package com.yahoo.jdisc.cloud.aws;

import com.google.inject.Inject;
import com.yahoo.container.jdisc.HttpRequest;
import com.yahoo.container.jdisc.HttpResponse;
import com.yahoo.container.jdisc.LoggingRequestHandler;
import com.yahoo.io.IOUtils;
import com.yahoo.jdisc.http.HttpRequest;
import com.yahoo.restapi.ErrorResponse;
import com.yahoo.restapi.SlimeJsonResponse;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.yolean.Exceptions;
import java.io.IOException;
import java.io.InputStream;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.class */
public class AwsParameterStoreValidationHandler extends LoggingRequestHandler {
    private static final Logger log = Logger.getLogger(AwsParameterStoreValidationHandler.class.getName());
    private final VespaAwsCredentialsProvider credentialsProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler$AwsSettings.class */
    public static class AwsSettings {
        String name;
        String role;
        String awsId;
        String externalId;

        AwsSettings(String str, String str2, String str3, String str4) {
            this.name = str;
            this.role = str2;
            this.awsId = str3;
            this.externalId = str4;
        }

        static AwsSettings fromSlime(Slime slime) {
            Cursor cursor = slime.get();
            return new AwsSettings(cursor.field("name").asString(), cursor.field("role").asString(), cursor.field("awsId").asString(), cursor.field("externalId").asString());
        }

        void toSlime(Cursor cursor) {
            cursor.setString("name", this.name);
            cursor.setString("role", this.role);
            cursor.setString("awsId", this.awsId);
            cursor.setString("externalId", "*****");
        }
    }

    @Inject
    public AwsParameterStoreValidationHandler(LoggingRequestHandler.Context context) {
        this(context, new VespaAwsCredentialsProvider());
    }

    public AwsParameterStoreValidationHandler(LoggingRequestHandler.Context context, VespaAwsCredentialsProvider vespaAwsCredentialsProvider) {
        super(context);
        this.credentialsProvider = vespaAwsCredentialsProvider;
    }

    public HttpResponse handle(HttpRequest httpRequest) {
        try {
            return httpRequest.getMethod() == HttpRequest.Method.POST ? handlePOST(httpRequest) : ErrorResponse.methodNotAllowed("Method '" + httpRequest.getMethod() + "' is not supported");
        } catch (RuntimeException e) {
            log.log(Level.WARNING, "Unexpected error handling '" + httpRequest.getUri() + "'", (Throwable) e);
            return ErrorResponse.internalServerError(Exceptions.toMessageString(e));
        }
    }

    private HttpResponse handlePOST(com.yahoo.container.jdisc.HttpRequest httpRequest) {
        AwsSettings fromSlime = AwsSettings.fromSlime(toSlime(httpRequest.getData()));
        Slime slime = new Slime();
        Cursor object = slime.setObject();
        fromSlime.toSlime(object.setObject("settings"));
        try {
            new AwsParameterStore(this.credentialsProvider, "arn:aws:iam::" + fromSlime.awsId + ":role/" + fromSlime.role, fromSlime.externalId).getSecret("vespa-secret");
            object.setString("status", "ok");
        } catch (RuntimeException e) {
            object.setString("status", "error");
            Cursor addObject = object.setArray("errors").addObject();
            addObject.setString("type", e.getClass().getSimpleName());
            addObject.setString("message", Exceptions.toMessageString(e));
        }
        return new SlimeJsonResponse(slime);
    }

    private Slime toSlime(InputStream inputStream) {
        try {
            return SlimeUtils.jsonToSlime(IOUtils.readBytes(inputStream, 1000000));
        } catch (IOException e) {
            throw new RuntimeException();
        }
    }
}
