package fish.payara.microprofile.config.extensions.gcp;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import fish.payara.microprofile.config.extensions.gcp.model.Secret;
import fish.payara.microprofile.config.extensions.gcp.model.SecretHolder;
import fish.payara.microprofile.config.extensions.gcp.model.SecretsResponse;
import fish.payara.microprofile.config.extensions.oauth.OAuth2Client;
import fish.payara.nucleus.microprofile.config.admin.ConfigSourceConstants;
import fish.payara.nucleus.microprofile.config.source.extension.ConfiguredExtensionConfigSource;
import fish.payara.nucleus.microprofile.config.spi.MicroprofileConfigConfiguration;
import jakarta.inject.Inject;
import jakarta.json.JsonObject;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.client.Entity;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.io.File;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.api.admin.ServerEnvironment;
import org.jvnet.hk2.annotations.Service;

@Service(name = "gcp-secrets-config-source")
/* loaded from: input_file:fish/payara/microprofile/config/extensions/gcp/GCPSecretsConfigSource.class */
public class GCPSecretsConfigSource extends ConfiguredExtensionConfigSource<GCPSecretsConfigSourceConfiguration> {
    private static final Logger LOGGER = Logger.getLogger(GCPSecretsConfigSource.class.getName());
    private static final String AUTH_URL = "https://www.googleapis.com/oauth2/v4/token";
    private static final String LIST_SECRETS_ENDPOINT = "https://secretmanager.googleapis.com/v1/projects/%s/secrets";
    private static final String SECRET_ENDPOINT = "https://secretmanager.googleapis.com/v1/projects/%s/secrets/%s";
    private static final String GET_SECRETS_VERSION_ENDPOINT = "https://secretmanager.googleapis.com/v1/projects/%s/secrets/%s/versions/latest:access";
    private static final String CREATE_SECRET_VERSION_ENDPOINT = "https://secretmanager.googleapis.com/v1/projects/%s/secrets/%s:addVersion";
    private Client client = ClientBuilder.newClient();
    private OAuth2Client authClient;

    @Inject
    private ServerEnvironment env;

    @Inject
    MicroprofileConfigConfiguration mpconfig;

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x009b, code lost:
    
        switch(r18) {
            case 0: goto L21;
            case 1: goto L22;
            default: goto L23;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x00b4, code lost:
    
        r11 = r0.getString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00bf, code lost:
    
        r12 = r0.getString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x00c8, code lost:
    
        if (r11 == null) goto L68;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x00cc, code lost:
    
        if (r12 == null) goto L69;
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x00d2, code lost:
    
        continue;
     */
    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void bootstrap() {
        /*
            Method dump skipped, instructions count: 404
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: fish.payara.microprofile.config.extensions.gcp.GCPSecretsConfigSource.bootstrap():void");
    }

    private String authenticate() {
        Response authenticate = this.authClient.authenticate();
        int status = authenticate.getStatus();
        if (status == 200) {
            JsonObject jsonObject = (JsonObject) authenticate.readEntity(JsonObject.class);
            this.authClient.expire(Duration.ofSeconds(Integer.valueOf(jsonObject.getInt("expires_in")).intValue()));
            return jsonObject.getString("access_token");
        }
        if (status != 400) {
            return null;
        }
        LOGGER.log(Level.WARNING, "Couldn't authenticate with GCP. Check your configuration options are correct.");
        return null;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Map<String, String> getProperties() {
        HashMap hashMap = new HashMap();
        String authenticate = authenticate();
        if (authenticate == null) {
            return hashMap;
        }
        Response response = this.client.target(String.format(LIST_SECRETS_ENDPOINT, ((GCPSecretsConfigSourceConfiguration) this.configuration).getProjectName())).request().accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + authenticate).get();
        if (response.getStatus() != 200) {
            return hashMap;
        }
        Iterator<Secret> it = ((SecretsResponse) response.readEntity(SecretsResponse.class)).getSecrets().iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            hashMap.put(name, getValue(name));
        }
        return hashMap;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Set<String> getPropertyNames() {
        return getProperties().keySet();
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getValue(String str) {
        String authenticate = authenticate();
        if (authenticate == null) {
            return null;
        }
        Response response = this.client.target(String.format(GET_SECRETS_VERSION_ENDPOINT, ((GCPSecretsConfigSourceConfiguration) this.configuration).getProjectName(), str)).request().accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + authenticate).get();
        int status = response.getStatus();
        if (status == 200) {
            return ((SecretHolder) response.readEntity(SecretHolder.class)).getPayload().getData();
        }
        if (status == 400) {
            return null;
        }
        LOGGER.log(Level.WARNING, "Failed to get GCP secret. {0}", response.readEntity(String.class));
        return null;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean setValue(String str, String str2) {
        String authenticate = authenticate();
        if (authenticate == null) {
            return false;
        }
        Response post = this.client.target(String.format(LIST_SECRETS_ENDPOINT, ((GCPSecretsConfigSourceConfiguration) this.configuration).getProjectName())).queryParam("secretId", str).request().accept(MediaType.APPLICATION_JSON).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + authenticate).post(Entity.entity(new Secret(), MediaType.APPLICATION_JSON));
        int status = post.getStatus();
        if (status != 200 && status != 409) {
            LOGGER.log(Level.WARNING, "Failed to set GCP secret. {0}", post.readEntity(String.class));
            return false;
        }
        Response post2 = this.client.target(String.format(CREATE_SECRET_VERSION_ENDPOINT, ((GCPSecretsConfigSourceConfiguration) this.configuration).getProjectName(), str)).request().accept(MediaType.APPLICATION_JSON).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + authenticate).post(Entity.entity(new SecretHolder(str2), MediaType.APPLICATION_JSON));
        if (post2.getStatus() == 200) {
            return true;
        }
        LOGGER.log(Level.WARNING, "Failed to set GCP secret. {0}", post2.readEntity(String.class));
        return false;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean deleteValue(String str) {
        String authenticate = authenticate();
        if (authenticate == null) {
            return false;
        }
        Response delete = this.client.target(String.format(SECRET_ENDPOINT, ((GCPSecretsConfigSourceConfiguration) this.configuration).getProjectName(), str)).request().accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + authenticate).delete();
        if (delete.getStatus() == 200) {
            return true;
        }
        LOGGER.log(Level.WARNING, "Failed to delete GCP secret. {0}", delete.readEntity(String.class));
        return false;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public String getSource() {
        return ConfigSourceConstants.CLOUD;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getName() {
        return "gcp";
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public int getOrdinal() {
        return Integer.parseInt(this.mpconfig.getCloudOrdinality());
    }

    private static SignedJWT buildJwt(String str, String str2) {
        Instant now = Instant.now();
        return new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(), new JWTClaimsSet.Builder().issuer(str).audience(AUTH_URL).issueTime(Date.from(now)).expirationTime(Date.from(now.plus(1L, (TemporalUnit) ChronoUnit.MINUTES))).claim("scope", str2).build());
    }

    private static PrivateKey parsePrivateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(new Base64(str.replaceAll("\\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "")).decode()));
    }

    private File getTokenFile() {
        if (((GCPSecretsConfigSourceConfiguration) this.configuration).getTokenFilePath() != null) {
            return this.env.getConfigDirPath().toPath().resolve(((GCPSecretsConfigSourceConfiguration) this.configuration).getTokenFilePath()).toFile();
        }
        return null;
    }
}
