package org.apache.hadoop.ozone.s3secret;

import java.io.IOException;
import javax.annotation.Nullable;
import javax.ws.rs.DELETE;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import org.apache.hadoop.ozone.audit.S3GAction;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@S3SecretEnabled
@Path("/secret")
/* loaded from: input_file:org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.class */
public class S3SecretManagementEndpoint extends S3SecretEndpointBase {
    private static final Logger LOG = LoggerFactory.getLogger(S3SecretManagementEndpoint.class);

    @PUT
    public Response generate() throws IOException {
        return generateInternal(null);
    }

    @Path("/{username}")
    @PUT
    public Response generate(@PathParam("username") String str) throws IOException {
        return generateInternal(str);
    }

    private Response generateInternal(@Nullable String str) throws IOException {
        S3SecretResponse s3SecretResponse = new S3SecretResponse();
        S3SecretValue generateS3Secret = generateS3Secret(str);
        s3SecretResponse.setAwsSecret(generateS3Secret.getAwsSecret());
        s3SecretResponse.setAwsAccessKey(generateS3Secret.getAwsAccessKey());
        AUDIT.logReadSuccess(buildAuditMessageForSuccess(S3GAction.GENERATE_SECRET, getAuditParameters()));
        return Response.ok(s3SecretResponse).build();
    }

    private S3SecretValue generateS3Secret(@Nullable String str) throws IOException {
        return getClient().getObjectStore().getS3Secret(str == null ? userNameFromRequest() : str);
    }

    @DELETE
    public Response revoke() throws IOException {
        return revokeInternal(null);
    }

    @Path("/{username}")
    @DELETE
    public Response revoke(@PathParam("username") String str) throws IOException {
        return revokeInternal(str);
    }

    private Response revokeInternal(@Nullable String str) throws IOException {
        try {
            revokeSecret(str);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(S3GAction.REVOKE_SECRET, getAuditParameters()));
            return Response.ok().build();
        } catch (OMException e) {
            AUDIT.logWriteFailure(buildAuditMessageForFailure(S3GAction.REVOKE_SECRET, getAuditParameters(), e));
            if (e.getResult() == OMException.ResultCodes.S3_SECRET_NOT_FOUND) {
                return Response.status(Response.Status.NOT_FOUND.getStatusCode(), OMException.ResultCodes.S3_SECRET_NOT_FOUND.toString()).build();
            }
            LOG.error("Can't execute revoke secret request: ", e);
            return Response.serverError().build();
        }
    }

    private void revokeSecret(@Nullable String str) throws IOException {
        getClient().getObjectStore().revokeS3Secret(str == null ? userNameFromRequest() : str);
    }
}
