package io.confluent.rbacapi.resources.v2;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.confluent.cloud.lifecycle.CloudLifecycleService;
import io.confluent.cloud.rbac.CloudRoleBinding;
import io.confluent.crn.ConfluentCloudCrnAuthority;
import io.confluent.crn.CrnSyntaxException;
import io.confluent.rbacapi.authorizer.SecurityMetadataAuthorizer;
import io.confluent.rbacapi.entities.DuplicateRequest;
import io.confluent.rbacapi.entities.ScopeUndeleteRequest;
import io.confluent.rbacapi.entities.UserUndeleteRequest;
import io.confluent.rbacapi.validation.common.ValidOrganizationId;
import io.confluent.rbacapi.validation.common.ValidTransactionId;
import io.confluent.rbacapi.validation.v2.V2ValidDuplicateRequest;
import io.confluent.rbacapi.validation.v2.V2ValidScope;
import io.confluent.rbacapi.validation.v2.V2ValidScopeUndeleteRequest;
import io.confluent.rbacapi.validation.v2.V2ValidUserUndeleteRequest;
import io.confluent.rest.annotations.PerformanceMetric;
import io.confluent.security.authorizer.Scope;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

@Path("/v2alpha1/cloudlifecycle")
/* loaded from: input_file:io/confluent/rbacapi/resources/v2/CloudLifecycleResource.class */
public class CloudLifecycleResource {
    private final SecurityMetadataAuthorizer metadataAuthorizer;
    private final CloudLifecycleService cloudLifecycleService;
    private final ConfluentCloudCrnAuthority crnAuthority;
    private final ObjectMapper objectMapper;

    /* loaded from: input_file:io/confluent/rbacapi/resources/v2/CloudLifecycleResource$DeleteAllRoleBindingsForScopeReason.class */
    static class DeleteAllRoleBindingsForScopeReason {

        @JsonProperty
        final String endpoint = "deleteAllRoleBindingsForScope";

        @JsonProperty
        final String id = UUID.randomUUID().toString();

        @JsonProperty
        final String transactionId;

        @JsonProperty
        final String deletionScope;

        @JsonCreator
        DeleteAllRoleBindingsForScopeReason(String str, String str2) {
            this.transactionId = str;
            this.deletionScope = str2;
        }
    }

    /* loaded from: input_file:io/confluent/rbacapi/resources/v2/CloudLifecycleResource$DuplicateRolesForOrgReason.class */
    static class DuplicateRolesForOrgReason {

        @JsonProperty
        final String endpoint = "duplicateRolesForOrg";

        @JsonProperty
        final String id = UUID.randomUUID().toString();

        @JsonProperty
        final String transactionId;

        @JsonProperty
        final String sourceOrganization;

        @JsonProperty
        final String destinationOrganization;

        @JsonCreator
        DuplicateRolesForOrgReason(String str, String str2, String str3) {
            this.transactionId = str;
            this.sourceOrganization = str2;
            this.destinationOrganization = str3;
        }
    }

    /* loaded from: input_file:io/confluent/rbacapi/resources/v2/CloudLifecycleResource$UndeleteRoleBindingsForScopeReason.class */
    static class UndeleteRoleBindingsForScopeReason {

        @JsonProperty
        final String endpoint = "undeleteAllRoleBindingsForScope";

        @JsonProperty
        final String id = UUID.randomUUID().toString();

        @JsonProperty
        final String deletionScope;

        @JsonCreator
        UndeleteRoleBindingsForScopeReason(String str) {
            this.deletionScope = str;
        }
    }

    /* loaded from: input_file:io/confluent/rbacapi/resources/v2/CloudLifecycleResource$UndeleteRoleBindingsForUserReason.class */
    static class UndeleteRoleBindingsForUserReason {

        @JsonProperty
        final String endpoint = "undeleteAllRoleBindingsForUser";

        @JsonProperty
        final String id = UUID.randomUUID().toString();

        @JsonProperty
        final String deletionOrg;

        @JsonCreator
        UndeleteRoleBindingsForUserReason(String str) {
            this.deletionOrg = str;
        }
    }

    public CloudLifecycleResource(SecurityMetadataAuthorizer securityMetadataAuthorizer, CloudLifecycleService cloudLifecycleService, ConfluentCloudCrnAuthority confluentCloudCrnAuthority, ObjectMapper objectMapper) {
        this.metadataAuthorizer = securityMetadataAuthorizer;
        this.cloudLifecycleService = cloudLifecycleService;
        this.crnAuthority = confluentCloudCrnAuthority;
        this.objectMapper = objectMapper;
    }

    @Path("rolebindings")
    @Consumes({"application/json"})
    @DELETE
    @PerformanceMetric("v2.delete.all.rolebindings.for.scope")
    public void deleteAllRoleBindingsForScope(@Context SecurityContext securityContext, @ValidTransactionId @QueryParam("transactionId") String str, @V2ValidScope Scope scope) throws CrnSyntaxException, JsonProcessingException {
        KafkaPrincipal userPrincipal = SecurityMetadataAuthorizer.userPrincipal(securityContext);
        this.metadataAuthorizer.authorizeSecurityMetadataAccess(securityContext, Scope.ROOT_SCOPE, SecurityMetadataAuthorizer.ALTER);
        this.cloudLifecycleService.removeAllRoleBindingsForScope(userPrincipal, scope, this.objectMapper.writeValueAsString(new DeleteAllRoleBindingsForScopeReason(str, this.crnAuthority.canonicalCrn(scope).toString())));
    }

    @Path("rolebindings/{sourceOrgId}/copy")
    @Consumes({"application/json"})
    @POST
    @PerformanceMetric("v2.duplicate.roles.for.org")
    public void duplicateRolesForOrg(@Context SecurityContext securityContext, @ValidOrganizationId @PathParam("sourceOrgId") String str, @V2ValidDuplicateRequest DuplicateRequest duplicateRequest) throws ExecutionException, TimeoutException, JsonProcessingException {
        KafkaPrincipal userPrincipal = SecurityMetadataAuthorizer.userPrincipal(securityContext);
        this.metadataAuthorizer.authorizeSecurityMetadataAccess(securityContext, Scope.ROOT_SCOPE, SecurityMetadataAuthorizer.ALTER);
        this.cloudLifecycleService.duplicateRoleBindingsForOrganization(userPrincipal, str, duplicateRequest.destOrgId, this.objectMapper.writeValueAsString(new DuplicateRolesForOrgReason(duplicateRequest.transactionId, str, duplicateRequest.destOrgId)));
    }

    @POST
    @Path("user/undelete")
    @Consumes({"application/json"})
    public List<CloudRoleBinding> undeleteAllRoleBindingsForUser(@Context SecurityContext securityContext, @V2ValidUserUndeleteRequest UserUndeleteRequest userUndeleteRequest) throws JsonProcessingException {
        return this.cloudLifecycleService.undeleteRoleBindingsForUser(SecurityMetadataAuthorizer.userPrincipal(securityContext), userUndeleteRequest.orgId, userUndeleteRequest.user, userUndeleteRequest.reason, this.objectMapper.writeValueAsString(new UndeleteRoleBindingsForUserReason(userUndeleteRequest.orgId)));
    }

    @POST
    @Path("scope/undelete")
    @Consumes({"application/json"})
    public List<CloudRoleBinding> undeleteAllRoleBindingsForScope(@Context SecurityContext securityContext, @V2ValidScopeUndeleteRequest ScopeUndeleteRequest scopeUndeleteRequest) throws CrnSyntaxException, JsonProcessingException {
        KafkaPrincipal userPrincipal = SecurityMetadataAuthorizer.userPrincipal(securityContext);
        Scope scope = this.crnAuthority.resolveScopePattern(this.crnAuthority.canonicalCrn(scopeUndeleteRequest.crn)).scope();
        return this.cloudLifecycleService.undeleteRoleBindingsForScope(userPrincipal, scope, scopeUndeleteRequest.reason, this.objectMapper.writeValueAsString(new UndeleteRoleBindingsForScopeReason(this.crnAuthority.canonicalCrn(scope).toString())));
    }
}
