package io.datarouter.auth.service;

import io.datarouter.auth.cache.DatarouterAccountPermissionKeysByPrefixCache;
import io.datarouter.auth.config.DatarouterAuthExecutors;
import io.datarouter.auth.storage.account.BaseDatarouterAccountCredentialDao;
import io.datarouter.auth.storage.account.BaseDatarouterAccountDao;
import io.datarouter.auth.storage.account.BaseDatarouterAccountSecretCredentialDao;
import io.datarouter.auth.storage.account.DatarouterAccountCredential;
import io.datarouter.auth.storage.account.DatarouterAccountCredentialKey;
import io.datarouter.auth.storage.account.DatarouterAccountSecretCredential;
import io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey;
import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermissionKey;
import io.datarouter.auth.web.DatarouterAccountManagerHandler;
import io.datarouter.httpclient.dto.DatarouterAccountCredentialStatusDto;
import io.datarouter.scanner.Scanner;
import io.datarouter.secret.op.SecretOpConfig;
import io.datarouter.secret.op.SecretOpReason;
import io.datarouter.secret.service.SecretNamespacer;
import io.datarouter.secret.service.SecretService;
import io.datarouter.secretweb.service.WebSecretOpReason;
import io.datarouter.util.Require;
import io.datarouter.web.user.session.service.Session;
import io.datarouter.web.util.PasswordTool;
import io.datarouter.web.util.http.RequestTool;
import java.time.Instant;
import java.time.ZoneId;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCredentialService.class */
public class DatarouterAccountCredentialService {
    private static final String SECRET_NAMESPACE_SUFFIX = "drSecretCredentials/";
    private final BaseDatarouterAccountDao datarouterAccountDao;
    private final BaseDatarouterAccountCredentialDao datarouterAccountCredentialDao;
    private final BaseDatarouterAccountSecretCredentialDao datarouterAccountSecretCredentialDao;
    private final DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache;
    private final DatarouterAccountLastUsedDateService datarouterAccountLastUsedDateService;
    private final SecretService secretService;
    private final SecretNamespacer secretNamespacer;
    private final AtomicReference<Map<String, AccountKey>> credentialAccountKeyByApiKey = new AtomicReference<>(new HashMap());
    private final AtomicReference<Map<String, String>> secretCredentialApiKeyBySecretName = new AtomicReference<>(new HashMap());
    private final AtomicReference<Map<String, AccountKey>> secretCredentialAccountKeyByApiKey = new AtomicReference<>(new HashMap());
    private final AtomicReference<Map<String, Instant>> mostRecentCreatedInstantByAccountName = new AtomicReference<>(new HashMap());
    private static final Logger logger = LoggerFactory.getLogger(DatarouterAccountCredentialService.class);
    private static final Pattern OBFUSCATED_API_KEY_PATTERN = Pattern.compile("([a-zA-Z0-9\\-_]+)\\*([a-zA-Z0-9\\-_]+)");

    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCredentialService$AccountKey.class */
    public static class AccountKey {
        public final String apiKey;
        public final String secretKey;
        public final String accountName;
        public final String secretName;

        private AccountKey(DatarouterAccountCredential datarouterAccountCredential) {
            this.apiKey = (String) Require.notNull(datarouterAccountCredential.getKey().getApiKey());
            this.secretKey = (String) Require.notNull(datarouterAccountCredential.getSecretKey());
            this.accountName = (String) Require.notNull(datarouterAccountCredential.getAccountName());
            this.secretName = null;
        }

        private AccountKey(DatarouterAccountSecretCredentialKeypairDto datarouterAccountSecretCredentialKeypairDto, DatarouterAccountSecretCredential datarouterAccountSecretCredential) {
            this.apiKey = (String) Require.notNull(datarouterAccountSecretCredentialKeypairDto.apiKey);
            this.secretKey = (String) Require.notNull(datarouterAccountSecretCredentialKeypairDto.secretKey);
            this.accountName = (String) Require.notNull(datarouterAccountSecretCredential.getAccountName());
            this.secretName = (String) Require.notNull(datarouterAccountSecretCredential.getKey().getSecretName());
        }

        DatarouterAccountCredentialKey getDatarouterAccountCredentialKey() {
            return new DatarouterAccountCredentialKey(this.apiKey);
        }

        DatarouterAccountSecretCredentialKey getDatarouterAccountSecretCredentialKey() {
            return new DatarouterAccountSecretCredentialKey(this.secretName);
        }

        public DatarouterAccountSecretCredentialKeypairDto getDatarouterAccountSecretCredentialKeypairDto() {
            return new DatarouterAccountSecretCredentialKeypairDto(this.apiKey, this.secretKey);
        }
    }

    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCredentialService$AccountLookupDto.class */
    public static class AccountLookupDto {
        public final String accountName;
        public final String secretName;

        private AccountLookupDto(String str, String str2) {
            this.accountName = str;
            this.secretName = str2;
        }

        public static AccountLookupDto empty() {
            return new AccountLookupDto(null, null);
        }
    }

    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCredentialService$DatarouterAccountSecretCredentialKeypairDto.class */
    public static class DatarouterAccountSecretCredentialKeypairDto {
        public final String apiKey;
        public final String secretKey;

        public DatarouterAccountSecretCredentialKeypairDto(String str, String str2) {
            this.apiKey = str;
            this.secretKey = str2;
        }

        public static DatarouterAccountSecretCredentialKeypairDto create() {
            return new DatarouterAccountSecretCredentialKeypairDto(PasswordTool.generateSalt(), PasswordTool.generateSalt());
        }
    }

    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountCredentialService$SecretCredentialDto.class */
    public static class SecretCredentialDto {
        public final String secretName;
        public final String accountName;
        public final String created;
        public final String creatorUsername;
        public final String lastUsed;
        public final Boolean active;

        public SecretCredentialDto(DatarouterAccountSecretCredential datarouterAccountSecretCredential, ZoneId zoneId) {
            this.secretName = datarouterAccountSecretCredential.getKey().getSecretName();
            this.accountName = datarouterAccountSecretCredential.getAccountName();
            this.created = datarouterAccountSecretCredential.getCreatedDate(zoneId);
            this.creatorUsername = datarouterAccountSecretCredential.getCreatorUsername();
            this.lastUsed = datarouterAccountSecretCredential.getLastUsedDate(zoneId);
            this.active = datarouterAccountSecretCredential.getActive();
        }
    }

    @Inject
    public DatarouterAccountCredentialService(BaseDatarouterAccountDao baseDatarouterAccountDao, BaseDatarouterAccountCredentialDao baseDatarouterAccountCredentialDao, BaseDatarouterAccountSecretCredentialDao baseDatarouterAccountSecretCredentialDao, DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache, DatarouterAccountLastUsedDateService datarouterAccountLastUsedDateService, DatarouterAuthExecutors.DatarouterAccountCredentialCacheExecutor datarouterAccountCredentialCacheExecutor, SecretService secretService, SecretNamespacer secretNamespacer) {
        this.datarouterAccountDao = baseDatarouterAccountDao;
        this.datarouterAccountCredentialDao = baseDatarouterAccountCredentialDao;
        this.datarouterAccountSecretCredentialDao = baseDatarouterAccountSecretCredentialDao;
        this.datarouterAccountPermissionKeysByPrefixCache = datarouterAccountPermissionKeysByPrefixCache;
        this.datarouterAccountLastUsedDateService = datarouterAccountLastUsedDateService;
        this.secretService = secretService;
        this.secretNamespacer = secretNamespacer;
        refreshCaches();
        datarouterAccountCredentialCacheExecutor.scheduleWithFixedDelay(this::refreshCaches, 15L, 15L, TimeUnit.SECONDS);
    }

    public Scanner<DatarouterAccountPermissionKey> scanPermissionsForApiKeyAuth(String str) {
        Optional map = findAccountKeyApiKeyAuth(str, true).map(accountKey -> {
            return accountKey.accountName;
        }).map(DatarouterAccountPermissionKey::new);
        DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache = this.datarouterAccountPermissionKeysByPrefixCache;
        datarouterAccountPermissionKeysByPrefixCache.getClass();
        return (Scanner) map.map(datarouterAccountPermissionKeysByPrefixCache::get).map((v0) -> {
            return Scanner.of(v0);
        }).orElseGet(Scanner::empty);
    }

    public Optional<String> findSecretKeyForApiKeyAuth(String str) {
        return findAccountKeyApiKeyAuth(str, true).map(accountKey -> {
            return accountKey.secretKey;
        });
    }

    public List<AccountLookupDto> lookupAccountName(String str) {
        Matcher matcher = OBFUSCATED_API_KEY_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return (List) findAccountKeyApiKeyAuth(str, false).map(accountKey -> {
                return new AccountLookupDto(accountKey.accountName, accountKey.secretName);
            }).map((v0) -> {
                return List.of(v0);
            }).orElseGet(List::of);
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        return Scanner.of(this.credentialAccountKeyByApiKey.get().values()).append(this.secretCredentialAccountKeyByApiKey.get().values()).include(accountKey2 -> {
            return accountKey2.apiKey.startsWith(group) && accountKey2.apiKey.endsWith(group2);
        }).map(accountKey3 -> {
            return new AccountLookupDto(accountKey3.accountName, accountKey3.secretName);
        }).list();
    }

    public DatarouterAccountCredentialStatusDto getCredentialStatusDto(HttpServletRequest httpServletRequest) {
        String parameterOrHeader = RequestTool.getParameterOrHeader(httpServletRequest, "apiKey");
        AccountKey accountKey = findAccountKeyApiKeyAuth(parameterOrHeader, false).get();
        if (accountKey.secretName != null) {
            DatarouterAccountSecretCredential datarouterAccountSecretCredential = this.datarouterAccountSecretCredentialDao.get(new DatarouterAccountSecretCredentialKey(accountKey.secretName));
            return new DatarouterAccountCredentialStatusDto(accountKey.accountName, accountKey.secretName, datarouterAccountSecretCredential.getCreatedInstant(), Boolean.valueOf(shouldRotate(accountKey.accountName, datarouterAccountSecretCredential.getCreatedInstant())), (Instant) null, (String) null);
        }
        DatarouterAccountCredential datarouterAccountCredential = this.datarouterAccountCredentialDao.get(new DatarouterAccountCredentialKey(parameterOrHeader));
        return new DatarouterAccountCredentialStatusDto(accountKey.accountName, (String) null, datarouterAccountCredential.getCreatedInstant(), Boolean.valueOf(shouldRotate(accountKey.accountName, datarouterAccountCredential.getCreatedInstant())), (Instant) null, (String) null);
    }

    private boolean shouldRotate(String str, Instant instant) {
        return this.mostRecentCreatedInstantByAccountName.get().get(str).isAfter(instant);
    }

    public Optional<String> getCurrentDatarouterAccountName(HttpServletRequest httpServletRequest) {
        return findAccountNameForApiKey(RequestTool.getParameterOrHeader(httpServletRequest, "apiKey"));
    }

    public String getAccountNameForRequest(HttpServletRequest httpServletRequest, String str) {
        String orElseThrow = getCurrentDatarouterAccountName(httpServletRequest).orElseThrow();
        if (!orElseThrow.equals(str)) {
            logger.warn("redoLogic={} alreadyknown={} path={}", new Object[]{orElseThrow, str, RequestTool.getPath(httpServletRequest)});
        }
        return orElseThrow;
    }

    public Optional<String> findAccountNameForApiKey(String str) {
        return findAccountKeyApiKeyAuth(str, false).map(accountKey -> {
            return accountKey.accountName;
        });
    }

    public void deleteAllCredentialsForAccount(String str, Session session) {
        this.datarouterAccountCredentialDao.deleteByAccountName(str);
        SecretOpReason manualOp = WebSecretOpReason.manualOp(session, "deleteAllCredentialsForAccount " + str);
        this.datarouterAccountSecretCredentialDao.scan().include(datarouterAccountSecretCredential -> {
            return str.equals(datarouterAccountSecretCredential.getAccountName());
        }).each(datarouterAccountSecretCredential2 -> {
            deleteSecret(datarouterAccountSecretCredential2.getSecretNamespace(), datarouterAccountSecretCredential2.getKey().getSecretName(), manualOp);
            this.datarouterAccountSecretCredentialDao.delete((DatarouterAccountSecretCredentialKey) datarouterAccountSecretCredential2.getKey());
        });
    }

    public AccountKey createCredential(String str, String str2) {
        DatarouterAccountCredential create;
        do {
            create = DatarouterAccountCredential.create(str, str2);
        } while (findAccountKeyApiKeyAuth(create.getKey().getApiKey(), false).isPresent());
        this.datarouterAccountCredentialDao.insertOrBust(create);
        return new AccountKey(create);
    }

    public void deleteCredential(String str) {
        this.datarouterAccountCredentialDao.delete(new DatarouterAccountCredentialKey(str));
    }

    public void setCredentialActivation(String str, Boolean bool) {
        DatarouterAccountCredential datarouterAccountCredential = this.datarouterAccountCredentialDao.get(new DatarouterAccountCredentialKey(str));
        datarouterAccountCredential.setActive(bool);
        this.datarouterAccountCredentialDao.updateIgnore(datarouterAccountCredential);
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x006d, code lost:
    
        r12 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x006f, code lost:
    
        r5.datarouterAccountSecretCredentialDao.delete((io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey) r0.getKey());
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0082, code lost:
    
        throw r12;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public io.datarouter.auth.service.DatarouterAccountCredentialService.AccountKey createSecretCredential(java.lang.String r6, java.lang.String r7, io.datarouter.secret.op.SecretOpReason r8) {
        /*
            r5 = this;
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r1 = r0
            r2 = r5
            io.datarouter.secret.service.SecretNamespacer r2 = r2.secretNamespacer
            java.lang.String r2 = r2.getAppNamespace()
            java.lang.String r2 = java.lang.String.valueOf(r2)
            r1.<init>(r2)
            java.lang.String r1 = "drSecretCredentials/"
            java.lang.StringBuilder r0 = r0.append(r1)
            java.lang.String r0 = r0.toString()
            r9 = r0
            r0 = r9
            r1 = r6
            r2 = r7
            io.datarouter.auth.storage.account.DatarouterAccountSecretCredential r0 = io.datarouter.auth.storage.account.DatarouterAccountSecretCredential.create(r0, r1, r2)
            r10 = r0
            r0 = r5
            io.datarouter.auth.storage.account.BaseDatarouterAccountSecretCredentialDao r0 = r0.datarouterAccountSecretCredentialDao
            r1 = r10
            r0.insertOrBust(r1)
        L31:
            io.datarouter.auth.service.DatarouterAccountCredentialService$DatarouterAccountSecretCredentialKeypairDto r0 = io.datarouter.auth.service.DatarouterAccountCredentialService.DatarouterAccountSecretCredentialKeypairDto.create()
            r11 = r0
            r0 = r5
            r1 = r11
            java.lang.String r1 = r1.apiKey
            r2 = 0
            java.util.Optional r0 = r0.findAccountKeyApiKeyAuth(r1, r2)
            boolean r0 = r0.isPresent()
            if (r0 != 0) goto L31
            r0 = r8
            io.datarouter.secret.op.SecretOpConfig$Builder r0 = io.datarouter.secret.op.SecretOpConfig.builder(r0)     // Catch: java.lang.RuntimeException -> L6d
            r1 = r9
            io.datarouter.secret.op.SecretOpConfig$Builder r0 = r0.useManualNamespace(r1)     // Catch: java.lang.RuntimeException -> L6d
            io.datarouter.secret.op.SecretOpConfig r0 = r0.build()     // Catch: java.lang.RuntimeException -> L6d
            r12 = r0
            r0 = r5
            io.datarouter.secret.service.SecretService r0 = r0.secretService     // Catch: java.lang.RuntimeException -> L6d
            r1 = r10
            io.datarouter.model.key.primary.PrimaryKey r1 = r1.getKey()     // Catch: java.lang.RuntimeException -> L6d
            io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey r1 = (io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey) r1     // Catch: java.lang.RuntimeException -> L6d
            java.lang.String r1 = r1.getSecretName()     // Catch: java.lang.RuntimeException -> L6d
            r2 = r11
            r3 = r12
            r0.create(r1, r2, r3)     // Catch: java.lang.RuntimeException -> L6d
            goto L83
        L6d:
            r12 = move-exception
            r0 = r5
            io.datarouter.auth.storage.account.BaseDatarouterAccountSecretCredentialDao r0 = r0.datarouterAccountSecretCredentialDao
            r1 = r10
            io.datarouter.model.key.primary.PrimaryKey r1 = r1.getKey()
            io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey r1 = (io.datarouter.auth.storage.account.DatarouterAccountSecretCredentialKey) r1
            r0.delete(r1)
            r0 = r12
            throw r0
        L83:
            io.datarouter.auth.service.DatarouterAccountCredentialService$AccountKey r0 = new io.datarouter.auth.service.DatarouterAccountCredentialService$AccountKey
            r1 = r0
            r2 = r11
            r3 = r10
            r1.<init>(r2, r3)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.datarouter.auth.service.DatarouterAccountCredentialService.createSecretCredential(java.lang.String, java.lang.String, io.datarouter.secret.op.SecretOpReason):io.datarouter.auth.service.DatarouterAccountCredentialService$AccountKey");
    }

    public boolean deleteSecretCredential(String str, SecretOpReason secretOpReason) {
        DatarouterAccountSecretCredentialKey datarouterAccountSecretCredentialKey = new DatarouterAccountSecretCredentialKey(str);
        DatarouterAccountSecretCredential datarouterAccountSecretCredential = this.datarouterAccountSecretCredentialDao.get(datarouterAccountSecretCredentialKey);
        if (datarouterAccountSecretCredential == null) {
            return false;
        }
        deleteSecret(datarouterAccountSecretCredential.getSecretNamespace(), str, secretOpReason);
        this.datarouterAccountSecretCredentialDao.delete(datarouterAccountSecretCredentialKey);
        return true;
    }

    public void deleteOrphanedCredentials() {
        Set set = (Set) this.datarouterAccountDao.scanKeys().map((v0) -> {
            return v0.getAccountName();
        }).collect(Collectors.toSet());
        Scanner.of(this.credentialAccountKeyByApiKey.get().values()).append(this.secretCredentialAccountKeyByApiKey.get().values()).include(accountKey -> {
            return !set.contains(accountKey.accountName);
        }).forEach(accountKey2 -> {
            if (accountKey2.secretName != null) {
                deleteSecretCredential(accountKey2.secretName, SecretOpReason.automatedOp("deleteOrphanedCredentials"));
            } else {
                deleteCredential(accountKey2.apiKey);
            }
        });
    }

    public void setSecretCredentialActivation(String str, Boolean bool) {
        DatarouterAccountSecretCredential datarouterAccountSecretCredential = this.datarouterAccountSecretCredentialDao.get(new DatarouterAccountSecretCredentialKey(str));
        datarouterAccountSecretCredential.setActive(bool);
        this.datarouterAccountSecretCredentialDao.updateIgnore(datarouterAccountSecretCredential);
    }

    public Map<String, List<DatarouterAccountManagerHandler.AccountCredentialDto>> getCredentialsByAccountName(Set<String> set, ZoneId zoneId) {
        return this.datarouterAccountCredentialDao.scanByAccountNames(set).map(datarouterAccountCredential -> {
            return new DatarouterAccountManagerHandler.AccountCredentialDto(datarouterAccountCredential, zoneId);
        }).groupBy(accountCredentialDto -> {
            return accountCredentialDto.accountName;
        });
    }

    public Map<String, List<SecretCredentialDto>> getSecretCredentialsByAccountName(Set<String> set, ZoneId zoneId) {
        return this.datarouterAccountSecretCredentialDao.scan().include(datarouterAccountSecretCredential -> {
            return set.contains(datarouterAccountSecretCredential.getAccountName());
        }).map(datarouterAccountSecretCredential2 -> {
            return new SecretCredentialDto(datarouterAccountSecretCredential2, zoneId);
        }).groupBy(secretCredentialDto -> {
            return secretCredentialDto.accountName;
        });
    }

    private Optional<AccountKey> findAccountKeyApiKeyAuth(String str, boolean z) {
        AccountKey accountKey = this.secretCredentialAccountKeyByApiKey.get().get(str);
        if (accountKey != null) {
            if (z) {
                this.datarouterAccountLastUsedDateService.updateLastUsedDateForSecretCredential(accountKey.getDatarouterAccountSecretCredentialKey(), accountKey.accountName);
            }
            return Optional.of(accountKey);
        }
        AccountKey accountKey2 = this.credentialAccountKeyByApiKey.get().get(str);
        if (accountKey2 == null) {
            return Optional.empty();
        }
        if (z) {
            this.datarouterAccountLastUsedDateService.updateLastUsedDateForCredential(accountKey2.getDatarouterAccountCredentialKey(), accountKey2.accountName);
        }
        return Optional.of(accountKey2);
    }

    private HashMap<String, Instant> refreshCredentials() {
        HashMap<String, Instant> hashMap = new HashMap<>();
        this.credentialAccountKeyByApiKey.set(this.datarouterAccountCredentialDao.scan().include((v0) -> {
            return v0.getActive();
        }).each(datarouterAccountCredential -> {
            hashMap.merge(datarouterAccountCredential.getAccountName(), datarouterAccountCredential.getCreatedInstant(), DatarouterAccountCredentialService::maxInstant);
        }).toMap(datarouterAccountCredential2 -> {
            return datarouterAccountCredential2.getKey().getApiKey();
        }, datarouterAccountCredential3 -> {
            return new AccountKey(datarouterAccountCredential3);
        }));
        return hashMap;
    }

    private HashMap<String, Instant> refreshSecretCredentials() {
        HashMap<String, Instant> hashMap = new HashMap<>();
        Map<String, String> map = this.secretCredentialApiKeyBySecretName.get();
        Map<String, AccountKey> map2 = this.secretCredentialAccountKeyByApiKey.get();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        this.datarouterAccountSecretCredentialDao.scan().include((v0) -> {
            return v0.getActive();
        }).each(datarouterAccountSecretCredential -> {
            hashMap.merge(datarouterAccountSecretCredential.getAccountName(), datarouterAccountSecretCredential.getCreatedInstant(), DatarouterAccountCredentialService::maxInstant);
        }).forEach(datarouterAccountSecretCredential2 -> {
            String secretName = datarouterAccountSecretCredential2.getKey().getSecretName();
            String str = (String) map.get(secretName);
            AccountKey accountKey = (AccountKey) map2.get(str);
            if (str != null && accountKey != null) {
                hashMap2.put(secretName, str);
                hashMap3.put(str, accountKey);
            } else {
                DatarouterAccountSecretCredentialKeypairDto readKeypair = readKeypair(datarouterAccountSecretCredential2, SecretOpReason.automatedOp(String.valueOf(DatarouterAccountCredentialService.class.getSimpleName()) + " caching"));
                hashMap2.put(secretName, readKeypair.apiKey);
                hashMap3.put(readKeypair.apiKey, new AccountKey(readKeypair, datarouterAccountSecretCredential2));
            }
        });
        this.secretCredentialApiKeyBySecretName.set(hashMap2);
        this.secretCredentialAccountKeyByApiKey.set(hashMap3);
        return hashMap;
    }

    private DatarouterAccountSecretCredentialKeypairDto readKeypair(DatarouterAccountSecretCredential datarouterAccountSecretCredential, SecretOpReason secretOpReason) {
        return (DatarouterAccountSecretCredentialKeypairDto) this.secretService.read(datarouterAccountSecretCredential.getKey().getSecretName(), DatarouterAccountSecretCredentialKeypairDto.class, SecretOpConfig.builder(secretOpReason).useManualNamespace(datarouterAccountSecretCredential.getSecretNamespace()).build());
    }

    private void deleteSecret(String str, String str2, SecretOpReason secretOpReason) {
        this.secretService.delete(str2, SecretOpConfig.builder(secretOpReason).useManualNamespace(str).build());
    }

    private void refreshCaches() {
        HashMap<String, Instant> refreshCredentials = refreshCredentials();
        refreshSecretCredentials().forEach((str, instant) -> {
            refreshCredentials.merge(str, instant, DatarouterAccountCredentialService::maxInstant);
        });
        this.mostRecentCreatedInstantByAccountName.set(refreshCredentials);
    }

    private static Instant maxInstant(Instant instant, Instant instant2) {
        return instant.isAfter(instant2) ? instant : instant2;
    }
}
