package org.eclipse.edc.identityhub.api.keypair.v1.unstable;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.SecurityContext;
import java.util.Collection;
import org.eclipse.edc.identityhub.api.v1.validation.KeyDescriptorValidator;
import org.eclipse.edc.identityhub.spi.AuthorizationResultHandler;
import org.eclipse.edc.identityhub.spi.AuthorizationService;
import org.eclipse.edc.identityhub.spi.keypair.KeyPairService;
import org.eclipse.edc.identityhub.spi.keypair.model.KeyPairResource;
import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextId;
import org.eclipse.edc.identityhub.spi.participantcontext.model.KeyDescriptor;
import org.eclipse.edc.identityhub.spi.participantcontext.model.ParticipantContext;
import org.eclipse.edc.identityhub.spi.participantcontext.model.ParticipantResource;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.query.Criterion;
import org.eclipse.edc.spi.query.QuerySpec;
import org.eclipse.edc.web.spi.exception.InvalidRequestException;
import org.eclipse.edc.web.spi.exception.ObjectNotFoundException;
import org.eclipse.edc.web.spi.exception.ValidationFailureException;
import org.jetbrains.annotations.Nullable;

@Produces({"application/json"})
@Path("/v1alpha/participants/{participantId}/keypairs")
@Consumes({"application/json"})
/* loaded from: input_file:org/eclipse/edc/identityhub/api/keypair/v1/unstable/KeyPairResourceApiController.class */
public class KeyPairResourceApiController implements KeyPairResourceApi {
    private final AuthorizationService authorizationService;
    private final KeyPairService keyPairService;
    private final KeyDescriptorValidator keyDescriptorValidator;

    public KeyPairResourceApiController(AuthorizationService authorizationService, KeyPairService keyPairService, KeyDescriptorValidator keyDescriptorValidator) {
        this.authorizationService = authorizationService;
        this.keyPairService = keyPairService;
        this.keyDescriptorValidator = keyDescriptorValidator;
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @GET
    @Path("/{keyPairId}")
    public KeyPairResource getKeyPair(@PathParam("keyPairId") String str, @Context SecurityContext securityContext) {
        this.authorizationService.isAuthorized(securityContext, str, KeyPairResource.class).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str));
        Collection collection = (Collection) this.keyPairService.query(QuerySpec.Builder.newInstance().filter(new Criterion("id", "=", str)).build()).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str));
        if (collection.isEmpty()) {
            throw new ObjectNotFoundException(KeyPairResource.class, str);
        }
        if (collection.size() > 1) {
            throw new EdcException("Expected only 1 result, but got %s".formatted(Integer.valueOf(collection.size())));
        }
        return (KeyPairResource) collection.iterator().next();
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @GET
    public Collection<KeyPairResource> queryKeyPairByParticipantId(@PathParam("participantId") String str, @Context SecurityContext securityContext) {
        return (Collection) ParticipantContextId.onEncoded(str).map(str2 -> {
            return ((Collection) this.keyPairService.query(ParticipantResource.queryByParticipantId(str2).build()).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str2))).stream().filter(keyPairResource -> {
                return this.authorizationService.isAuthorized(securityContext, keyPairResource.getId(), KeyPairResource.class).succeeded();
            }).toList();
        }).orElseThrow(InvalidRequestException::new);
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @PUT
    public void addKeyPair(@PathParam("participantId") String str, KeyDescriptor keyDescriptor, @QueryParam("makeDefault") boolean z, @Context SecurityContext securityContext) {
        this.keyDescriptorValidator.validate(keyDescriptor).orElseThrow(ValidationFailureException::new);
        ParticipantContextId.onEncoded(str).onSuccess(str2 -> {
            this.authorizationService.isAuthorized(securityContext, str2, ParticipantContext.class).compose(r9 -> {
                return this.keyPairService.addKeyPair(str2, keyDescriptor, z);
            }).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class));
        }).orElseThrow(InvalidRequestException::new);
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @POST
    @Path("/{keyPairId}/activate")
    public void activateKeyPair(@PathParam("keyPairId") String str, @Context SecurityContext securityContext) {
        this.authorizationService.isAuthorized(securityContext, str, KeyPairResource.class).compose(r5 -> {
            return this.keyPairService.activate(str);
        }).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str));
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @POST
    @Path("/{keyPairId}/rotate")
    public void rotateKeyPair(@PathParam("keyPairId") String str, @Nullable KeyDescriptor keyDescriptor, @QueryParam("duration") long j, @Context SecurityContext securityContext) {
        if (keyDescriptor != null) {
            this.keyDescriptorValidator.validate(keyDescriptor).orElseThrow(ValidationFailureException::new);
        }
        this.authorizationService.isAuthorized(securityContext, str, KeyPairResource.class).compose(r11 -> {
            return this.keyPairService.rotateKeyPair(str, keyDescriptor, j);
        }).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str));
    }

    @Override // org.eclipse.edc.identityhub.api.keypair.v1.unstable.KeyPairResourceApi
    @POST
    @Path("/{keyPairId}/revoke")
    public void revokeKeyPair(@PathParam("keyPairId") String str, KeyDescriptor keyDescriptor, @Context SecurityContext securityContext) {
        if (keyDescriptor != null) {
            this.keyDescriptorValidator.validate(keyDescriptor).orElseThrow(ValidationFailureException::new);
        }
        this.authorizationService.isAuthorized(securityContext, str, KeyPairResource.class).compose(r7 -> {
            return this.keyPairService.revokeKey(str, keyDescriptor);
        }).orElseThrow(AuthorizationResultHandler.exceptionMapper(KeyPairResource.class, str));
    }
}
