package io.helidon.integrations.vault.secrets.pki;

import io.helidon.common.http.Http;
import io.helidon.common.reactive.Single;
import io.helidon.integrations.common.rest.RestApi;
import io.helidon.integrations.vault.ListSecrets;
import io.helidon.integrations.vault.Vault;
import io.helidon.integrations.vault.VaultApiException;
import io.helidon.integrations.vault.VaultOptionalResponse;
import io.helidon.integrations.vault.VaultRestException;
import io.helidon.integrations.vault.secrets.pki.CaCertificateGet;
import io.helidon.integrations.vault.secrets.pki.CertificateGet;
import io.helidon.integrations.vault.secrets.pki.CrlGet;
import io.helidon.integrations.vault.secrets.pki.GenerateSelfSignedRoot;
import io.helidon.integrations.vault.secrets.pki.IssueCertificate;
import io.helidon.integrations.vault.secrets.pki.PkiRole;
import io.helidon.integrations.vault.secrets.pki.RevokeCertificate;
import io.helidon.integrations.vault.secrets.pki.SignCsr;
import java.util.function.Function;

/* loaded from: input_file:io/helidon/integrations/vault/secrets/pki/PkiSecretsRxImpl.class */
class PkiSecretsRxImpl implements PkiSecretsRx {
    private final RestApi restApi;
    private final String mount;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PkiSecretsRxImpl(RestApi restApi, String str) {
        this.restApi = restApi;
        this.mount = str;
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<VaultOptionalResponse<ListSecrets.Response>> list(ListSecrets.Request request) {
        return this.restApi.invokeOptional(Vault.LIST, this.mount + "/certs", request, VaultOptionalResponse.vaultResponseBuilder().entityProcessor(ListSecrets.Response::create));
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<CaCertificateGet.Response> caCertificate(CaCertificateGet.Request request) {
        String str;
        switch (request.format()) {
            case DER:
                str = this.mount + "/ca";
                break;
            case PEM:
            case PEM_BUNDLE:
                str = this.mount + "/ca_chain";
                break;
            default:
                return Single.error(new VaultApiException("Unsupported PKI Format: " + String.valueOf(request.format())));
        }
        return this.restApi.getBytes(str, request, VaultOptionalResponse.vaultResponseBuilder().entityProcessor(Function.identity())).map(vaultOptionalResponse -> {
            return ((CaCertificateGet.Response.Builder) CaCertificateGet.Response.builder().entity((byte[]) vaultOptionalResponse.entity().orElseThrow(() -> {
                return VaultRestException.builder().headers(vaultOptionalResponse.headers()).requestId(vaultOptionalResponse.requestId()).status(vaultOptionalResponse.status()).vaultErrors(vaultOptionalResponse.errors()).message("CA Certificate is expected to be present, but is not available").build();
            }))).headers(vaultOptionalResponse.headers()).requestId(vaultOptionalResponse.requestId()).status(vaultOptionalResponse.status()).m0build();
        });
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<VaultOptionalResponse<CertificateGet.Response>> certificate(CertificateGet.Request request) {
        String str = this.mount + "/cert/" + request.serialNumber();
        if (request.format() != PkiFormat.PEM) {
            throw new UnsupportedOperationException("Only PEM encoded format is supported");
        }
        return this.restApi.get(str, request, VaultOptionalResponse.vaultResponseBuilder().entityProcessor(CertificateGet.Response::create));
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<CrlGet.Response> crl(CrlGet.Request request) {
        String str;
        PkiFormat format = request.format();
        switch (format) {
            case DER:
                str = this.mount + "/crl";
                break;
            case PEM:
            case PEM_BUNDLE:
                str = this.mount + "/crl/pem";
                break;
            default:
                return Single.error(new VaultApiException("Unsupported PKI Format: " + String.valueOf(format)));
        }
        return this.restApi.getBytes(str, request, VaultOptionalResponse.vaultResponseBuilder().entityProcessor(Function.identity())).map(vaultOptionalResponse -> {
            return ((CrlGet.Response.Builder) CrlGet.Response.builder().entity((byte[]) vaultOptionalResponse.entity().orElseThrow(() -> {
                return VaultRestException.builder().headers(vaultOptionalResponse.headers()).requestId(vaultOptionalResponse.requestId()).status(vaultOptionalResponse.status()).vaultErrors(vaultOptionalResponse.errors()).message("CRL is expected to be present, but is not available").build();
            }))).headers(vaultOptionalResponse.headers()).requestId(vaultOptionalResponse.requestId()).status(vaultOptionalResponse.status()).m1build();
        });
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<IssueCertificate.Response> issueCertificate(IssueCertificate.Request request) {
        return this.restApi.invokeWithResponse(Http.Method.POST, this.mount + "/issue/" + request.roleName(), request, IssueCertificate.Response.builder().format(request.format()));
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<SignCsr.Response> signCertificateRequest(SignCsr.Request request) {
        return this.restApi.invokeWithResponse(Http.Method.POST, this.mount + "/sign/" + request.roleName(), request, SignCsr.Response.builder().format(request.format()));
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<RevokeCertificate.Response> revokeCertificate(RevokeCertificate.Request request) {
        return this.restApi.invokeWithResponse(Http.Method.POST, this.mount + "/revoke", request, RevokeCertificate.Response.builder());
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<GenerateSelfSignedRoot.Response> generateSelfSignedRoot(GenerateSelfSignedRoot.Request request) {
        return this.restApi.post(this.mount + "/root/generate/internal", request, GenerateSelfSignedRoot.Response.builder());
    }

    @Override // io.helidon.integrations.vault.secrets.pki.PkiSecretsRx
    public Single<PkiRole.Response> createOrUpdateRole(PkiRole.Request request) {
        return this.restApi.post(this.mount + "/roles/" + request.roleName(), request, PkiRole.Response.builder());
    }
}
