package keywhiz.service.resources;

import com.google.common.collect.ImmutableList;
import com.google.inject.Inject;
import io.dropwizard.auth.Auth;
import io.dropwizard.jersey.params.LongParam;
import java.util.List;
import java.util.Optional;
import javax.validation.Valid;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import keywhiz.api.CreateSecretRequest;
import keywhiz.api.SecretDetailResponse;
import keywhiz.api.model.SanitizedSecret;
import keywhiz.api.model.Secret;
import keywhiz.api.model.VersionGenerator;
import keywhiz.auth.User;
import keywhiz.service.daos.AclDAO;
import keywhiz.service.daos.SecretController;
import keywhiz.service.daos.SecretSeriesDAO;
import keywhiz.service.exceptions.ConflictException;
import org.skife.jdbi.v2.exceptions.StatementException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json"})
@Path("/admin/secrets")
/* loaded from: input_file:keywhiz/service/resources/SecretsResource.class */
public class SecretsResource {
    private static final Logger logger = LoggerFactory.getLogger(SecretsResource.class);
    private final SecretController secretController;
    private final AclDAO aclDAO;
    private final SecretSeriesDAO secretSeriesDAO;

    @Inject
    public SecretsResource(SecretController secretController, AclDAO aclDAO, SecretSeriesDAO secretSeriesDAO) {
        this.secretController = secretController;
        this.aclDAO = aclDAO;
        this.secretSeriesDAO = secretSeriesDAO;
    }

    @GET
    public Response findSecrets(@Auth User user, @QueryParam("name") @DefaultValue("") String str, @QueryParam("version") @DefaultValue("") String str2) {
        return str.isEmpty() ? Response.ok().entity(listSecrets(user)).build() : Response.ok().entity(retrieveSecret(user, str, str2)).build();
    }

    protected List<SanitizedSecret> listSecrets(@Auth User user) {
        logger.info("User '{}' listing secrets.", user);
        return this.secretController.getSanitizedSecrets();
    }

    protected SanitizedSecret retrieveSecret(@Auth User user, String str, String str2) {
        logger.info("User '{}' retrieving secret name={} version={}.", new Object[]{user, str, str2});
        return sanitizedSecretFromNameAndVersion(str, str2);
    }

    @GET
    @Path("/versions")
    public List<String> getVersionsForSecretName(@Auth User user, @QueryParam("name") @DefaultValue("") String str) {
        if (str.isEmpty()) {
            throw new BadRequestException("Must supply secret name to find versions.");
        }
        return retrieveSecretVersions(user, str);
    }

    protected List<String> retrieveSecretVersions(User user, String str) {
        logger.info("User '{}' finding versions for secret '{}'.", user, str);
        return this.secretController.getVersionsForName(str);
    }

    @POST
    @Consumes({"application/json"})
    public Response createSecret(@Auth User user, @Valid CreateSecretRequest createSecretRequest) {
        Logger logger2 = logger;
        Object[] objArr = new Object[3];
        objArr[0] = user;
        objArr[1] = createSecretRequest.name;
        objArr[2] = createSecretRequest.withVersion ? "with" : "without";
        logger2.info("User '{}' creating secret '{}' {} versioning.", objArr);
        try {
            SecretController.SecretBuilder builder = this.secretController.builder(createSecretRequest.name, createSecretRequest.content, user.getName());
            if (createSecretRequest.description != null) {
                builder.withDescription(createSecretRequest.description);
            }
            if (createSecretRequest.metadata != null) {
                builder.withMetadata(createSecretRequest.metadata);
            }
            if (createSecretRequest.withVersion) {
                builder.withVersion(VersionGenerator.now().toHex());
            }
            Secret build = builder.build();
            return Response.created(UriBuilder.fromResource(SecretsResource.class).path("{secretId}").build(new Object[]{Long.valueOf(build.getId())})).entity(secretDetailResponseFromId(build.getId())).build();
        } catch (StatementException e) {
            logger.warn("Cannot create secret {}: {}", createSecretRequest.name, e);
            throw new ConflictException(String.format("Cannot create secret %s.", createSecretRequest.name));
        }
    }

    @GET
    @Path("{secretId}")
    public SecretDetailResponse retrieveSecret(@Auth User user, @PathParam("secretId") LongParam longParam) {
        logger.info("User '{}' retrieving secret id={}.", user, longParam);
        return secretDetailResponseFromId(((Long) longParam.get()).longValue());
    }

    @Path("{secretId}")
    @DELETE
    public Response deleteSecret(@Auth User user, @PathParam("secretId") LongParam longParam) {
        logger.info("User '{}' deleting secret id={}.", user, longParam);
        if (this.secretController.getSecretsById(((Long) longParam.get()).longValue()).isEmpty()) {
            throw new NotFoundException("Secret not found.");
        }
        this.secretSeriesDAO.deleteSecretSeriesById(((Long) longParam.get()).longValue());
        return Response.noContent().build();
    }

    private SecretDetailResponse secretDetailResponseFromId(long j) {
        List<Secret> secretsById = this.secretController.getSecretsById(j);
        if (secretsById.isEmpty()) {
            throw new NotFoundException("Secret not found.");
        }
        Secret secret = secretsById.get(0);
        return SecretDetailResponse.fromSecret(secret, ImmutableList.copyOf(this.aclDAO.getGroupsFor(secret)), ImmutableList.copyOf(this.aclDAO.getClientsFor(secret)));
    }

    private SanitizedSecret sanitizedSecretFromNameAndVersion(String str, String str2) {
        Optional<Secret> secretByNameAndVersion = this.secretController.getSecretByNameAndVersion(str, str2);
        if (secretByNameAndVersion.isPresent()) {
            return SanitizedSecret.fromSecret(secretByNameAndVersion.get());
        }
        throw new NotFoundException("Secret not found.");
    }
}
