package com.yahoo.vespa.config.server.http;

import ai.vespa.util.http.hc4.VespaHttpClientBuilder;
import com.yahoo.config.model.api.container.ContainerServiceType;
import com.yahoo.config.provision.SystemName;
import com.yahoo.config.provision.TenantName;
import com.yahoo.container.jdisc.HttpResponse;
import com.yahoo.container.jdisc.secretstore.SecretStore;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.vespa.config.server.application.Application;
import com.yahoo.vespa.config.server.tenant.SecretStoreExternalIdRetriever;
import com.yahoo.yolean.Exceptions;
import java.io.IOException;
import java.net.URI;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.CloseableHttpClient;

/* loaded from: input_file:com/yahoo/vespa/config/server/http/SecretStoreValidator.class */
public class SecretStoreValidator {
    private static final String PROTOCOL = "http://";
    private static final String AWS_PARAMETER_VALIDATION_HANDLER_POSTFIX = ":4080/validate-secret-store";
    private final SecretStore secretStore;
    private final CloseableHttpClient httpClient = VespaHttpClientBuilder.create().build();

    public SecretStoreValidator(SecretStore secretStore) {
        this.secretStore = secretStore;
    }

    public HttpResponse validateSecretStore(Application application, SystemName systemName, Slime slime) {
        addExternalId(application.getId().tenant(), systemName, slime);
        return postRequest(getUri(application), slime);
    }

    private URI getUri(Application application) {
        return URI.create("http://" + ((String) application.getModel().getHosts().stream().filter(hostInfo -> {
            return hostInfo.getServices().stream().filter(serviceInfo -> {
                return ContainerServiceType.CONTAINER.serviceName.equals(serviceInfo.getServiceType());
            }).count() > 0;
        }).map((v0) -> {
            return v0.getHostname();
        }).findFirst().orElseThrow()) + ":4080/validate-secret-store");
    }

    private HttpResponse postRequest(URI uri, Slime slime) {
        HttpPost httpPost = new HttpPost(uri);
        httpPost.setEntity(new ByteArrayEntity((byte[]) Exceptions.uncheck(() -> {
            return SlimeUtils.toJsonBytes(slime);
        })));
        try {
            return new ProxyResponse(this.httpClient.execute(httpPost));
        } catch (IOException e) {
            return HttpErrorResponse.internalServerError(String.format("Failed to post request to %s: %s", uri, Exceptions.toMessageString(e)));
        }
    }

    private void addExternalId(TenantName tenantName, SystemName systemName, Slime slime) {
        Cursor cursor = slime.get();
        cursor.setString("externalId", this.secretStore.getSecret(SecretStoreExternalIdRetriever.secretName(tenantName, systemName, cursor.field("name").asString())));
    }
}
