builder(name, encodeToString, str).withDescription((String) templatedSecretsGeneratorRequest.getDescription().orElse("")).withMetadata(templatedSecretsGeneratorRequest.getMetadata()).withType("templated").withGenerationOptions(ImmutableMap.of("template", templatedSecretsGeneratorRequest.getTemplate()));
            if (templatedSecretsGeneratorRequest.isWithVersion()) {
                withGenerationOptions.withVersion(VersionGenerator.now().toHex());
            }
            try {
                return ImmutableList.of(withGenerationOptions.build());
            } catch (StatementException e) {
                logger.warn("Cannot create secret {}: {}", name, e);
                throw new BadRequestException(String.format("Cannot create secret '%s'.", name));
            }
        } catch (IllegalArgumentException e2) {
            logger.warn("Cannot compile template {}: {}", templatedSecretsGeneratorRequest.getTemplate(), e2);
            throw new BadRequestException("Cannot compile secret template.");
        }
    }

    @Override // keywhiz.generators.SecretGenerator
    public Class<TemplatedSecretsGeneratorRequest> getRequestType() {
        return TemplatedSecretsGeneratorRequest.class;
    }
}
