package io.gravitee.rest.api.portal.rest.resource;

import io.gravitee.apim.core.api_key.use_case.RevokeSubscriptionApiKeyUseCase;
import io.gravitee.apim.core.audit.model.AuditActor;
import io.gravitee.apim.core.audit.model.AuditInfo;
import io.gravitee.rest.api.idp.api.authentication.UserDetails;
import io.gravitee.rest.api.model.SubscriptionEntity;
import io.gravitee.rest.api.model.permissions.RolePermission;
import io.gravitee.rest.api.model.permissions.RolePermissionAction;
import io.gravitee.rest.api.portal.rest.mapper.KeyMapper;
import io.gravitee.rest.api.service.ApiKeyService;
import io.gravitee.rest.api.service.SubscriptionService;
import io.gravitee.rest.api.service.common.ExecutionContext;
import io.gravitee.rest.api.service.common.GraviteeContext;
import io.gravitee.rest.api.service.exceptions.ForbiddenAccessException;
import jakarta.inject.Inject;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.ResourceContext;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;

/* loaded from: input_file:io/gravitee/rest/api/portal/rest/resource/SubscriptionKeysResource.class */
public class SubscriptionKeysResource extends AbstractResource {

    @Context
    private ResourceContext resourceContext;

    @Inject
    private RevokeSubscriptionApiKeyUseCase revokeSubscriptionApiKeyUsecase;

    @Inject
    private ApiKeyService apiKeyService;

    @Inject
    private SubscriptionService subscriptionService;

    @Inject
    private KeyMapper keyMapper;

    @Produces({"application/json"})
    @POST
    @Path("/_renew")
    @Consumes({"application/json"})
    public Response renewKeySubscription(@PathParam("subscriptionId") String str) {
        SubscriptionEntity findById = this.subscriptionService.findById(str);
        ExecutionContext executionContext = GraviteeContext.getExecutionContext();
        if (hasPermission(executionContext, RolePermission.APPLICATION_SUBSCRIPTION, findById.getApplication(), RolePermissionAction.UPDATE) || hasPermission(executionContext, RolePermission.API_SUBSCRIPTION, findById.getApi(), RolePermissionAction.UPDATE)) {
            return Response.status(Response.Status.CREATED).entity(this.keyMapper.convert(this.apiKeyService.renew(executionContext, findById))).build();
        }
        throw new ForbiddenAccessException();
    }

    @POST
    @Produces({"application/json"})
    @Path("/{apiKey}/_revoke")
    public Response revokeKeySubscription(@PathParam("subscriptionId") String str, @PathParam("apiKey") String str2) {
        SubscriptionEntity findById = this.subscriptionService.findById(str);
        ExecutionContext executionContext = GraviteeContext.getExecutionContext();
        if (!hasPermission(executionContext, RolePermission.APPLICATION_SUBSCRIPTION, findById.getApplication(), RolePermissionAction.UPDATE) && !hasPermission(executionContext, RolePermission.API_SUBSCRIPTION, findById.getApi(), RolePermissionAction.UPDATE)) {
            throw new ForbiddenAccessException();
        }
        UserDetails authenticatedUserDetails = getAuthenticatedUserDetails();
        this.revokeSubscriptionApiKeyUsecase.execute(new RevokeSubscriptionApiKeyUseCase.Input(str, str2, AuditInfo.builder().organizationId(executionContext.getOrganizationId()).environmentId(executionContext.getEnvironmentId()).actor(AuditActor.builder().userId(authenticatedUserDetails.getUsername()).userSource(authenticatedUserDetails.getSource()).userSourceId(authenticatedUserDetails.getSourceId()).build()).build()));
        return Response.noContent().build();
    }
}
