package io.confluent.kafka.secretregistry.rest.resources;

import io.confluent.kafka.secretregistry.client.rest.Versions;
import io.confluent.kafka.secretregistry.client.rest.entities.Secret;
import io.confluent.kafka.secretregistry.client.rest.entities.requests.RegisterSecretRequest;
import io.confluent.kafka.secretregistry.client.rest.entities.requests.RegisterSecretResponse;
import io.confluent.kafka.secretregistry.exceptions.InvalidVersionException;
import io.confluent.kafka.secretregistry.exceptions.OperationNotPermittedException;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryException;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryRequestForwardingException;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryStoreException;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryTimeoutException;
import io.confluent.kafka.secretregistry.exceptions.UnknownMasterException;
import io.confluent.kafka.secretregistry.rest.VersionId;
import io.confluent.kafka.secretregistry.rest.exceptions.Errors;
import io.confluent.kafka.secretregistry.storage.KafkaSecretRegistry;
import io.confluent.rest.annotations.PerformanceMetric;
import java.util.List;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.AsyncResponse;
import javax.ws.rs.container.Suspended;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/vnd.secretregistry.v1+json", Versions.SECRET_REGISTRY_DEFAULT_JSON_WEIGHTED, "application/json; qs=0.5"})
@Path("/secret/paths/{path}/keys/{key}/versions")
@Consumes({"application/vnd.secretregistry.v1+json", Versions.SECRET_REGISTRY_DEFAULT_JSON, "application/json", "application/octet-stream"})
/* loaded from: input_file:io/confluent/kafka/secretregistry/rest/resources/PathKeyVersionResource.class */
public class PathKeyVersionResource {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PathKeyVersionResource.class);
    private final KafkaSecretRegistry secretRegistry;
    private final RequestHeaderBuilder requestHeaderBuilder = new RequestHeaderBuilder();

    public PathKeyVersionResource(KafkaSecretRegistry kafkaSecretRegistry) {
        this.secretRegistry = kafkaSecretRegistry;
    }

    @GET
    @Path("/{version}")
    @PerformanceMetric("paths.keys.versions.get-secret")
    public Secret getSecret(@Context SecurityContext securityContext, @PathParam("path") String str, @PathParam("key") String str2, @PathParam("version") String str3) {
        if (securityContext.getUserPrincipal() != null) {
            log.info("User '{}' getting secret '{}:{}' version {}", securityContext.getUserPrincipal().getName(), str, str2, str3);
        } else {
            log.info("Unknown user getting secret '{}:{}' version {}", str, str2, str3);
        }
        try {
            try {
                return this.secretRegistry.validateAndGetSecret(str, str2, new VersionId(str3));
            } catch (InvalidVersionException e) {
                throw Errors.invalidVersionException();
            } catch (SecretRegistryStoreException e2) {
                String str4 = "Error while retrieving secret for path " + str + " with key " + str2 + " with version " + str3 + " from the secret registry";
                log.debug(str4, (Throwable) e2);
                throw Errors.storeException(str4, e2);
            } catch (SecretRegistryException e3) {
                throw Errors.secretRegistryException(null, e3);
            }
        } catch (InvalidVersionException e4) {
            throw Errors.invalidVersionException();
        }
    }

    @GET
    @Path("/{version}/secret")
    @PerformanceMetric("paths.keys.versions.get-secret.only")
    public String getSecretOnly(@Context SecurityContext securityContext, @PathParam("path") String str, @PathParam("key") String str2, @PathParam("version") String str3) {
        return getSecret(securityContext, str, str2, str3).getSecret();
    }

    @GET
    @PerformanceMetric("paths.keys.versions.list")
    public List<Integer> list(@Context SecurityContext securityContext, @PathParam("path") String str, @PathParam("key") String str2) {
        if (securityContext.getUserPrincipal() != null) {
            log.info("User '{}' listing versions for '{}:{}'", securityContext.getUserPrincipal().getName(), str, str2);
        } else {
            log.info("Unknown user listing versions for '{}:{}'", str, str2);
        }
        String str3 = "Error while validating that path " + str + " and key " + str2 + " exist in the registry";
        try {
            if (!this.secretRegistry.listPaths().contains(str)) {
                throw Errors.pathNotFoundException();
            }
            if (!this.secretRegistry.listKeys(str).contains(str2)) {
                throw Errors.keyNotFoundException();
            }
            String str4 = "Error while listing all versions for path " + str + " and key " + str2;
            try {
                return this.secretRegistry.listVersions(str, str2);
            } catch (SecretRegistryStoreException e) {
                throw Errors.storeException(str4, e);
            } catch (SecretRegistryException e2) {
                throw Errors.secretRegistryException(str4, e2);
            }
        } catch (SecretRegistryStoreException e3) {
            throw Errors.storeException(str3, e3);
        } catch (SecretRegistryException e4) {
            throw Errors.secretRegistryException(str3, e4);
        }
    }

    @POST
    @PerformanceMetric("paths.keys.versions.register")
    public void register(@Suspended AsyncResponse asyncResponse, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String str, @PathParam("key") String str2, @NotNull RegisterSecretRequest registerSecretRequest) {
        if (securityContext.getUserPrincipal() != null) {
            log.info("User '{}' registering secret '{}:{}'", securityContext.getUserPrincipal().getName(), str, str2);
        } else {
            log.info("Unknown user registering secret '{}:{}'", str, str2);
        }
        try {
            int registerOrForward = this.secretRegistry.registerOrForward(new Secret(str, str2, 0, registerSecretRequest.getSecret()), this.requestHeaderBuilder.buildRequestHeaders(httpHeaders, this.secretRegistry.config().whitelistHeaders()));
            RegisterSecretResponse registerSecretResponse = new RegisterSecretResponse();
            registerSecretResponse.setVersion(registerOrForward);
            asyncResponse.resume(registerSecretResponse);
        } catch (OperationNotPermittedException e) {
            throw Errors.operationNotPermittedException(e.getMessage());
        } catch (SecretRegistryRequestForwardingException e2) {
            throw Errors.requestForwardingFailedException("Error while forwarding register secret request to the master", e2);
        } catch (SecretRegistryStoreException e3) {
            throw Errors.storeException("Register secret operation failed while writing to the Kafka store", e3);
        } catch (SecretRegistryTimeoutException e4) {
            throw Errors.operationTimeoutException("Register operation timed out", e4);
        } catch (UnknownMasterException e5) {
            throw Errors.unknownMasterException("Master not known.", e5);
        } catch (SecretRegistryException e6) {
            throw Errors.secretRegistryException("Error while registering secret", e6);
        }
    }

    @Path("/{version}")
    @DELETE
    @PerformanceMetric("paths.keys.versions.delete-secret")
    public void deleteSecretVersion(@Suspended AsyncResponse asyncResponse, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String str, @PathParam("key") String str2, @PathParam("version") String str3) {
        if (securityContext.getUserPrincipal() != null) {
            log.info("User '{}' deleting secret '{}:{}' version {}", securityContext.getUserPrincipal().getName(), str, str2, str3);
        } else {
            log.info("Unknown user deleting secret '{}:{}' version {}", str, str2, str3);
        }
        try {
            VersionId versionId = new VersionId(str3);
            try {
                Secret validateAndGetSecret = this.secretRegistry.validateAndGetSecret(str, str2, versionId);
                try {
                    this.secretRegistry.deleteVersionOrForward(this.requestHeaderBuilder.buildRequestHeaders(httpHeaders, this.secretRegistry.config().whitelistHeaders()), validateAndGetSecret.getPath(), validateAndGetSecret.getKey(), validateAndGetSecret.getVersion().intValue());
                    asyncResponse.resume(Integer.valueOf(versionId.getVersionId()));
                } catch (SecretRegistryRequestForwardingException e) {
                    throw Errors.requestForwardingFailedException("Error while forwarding delete secret version request to the master", e);
                } catch (SecretRegistryStoreException e2) {
                    throw Errors.storeException("Delete Secret Version operation failed while writing to the Kafka store", e2);
                } catch (SecretRegistryTimeoutException e3) {
                    throw Errors.operationTimeoutException("Delete Secret Version operation timed out", e3);
                } catch (UnknownMasterException e4) {
                    throw Errors.unknownMasterException("Master not known.", e4);
                } catch (SecretRegistryException e5) {
                    throw Errors.secretRegistryException("Error while deleting Secret Version", e5);
                }
            } catch (InvalidVersionException e6) {
                throw Errors.invalidVersionException();
            } catch (SecretRegistryStoreException e7) {
                String str4 = "Error while retrieving secret for path " + str + " with key " + str2 + " with version " + str3 + " from the secret registry";
                log.debug(str4, (Throwable) e7);
                throw Errors.storeException(str4, e7);
            } catch (SecretRegistryException e8) {
                throw Errors.secretRegistryException(null, e8);
            }
        } catch (InvalidVersionException e9) {
            throw Errors.invalidVersionException();
        }
    }
}
