package io.digdag.core.database;

import com.google.common.base.Optional;
import io.digdag.core.crypto.SecretCrypto;
import io.digdag.core.database.DatabaseSecretStore;
import io.digdag.spi.SecretControlStore;
import java.util.List;
import java.util.Locale;
import org.skife.jdbi.v2.Handle;
import org.skife.jdbi.v2.sqlobject.Bind;
import org.skife.jdbi.v2.sqlobject.SqlQuery;
import org.skife.jdbi.v2.sqlobject.SqlUpdate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/digdag/core/database/DatabaseSecretControlStore.class */
public class DatabaseSecretControlStore extends BasicDatabaseStoreManager<Dao> implements SecretControlStore {
    private final int siteId;
    private final SecretCrypto crypto;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/digdag/core/database/DatabaseSecretControlStore$Dao.class */
    public interface Dao {
        @SqlQuery("select key from secrets where site_id = :siteId and project_id = :projectId and scope = :scope")
        List<String> listProjectSecrets(@Bind("siteId") int i, @Bind("projectId") int i2, @Bind("scope") String str);

        @SqlUpdate("delete from secrets where site_id = :siteId and project_id = :projectId and scope = :scope and key = :key")
        int deleteProjectSecret(@Bind("siteId") int i, @Bind("projectId") int i2, @Bind("scope") String str, @Bind("key") String str2);

        int upsertProjectSecret(int i, int i2, String str, String str2, String str3, String str4);

        @SqlQuery("select engine, value from secrets where site_id = :siteId and project_id = :projectId and scope = :scope and key = :key for update")
        DatabaseSecretStore.EncryptedSecret lockProjectSecret(@Bind("siteId") int i, @Bind("projectId") int i2, @Bind("scope") String str, @Bind("key") String str2);
    }

    /* loaded from: input_file:io/digdag/core/database/DatabaseSecretControlStore$H2Dao.class */
    interface H2Dao extends Dao {
        @Override // io.digdag.core.database.DatabaseSecretControlStore.Dao
        @SqlUpdate("merge into secrets  (site_id, project_id, scope, key, engine, value, updated_at) key(site_id, project_id, scope, key) values (:siteId, :projectId, :scope, :key, :engine, :value, now())")
        int upsertProjectSecret(@Bind("siteId") int i, @Bind("projectId") int i2, @Bind("scope") String str, @Bind("key") String str2, @Bind("engine") String str3, @Bind("value") String str4);
    }

    /* loaded from: input_file:io/digdag/core/database/DatabaseSecretControlStore$LockedControl.class */
    private class LockedControl implements SecretControlStore {
        private final Handle handle;
        private final Dao dao;

        public LockedControl(Handle handle, Dao dao) {
            this.handle = handle;
            this.dao = dao;
        }

        public void setProjectSecret(int i, String str, String str2, String str3) {
            String encryptSecret = DatabaseSecretControlStore.this.crypto.encryptSecret(str3);
            this.dao.upsertProjectSecret(DatabaseSecretControlStore.this.siteId, i, str, str2, DatabaseSecretControlStore.this.crypto.getName(), encryptSecret);
        }

        public void deleteProjectSecret(int i, String str, String str2) {
            this.dao.deleteProjectSecret(DatabaseSecretControlStore.this.siteId, i, str, str2);
        }

        public List<String> listProjectSecrets(int i, String str) {
            return this.dao.listProjectSecrets(DatabaseSecretControlStore.this.siteId, i, str);
        }

        public <T> T lockProjectSecret(int i, String str, String str2, SecretControlStore.SecretLockAction<T> secretLockAction) {
            Optional of;
            DatabaseSecretStore.EncryptedSecret lockProjectSecret = this.dao.lockProjectSecret(DatabaseSecretControlStore.this.siteId, i, str, str2);
            if (lockProjectSecret == null) {
                of = Optional.absent();
            } else {
                if (!DatabaseSecretControlStore.this.crypto.getName().equals(lockProjectSecret.engine)) {
                    throw new AssertionError(String.format(Locale.ENGLISH, "Crypto engine mismatch. Expected '%s' but got '%s'", lockProjectSecret.engine, DatabaseSecretControlStore.this.crypto.getName()));
                }
                of = Optional.of(DatabaseSecretControlStore.this.crypto.decryptSecret(lockProjectSecret.value));
            }
            return (T) secretLockAction.call(this, of);
        }
    }

    /* loaded from: input_file:io/digdag/core/database/DatabaseSecretControlStore$PgDao.class */
    interface PgDao extends Dao {
        @Override // io.digdag.core.database.DatabaseSecretControlStore.Dao
        @SqlUpdate("insert into secrets (site_id, project_id, scope, key, engine, value, updated_at) values (:siteId, :projectId, :scope, :key, :engine, :value, now()) on conflict (site_id, project_id, scope, key) do update set engine = :engine, value = :value, updated_at = now()")
        int upsertProjectSecret(@Bind("siteId") int i, @Bind("projectId") int i2, @Bind("scope") String str, @Bind("key") String str2, @Bind("engine") String str3, @Bind("value") String str4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DatabaseSecretControlStore(DatabaseConfig databaseConfig, TransactionManager transactionManager, ConfigMapper configMapper, int i, SecretCrypto secretCrypto) {
        super(databaseConfig.getType(), dao(databaseConfig.getType()), transactionManager, configMapper);
        this.siteId = i;
        this.crypto = secretCrypto;
    }

    private static Class<? extends Dao> dao(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -2105481388:
                if (str.equals("postgresql")) {
                    z = false;
                    break;
                }
                break;
            case 3274:
                if (str.equals("h2")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return PgDao.class;
            case true:
                return H2Dao.class;
            default:
                throw new IllegalArgumentException("Unknown database type: " + str);
        }
    }

    public void setProjectSecret(int i, String str, String str2, String str3) {
        transaction((handle, dao) -> {
            new LockedControl(handle, dao).setProjectSecret(i, str, str2, str3);
            return null;
        });
    }

    public void deleteProjectSecret(int i, String str, String str2) {
        transaction((handle, dao) -> {
            new LockedControl(handle, dao).deleteProjectSecret(i, str, str2);
            return null;
        });
    }

    public List<String> listProjectSecrets(int i, String str) {
        return (List) transaction((handle, dao) -> {
            return new LockedControl(handle, dao).listProjectSecrets(i, str);
        });
    }

    public <T> T lockProjectSecret(int i, String str, String str2, SecretControlStore.SecretLockAction<T> secretLockAction) {
        return (T) transaction((handle, dao) -> {
            return new LockedControl(handle, dao).lockProjectSecret(i, str, str2, secretLockAction);
        });
    }
}
