package com.yahoo.vespa.hosted.athenz.instanceproviderservice;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.google.inject.Inject;
import com.yahoo.container.jdisc.LoggingRequestHandler;
import com.yahoo.restapi.RestApi;
import com.yahoo.restapi.RestApiException;
import com.yahoo.restapi.RestApiRequestHandler;
import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper;
import com.yahoo.vespa.athenz.identityprovider.api.IdentityType;
import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity;
import java.util.Objects;
import java.util.logging.Level;

/* loaded from: input_file:com/yahoo/vespa/hosted/athenz/instanceproviderservice/IdentityProviderRequestHandler.class */
public class IdentityProviderRequestHandler extends RestApiRequestHandler<IdentityProviderRequestHandler> {
    private final IdentityDocumentGenerator documentGenerator;
    private final InstanceValidator instanceValidator;

    @Inject
    public IdentityProviderRequestHandler(LoggingRequestHandler.Context context, IdentityDocumentGenerator identityDocumentGenerator, InstanceValidator instanceValidator) {
        super(context, IdentityProviderRequestHandler::createRestApi);
        this.documentGenerator = identityDocumentGenerator;
        this.instanceValidator = instanceValidator;
    }

    private static RestApi createRestApi(IdentityProviderRequestHandler identityProviderRequestHandler) {
        RestApi.Builder builder = RestApi.builder();
        RestApi.RouteBuilder route = RestApi.route("/athenz/v1/provider/identity-document/node/{host}");
        Objects.requireNonNull(identityProviderRequestHandler);
        RestApi.Builder addRoute = builder.addRoute(route.get(identityProviderRequestHandler::getNodeIdentityDocument));
        RestApi.RouteBuilder route2 = RestApi.route("/athenz/v1/provider/identity-document/tenant/{host}");
        Objects.requireNonNull(identityProviderRequestHandler);
        RestApi.Builder addRoute2 = addRoute.addRoute(route2.get(identityProviderRequestHandler::getTenantIdentityDocument));
        RestApi.RouteBuilder route3 = RestApi.route("/athenz/v1/provider/instance");
        Objects.requireNonNull(identityProviderRequestHandler);
        RestApi.Builder addRoute3 = addRoute2.addRoute(route3.post(InstanceConfirmation.class, identityProviderRequestHandler::confirmInstance));
        RestApi.RouteBuilder route4 = RestApi.route("/athenz/v1/provider/refresh");
        Objects.requireNonNull(identityProviderRequestHandler);
        return addRoute3.addRoute(route4.post(InstanceConfirmation.class, identityProviderRequestHandler::confirmInstanceRefresh)).registerJacksonRequestEntity(InstanceConfirmation.class).registerJacksonResponseEntity(InstanceConfirmation.class).registerJacksonResponseEntity(SignedIdentityDocumentEntity.class).setObjectMapper(new ObjectMapper().registerModule(new JavaTimeModule()).registerModule(new Jdk8Module()).configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, true)).build();
    }

    private SignedIdentityDocumentEntity getNodeIdentityDocument(RestApi.RequestContext requestContext) {
        return getIdentityDocument((String) requestContext.pathParameters().getString("host").orElse(null), IdentityType.NODE);
    }

    private SignedIdentityDocumentEntity getTenantIdentityDocument(RestApi.RequestContext requestContext) {
        return getIdentityDocument((String) requestContext.pathParameters().getString("host").orElse(null), IdentityType.TENANT);
    }

    private InstanceConfirmation confirmInstance(RestApi.RequestContext requestContext, InstanceConfirmation instanceConfirmation) {
        this.log.log(Level.FINE, () -> {
            return instanceConfirmation.toString();
        });
        if (this.instanceValidator.isValidInstance(instanceConfirmation)) {
            return instanceConfirmation;
        }
        this.log.log(Level.SEVERE, "Invalid instance: " + instanceConfirmation);
        throw new RestApiException.Forbidden("Instance is invalid");
    }

    private InstanceConfirmation confirmInstanceRefresh(RestApi.RequestContext requestContext, InstanceConfirmation instanceConfirmation) {
        this.log.log(Level.FINE, () -> {
            return instanceConfirmation.toString();
        });
        if (this.instanceValidator.isValidRefresh(instanceConfirmation)) {
            return instanceConfirmation;
        }
        this.log.log(Level.SEVERE, "Invalid instance refresh: " + instanceConfirmation);
        throw new RestApiException.Forbidden("Instance is invalid");
    }

    private SignedIdentityDocumentEntity getIdentityDocument(String str, IdentityType identityType) {
        if (str == null) {
            throw new RestApiException.BadRequest("The 'hostname' query parameter is missing");
        }
        try {
            return EntityBindingsMapper.toSignedIdentityDocumentEntity(this.documentGenerator.generateSignedIdentityDocument(str, identityType));
        } catch (Exception e) {
            String format = String.format("Unable to generate identity document for '%s': %s", str, e.getMessage());
            this.log.log(Level.SEVERE, format, (Throwable) e);
            throw new RestApiException.InternalServerError(format, e);
        }
    }
}
