package io.hops.hopsworks.common.security;

import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.dao.user.Users;
import io.hops.hopsworks.common.dao.user.cluster.ClusterCert;
import io.hops.hopsworks.common.dao.user.cluster.ClusterCertFacade;
import io.hops.hopsworks.common.exception.RESTCodes;
import java.io.IOException;
import java.util.HashMap;
import java.util.logging.Level;
import javax.ejb.EJB;
import javax.ejb.Stateless;

@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/security/DelaTrackerCertController.class */
public class DelaTrackerCertController {

    @EJB
    private ClusterCertFacade clusterCertFacade;

    @EJB
    private OpensslOperations opensslOperations;

    @EJB
    private UserFacade userFacade;

    @EJB
    private PKI pki;

    public String signCsr(String str, String str2) throws IOException, DelaCSRCheckException {
        ClusterCert checkCSR = checkCSR(str, str2);
        String signCertificateRequest = this.opensslOperations.signCertificateRequest(str2, CertificateType.DELA);
        checkCSR.setSerialNumber(getSerialNumFromCert(signCertificateRequest));
        this.clusterCertFacade.update(checkCSR);
        return signCertificateRequest;
    }

    private ClusterCert checkCSR(String str, String str2) throws IOException, DelaCSRCheckException {
        Users findByEmail = this.userFacade.findByEmail(str);
        if (findByEmail == null || findByEmail.getEmail() == null || str2 == null || str2.isEmpty()) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.BADREQUEST, Level.FINE);
        }
        HashMap<String, String> keyValuesFromSubject = this.pki.getKeyValuesFromSubject(this.opensslOperations.getSubjectFromCSR(str2));
        String str3 = keyValuesFromSubject.get("emailAddress");
        String str4 = keyValuesFromSubject.get("CN");
        String str5 = keyValuesFromSubject.get("O");
        String str6 = keyValuesFromSubject.get("OU");
        if (str3 == null || str3.isEmpty() || !str3.equals(findByEmail.getEmail())) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.EMAIL, Level.FINE);
        }
        if (str4 == null || str4.isEmpty()) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.CN, Level.FINE);
        }
        if (str5 == null || str5.isEmpty()) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.O, Level.FINE);
        }
        if (str6 == null || str6.isEmpty()) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.OU, Level.FINE);
        }
        ClusterCert byOrgUnitNameAndOrgName = this.clusterCertFacade.getByOrgUnitNameAndOrgName(str5, str6);
        if (byOrgUnitNameAndOrgName == null) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.NOTFOUND, Level.FINE);
        }
        if (byOrgUnitNameAndOrgName.getSerialNumber() != null && !byOrgUnitNameAndOrgName.getSerialNumber().isEmpty()) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.SERIALNUMBER, Level.FINE);
        }
        if (!byOrgUnitNameAndOrgName.getCommonName().equals(str4)) {
            throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.CNNOTFOUND, Level.FINE);
        }
        if (byOrgUnitNameAndOrgName.getAgentId().equals(findByEmail)) {
            return byOrgUnitNameAndOrgName;
        }
        throw new DelaCSRCheckException(RESTCodes.DelaCSRErrorCode.AGENTIDNOTFOUND, Level.FINE);
    }

    private String getSerialNumFromCert(String str) throws IOException {
        String[] split = this.opensslOperations.getSerialNumberFromCert(str).split("=");
        if (split.length < 2) {
            throw new IOException("Failed to get serial number from cert.");
        }
        return split[1];
    }
}
