package com.walmartlabs.concord.client;

import com.google.gson.reflect.TypeToken;
import com.walmartlabs.concord.ApiClient;
import com.walmartlabs.concord.ApiException;
import com.walmartlabs.concord.ApiResponse;
import com.walmartlabs.concord.client.CreateSecretRequest;
import com.walmartlabs.concord.client.SecretEntry;
import com.walmartlabs.concord.common.secret.BinaryDataSecret;
import com.walmartlabs.concord.common.secret.KeyPair;
import com.walmartlabs.concord.common.secret.UsernamePassword;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;

/* loaded from: input_file:com/walmartlabs/concord/client/SecretClient.class */
public class SecretClient {
    private static final int DEFAULT_RETRY_COUNT = 3;
    private static final long DEFAULT_RETRY_INTERVAL = 5000;
    private final ApiClient apiClient;
    private final int retryCount;
    private final long retryInterval;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.walmartlabs.concord.client.SecretClient$2, reason: invalid class name */
    /* loaded from: input_file:com/walmartlabs/concord/client/SecretClient$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$walmartlabs$concord$client$SecretEntry$TypeEnum = new int[SecretEntry.TypeEnum.values().length];

        static {
            try {
                $SwitchMap$com$walmartlabs$concord$client$SecretEntry$TypeEnum[SecretEntry.TypeEnum.DATA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$walmartlabs$concord$client$SecretEntry$TypeEnum[SecretEntry.TypeEnum.KEY_PAIR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$walmartlabs$concord$client$SecretEntry$TypeEnum[SecretEntry.TypeEnum.USERNAME_PASSWORD.ordinal()] = SecretClient.DEFAULT_RETRY_COUNT;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public SecretClient(ApiClient apiClient) {
        this(apiClient, DEFAULT_RETRY_COUNT, DEFAULT_RETRY_INTERVAL);
    }

    public SecretClient(ApiClient apiClient, int i, long j) {
        this.apiClient = apiClient;
        this.retryCount = i;
        this.retryInterval = j;
    }

    public <T extends com.walmartlabs.concord.sdk.Secret> T getData(String str, String str2, String str3, SecretEntry.TypeEnum typeEnum) throws Exception {
        String str4 = "/api/v1/org/" + str + "/secret/" + str2 + "/data";
        ApiResponse apiResponse = null;
        HashMap hashMap = new HashMap();
        String str5 = str3;
        if (str3 == null) {
            str5 = "";
        }
        hashMap.put("storePassword", str5);
        try {
            try {
                ApiResponse apiResponse2 = (ApiResponse) ClientUtils.withRetry(this.retryCount, this.retryInterval, () -> {
                    return ClientUtils.postData(this.apiClient, str4, (Map<String, Object>) hashMap, File.class);
                });
                if (apiResponse2.getData() == null) {
                    throw new SecretNotFoundException(str, str2);
                }
                String header = ClientUtils.getHeader("X-Concord-SecretType", apiResponse2);
                if (header == null) {
                    throw new IllegalStateException("Can't determine the secret's expectedType. Server response: code=" + apiResponse2.getStatusCode() + ", path=" + str4);
                }
                SecretEntry.TypeEnum valueOf = SecretEntry.TypeEnum.valueOf(header);
                if (typeEnum != null && typeEnum != valueOf) {
                    throw new IllegalArgumentException(String.format("Unexpected type of %s/%s. Expected %s, got %s. Check the secret's expectedType and its usage - some secrets can only be used for specific purposes (e.g. %s is typically used for key-based authentication).", str, str2, typeEnum, valueOf, SecretEntry.TypeEnum.KEY_PAIR));
                }
                T t = (T) readSecret(valueOf, Files.readAllBytes(((File) apiResponse2.getData()).toPath()));
                if (apiResponse2 != null && apiResponse2.getData() != null) {
                    Files.delete(((File) apiResponse2.getData()).toPath());
                }
                return t;
            } catch (ApiException e) {
                if (e.getCode() == 404) {
                    throw new SecretNotFoundException(str, str2);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (0 != 0 && apiResponse.getData() != null) {
                Files.delete(((File) apiResponse.getData()).toPath());
            }
            throw th;
        }
    }

    public byte[] decryptString(UUID uuid, byte[] bArr) throws Exception {
        String str = "/api/v1/process/" + uuid + "/decrypt";
        try {
            return (byte[]) ((ApiResponse) ClientUtils.withRetry(this.retryCount, this.retryInterval, () -> {
                return ClientUtils.postData(this.apiClient, str, bArr, new TypeToken<byte[]>() { // from class: com.walmartlabs.concord.client.SecretClient.1
                }.getType());
            })).getData();
        } catch (ApiException e) {
            if (e.getCode() == 400) {
                throw new IllegalArgumentException("Can't decrypt the string: " + Base64.getEncoder().encodeToString(bArr));
            }
            throw e;
        }
    }

    public String encryptString(String str, String str2, String str3) throws Exception {
        return encryptString(null, str, str2, str3);
    }

    @Deprecated
    public String encryptString(UUID uuid, String str, String str2, String str3) throws Exception {
        String str4 = "/api/v1/org/" + str + "/project/" + str2 + "/encrypt";
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "text/plain;charset=UTF-8");
        ApiResponse apiResponse = (ApiResponse) ClientUtils.withRetry(this.retryCount, this.retryInterval, () -> {
            return ClientUtils.postData(this.apiClient, str4, str3, hashMap, EncryptValueResponse.class);
        });
        if (apiResponse.getStatusCode() == 200 && ((EncryptValueResponse) apiResponse.getData()).isOk().booleanValue()) {
            return ((EncryptValueResponse) apiResponse.getData()).getData();
        }
        throw new ApiException("Error encrypting string. Status code:" + apiResponse.getStatusCode() + " Data: " + apiResponse.getData());
    }

    public SecretOperationResponse createSecret(CreateSecretRequest createSecretRequest) throws ApiException {
        return createSecret((CreateSecretRequestV2) CreateSecretRequestV2.builder().org(createSecretRequest.org()).name(createSecretRequest.name()).generatePassword(createSecretRequest.generatePassword()).storePassword(createSecretRequest.storePassword()).visibility(createSecretRequest.visibility()).data(createSecretRequest.data()).keyPair(createSecretRequest.keyPair()).usernamePassword(createSecretRequest.usernamePassword()).addAllProjectNames(createSecretRequest.project() == null ? Collections.emptySet() : Collections.singleton(createSecretRequest.project())).build());
    }

    public SecretOperationResponse createSecret(CreateSecretRequestV2 createSecretRequestV2) throws ApiException {
        String str = "/api/v1/org/" + createSecretRequestV2.org() + "/secret";
        HashMap hashMap = new HashMap();
        hashMap.put("name", createSecretRequestV2.name());
        hashMap.put("generatePassword", Boolean.valueOf(createSecretRequestV2.generatePassword()));
        if (createSecretRequestV2.storePassword() != null) {
            hashMap.put("storePassword", createSecretRequestV2.storePassword());
        }
        SecretEntry.VisibilityEnum visibility = createSecretRequestV2.visibility();
        if (visibility != null) {
            hashMap.put("visibility", visibility.getValue());
        }
        if (createSecretRequestV2.projectIds() != null) {
            hashMap.put("projectIds", createSecretRequestV2.projectIds().stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(",")));
        } else if (createSecretRequestV2.projectNames() != null) {
            hashMap.put("projects", String.join(",", createSecretRequestV2.projectNames()));
        }
        byte[] data = createSecretRequestV2.data();
        CreateSecretRequest.KeyPair keyPair = createSecretRequestV2.keyPair();
        CreateSecretRequest.UsernamePassword usernamePassword = createSecretRequestV2.usernamePassword();
        if (data != null) {
            hashMap.put("type", SecretEntry.TypeEnum.DATA.getValue());
            hashMap.put("data", data);
        } else if (keyPair != null) {
            hashMap.put("type", SecretEntry.TypeEnum.KEY_PAIR.getValue());
            hashMap.put("public", readFile(keyPair.publicKey()));
            hashMap.put("private", readFile(keyPair.privateKey()));
        } else {
            if (usernamePassword == null) {
                throw new IllegalArgumentException("Secret data, a key pair or username/password must be specified.");
            }
            hashMap.put("type", SecretEntry.TypeEnum.USERNAME_PASSWORD.getValue());
            hashMap.put("username", usernamePassword.username());
            hashMap.put("password", usernamePassword.password());
        }
        return (SecretOperationResponse) ((ApiResponse) ClientUtils.withRetry(this.retryCount, this.retryInterval, () -> {
            return ClientUtils.postData(this.apiClient, str, (Map<String, Object>) hashMap, SecretOperationResponse.class);
        })).getData();
    }

    public void updateSecret(String str, String str2, UpdateSecretRequest updateSecretRequest) throws ApiException {
        updateSecret(str, str2, (UpdateSecretRequestV2) UpdateSecretRequestV2.builder().newOrgId(updateSecretRequest.newOrgId()).newOrgName(updateSecretRequest.newOrgName()).newProjectIds(updateSecretRequest.newProjectId() != null ? Collections.singleton(updateSecretRequest.newProjectId()) : null).newProjectNames((updateSecretRequest.newProjectName() == null || updateSecretRequest.newProjectName().isEmpty()) ? null : Collections.singleton(updateSecretRequest.newProjectName())).removeProjectLink(updateSecretRequest.removeProjectLink()).newOwnerId(updateSecretRequest.newOwnerId()).currentPassword(updateSecretRequest.currentPassword()).newPassword(updateSecretRequest.newPassword()).newName(updateSecretRequest.newName()).newVisibility(updateSecretRequest.newVisibility()).data(updateSecretRequest.data()).keyPair(updateSecretRequest.keyPair()).usernamePassword(updateSecretRequest.usernamePassword()).build());
    }

    public void updateSecret(String str, String str2, UpdateSecretRequestV2 updateSecretRequestV2) throws ApiException {
        String str3 = "/api/v2/org/" + str + "/secret/" + str2;
        HashMap hashMap = new HashMap();
        hashMap.put("orgId", updateSecretRequestV2.newOrgId());
        hashMap.put("org", updateSecretRequestV2.newOrgName());
        hashMap.put("removeProjectLink", Boolean.valueOf(updateSecretRequestV2.removeProjectLink()));
        hashMap.put("ownerId", updateSecretRequestV2.newOwnerId());
        hashMap.put("storePassword", updateSecretRequestV2.currentPassword());
        hashMap.put("newStorePassword", updateSecretRequestV2.newPassword());
        hashMap.put("name", updateSecretRequestV2.newName());
        hashMap.put("visibility", updateSecretRequestV2.newVisibility());
        if (updateSecretRequestV2.newProjectIds() != null) {
            hashMap.put("projectIds", updateSecretRequestV2.newProjectIds().stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(",")));
        } else if (updateSecretRequestV2.newProjectNames() != null) {
            hashMap.put("projects", String.join(",", updateSecretRequestV2.newProjectNames()));
        }
        byte[] data = updateSecretRequestV2.data();
        CreateSecretRequest.KeyPair keyPair = updateSecretRequestV2.keyPair();
        CreateSecretRequest.UsernamePassword usernamePassword = updateSecretRequestV2.usernamePassword();
        if (data != null) {
            hashMap.put("type", SecretEntry.TypeEnum.DATA.getValue());
            hashMap.put("data", data);
        } else if (keyPair != null) {
            hashMap.put("type", SecretEntry.TypeEnum.KEY_PAIR.getValue());
            hashMap.put("public", readFile(keyPair.publicKey()));
            hashMap.put("private", readFile(keyPair.privateKey()));
        } else if (usernamePassword != null) {
            hashMap.put("type", SecretEntry.TypeEnum.USERNAME_PASSWORD.getValue());
            hashMap.put("username", usernamePassword.username());
            hashMap.put("password", usernamePassword.password());
        }
        hashMap.values().removeIf(Objects::isNull);
        ClientUtils.withRetry(this.retryCount, this.retryInterval, () -> {
            return ClientUtils.postData(this.apiClient, str3, (Map<String, Object>) hashMap, (Class) null);
        });
    }

    private static byte[] readFile(Path path) {
        if (path == null) {
            return null;
        }
        if (Files.notExists(path, new LinkOption[0])) {
            throw new IllegalArgumentException("File '" + path + "' not found");
        }
        try {
            return Files.readAllBytes(path);
        } catch (IOException e) {
            throw new RuntimeException("Error while reading " + path + ": " + e.getMessage());
        }
    }

    private static <T> T readSecret(SecretEntry.TypeEnum typeEnum, byte[] bArr) {
        switch (AnonymousClass2.$SwitchMap$com$walmartlabs$concord$client$SecretEntry$TypeEnum[typeEnum.ordinal()]) {
            case 1:
                return (T) new BinaryDataSecret(bArr);
            case 2:
                return (T) KeyPair.deserialize(bArr);
            case DEFAULT_RETRY_COUNT /* 3 */:
                return (T) UsernamePassword.deserialize(bArr);
            default:
                throw new IllegalArgumentException("unknown secret type: " + typeEnum);
        }
    }
}
