package com.yahoo.vespa.config.server.tenant;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.yahoo.config.model.api.TlsSecrets;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.container.jdisc.secretstore.SecretStore;
import com.yahoo.path.Path;
import com.yahoo.vespa.curator.Curator;
import com.yahoo.vespa.curator.transaction.CuratorOperations;
import com.yahoo.vespa.curator.transaction.CuratorTransaction;
import java.util.Optional;

/* loaded from: input_file:com/yahoo/vespa/config/server/tenant/TlsSecretsKeys.class */
public class TlsSecretsKeys {
    private final Path path;
    private final SecretStore secretStore;
    private final Curator curator;

    public TlsSecretsKeys(Curator curator, Path path, SecretStore secretStore) {
        this.curator = curator;
        this.path = path.append("tlsSecretsKeys/");
        this.secretStore = secretStore;
    }

    public Optional<TlsSecrets> readTlsSecretsKeyFromZookeeper(ApplicationId applicationId) {
        try {
            Optional data = this.curator.getData(tlsSecretsKeyOf(applicationId));
            return (data.isEmpty() || ((byte[]) data.get()).length == 0) ? Optional.empty() : readFromSecretStore(Optional.ofNullable((String) new ObjectMapper().readValue((byte[]) data.get(), new TypeReference<String>() { // from class: com.yahoo.vespa.config.server.tenant.TlsSecretsKeys.1
            })));
        } catch (Exception e) {
            throw new RuntimeException("Error reading TLS secret key of " + applicationId, e);
        }
    }

    public void writeTlsSecretsKeyToZooKeeper(ApplicationId applicationId, String str) {
        if (str == null) {
            return;
        }
        try {
            this.curator.set(tlsSecretsKeyOf(applicationId), new ObjectMapper().writeValueAsBytes(str));
        } catch (Exception e) {
            throw new RuntimeException("Could not write TLS secret key of " + applicationId, e);
        }
    }

    public Optional<TlsSecrets> getTlsSecrets(Optional<String> optional, ApplicationId applicationId) {
        return (optional == null || optional.isEmpty()) ? readTlsSecretsKeyFromZookeeper(applicationId) : readFromSecretStore(optional);
    }

    private Optional<TlsSecrets> readFromSecretStore(Optional<String> optional) {
        if (optional.isEmpty()) {
            return Optional.empty();
        }
        TlsSecrets tlsSecrets = TlsSecrets.MISSING;
        try {
            tlsSecrets = new TlsSecrets(this.secretStore.getSecret(optional.get() + "-cert"), this.secretStore.getSecret(optional.get() + "-key"));
        } catch (RuntimeException e) {
        }
        return Optional.of(tlsSecrets);
    }

    public CuratorTransaction delete(ApplicationId applicationId) {
        return !this.curator.exists(tlsSecretsKeyOf(applicationId)) ? CuratorTransaction.empty(this.curator) : CuratorTransaction.from(CuratorOperations.delete(tlsSecretsKeyOf(applicationId).getAbsolute()), this.curator);
    }

    private Path tlsSecretsKeyOf(ApplicationId applicationId) {
        return this.path.append(applicationId.serializedForm());
    }
}
