package io.hops.hopsworks.common.security;

import io.hops.hopsworks.common.util.Settings;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import org.apache.commons.io.FileUtils;
import org.javatuples.Pair;

@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/security/PKI.class */
public class PKI {

    @EJB
    private Settings settings;
    private Map<CAType, String> caPubCertCache = new HashMap();
    static final Logger logger = Logger.getLogger(PKI.class.getName());
    private static final long TEN_YEARS = 3650;

    /* loaded from: input_file:io/hops/hopsworks/common/security/PKI$CAType.class */
    public enum CAType {
        ROOT,
        INTERMEDIATE,
        KUBECA
    }

    public String getCertFileName(CertificateType certificateType, Map<String, String> map) {
        switch (certificateType) {
            case APP:
                return map.get("CN") + "__" + map.get("O") + "__" + map.get("OU");
            case HOST:
                return map.get("CN") + "__" + map.get("OU");
            default:
                return map.get("CN");
        }
    }

    public long getValidityPeriod(CertificateType certificateType) {
        switch (certificateType) {
            case APP:
                return getAppCertificateValidityPeriod();
            case HOST:
                return getServiceCertificateValidityPeriod();
            case DELA:
            case KUBE:
                return TEN_YEARS;
            default:
                throw new IllegalArgumentException("Certificate type not recognized");
        }
    }

    private long getServiceCertificateValidityPeriod() {
        return !this.settings.isServiceKeyRotationEnabled() ? TEN_YEARS : getCertificateValidityInDays(this.settings.getServiceKeyRotationInterval()) + 4;
    }

    private long getAppCertificateValidityPeriod() {
        return getCertificateValidityInDays(this.settings.getApplicationCertificateValidityPeriod());
    }

    private long getCertificateValidityInDays(String str) {
        Long confTimeValue = this.settings.getConfTimeValue(str);
        return TimeUnit.DAYS.convert(confTimeValue.longValue(), this.settings.getConfTimeTimeUnit(str));
    }

    public HashMap<String, String> getKeyValuesFromSubject(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        String[] split = str.split("/");
        HashMap<String, String> hashMap = new HashMap<>();
        for (String str2 : split) {
            String[] split2 = str2.split("=");
            if (split2.length >= 2) {
                hashMap.put(split2[0], split2[1]);
            }
        }
        return hashMap;
    }

    public CAType getResponsibileCA(CertificateType certificateType) {
        switch (AnonymousClass1.$SwitchMap$io$hops$hopsworks$common$security$CertificateType[certificateType.ordinal()]) {
            case 1:
            case 2:
            case 3:
            case Settings.ACCOUNT_VALIDATION_TRIES /* 5 */:
                return CAType.INTERMEDIATE;
            case 4:
                return CAType.KUBECA;
            default:
                throw new IllegalArgumentException("Certificate type not recognized");
        }
    }

    public String getCAParentPath(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return this.settings.getCaDir();
            case INTERMEDIATE:
                return this.settings.getIntermediateCaDir();
            case KUBECA:
                return this.settings.getKubeCAPath();
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public String getCAKeyPassword(CAType cAType) {
        switch (cAType) {
            case ROOT:
            case INTERMEDIATE:
                return this.settings.getHopsworksMasterPasswordSsl();
            case KUBECA:
                return this.settings.getKubeCAPassword();
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public Path getCAConfPath(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return Paths.get(this.settings.getCaDir(), "openssl-ca.cnf");
            case INTERMEDIATE:
                return Paths.get(this.settings.getIntermediateCaDir(), "openssl-intermediate.cnf");
            case KUBECA:
                return Paths.get(this.settings.getKubeCAPath(), "kube-ca.cnf");
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public Path getCACertsDir(CAType cAType) {
        return Paths.get(getCAParentPath(cAType), "certs");
    }

    public Path getCAKeysDir(CAType cAType) {
        return Paths.get(getCAParentPath(cAType), "private");
    }

    public Path getCACRLPath(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return Paths.get(this.settings.getCaDir(), "crl", "ca.crl.pem");
            case INTERMEDIATE:
                return Paths.get(this.settings.getIntermediateCaDir(), "crl", "intermediate.crl.pem");
            case KUBECA:
                return Paths.get(this.settings.getKubeCAPath(), "crl", "kube-ca.crl.pem");
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public String getEffectiveExtensions(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return "v3_intermediate_ca";
            case INTERMEDIATE:
                return "usr_cert";
            case KUBECA:
                return "v3_ext";
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public Path getCertPath(CAType cAType, String str) {
        return Paths.get(getCACertsDir(cAType).toString(), str + CertificatesMgmService.CERTIFICATE_SUFFIX);
    }

    public Path getKeyPath(CAType cAType, String str) {
        return Paths.get(getCAKeysDir(cAType).toString(), str + CertificatesMgmService.CERTIFICATE_SUFFIX);
    }

    public Path getCACertPath(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return getCertPath(cAType, "ca");
            case INTERMEDIATE:
                return getCertPath(cAType, "intermediate");
            case KUBECA:
                return getCertPath(cAType, "kube-ca");
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public Path getChainOfTrustFilePath(CAType cAType) {
        switch (cAType) {
            case ROOT:
                return getCertPath(cAType, "ca");
            case INTERMEDIATE:
                return getCertPath(cAType, "ca-chain");
            case KUBECA:
                return getCertPath(cAType, "ca-chain");
            default:
                throw new IllegalArgumentException("CA type not recognized");
        }
    }

    public Pair<String, String> getChainOfTrust(CAType cAType) throws IOException {
        String str = null;
        if (cAType != CAType.ROOT) {
            str = getCert(cAType);
        }
        return new Pair<>(getCert(CAType.ROOT), str);
    }

    private String getCert(CAType cAType) throws IOException {
        String str = this.caPubCertCache.get(cAType);
        if (str == null) {
            synchronized (this.caPubCertCache) {
                if (this.caPubCertCache.get(cAType) == null) {
                    str = FileUtils.readFileToString(getCACertPath(cAType).toFile());
                    this.caPubCertCache.put(cAType, str);
                }
            }
        }
        return str;
    }
}
