package io.hops.hopsworks.common.proxies;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.google.common.base.Strings;
import io.hops.hopsworks.common.proxies.client.HttpClient;
import io.hops.hopsworks.common.proxies.client.HttpRetryableAction;
import io.hops.hopsworks.common.proxies.client.NotRetryableClientProtocolException;
import io.hops.hopsworks.common.security.CSR;
import io.hops.hopsworks.common.util.Settings;
import io.hops.hopsworks.exceptions.CAException;
import io.hops.hopsworks.exceptions.GenericException;
import io.hops.hopsworks.exceptions.HopsSecurityException;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/proxies/CAProxy.class */
public class CAProxy {
    private static final Logger LOG = Logger.getLogger(CAProxy.class.getName());
    private static final String CONTENT_TYPE_JSON = "application/json; charset=utf-8";
    private static final String CA_BASE_PATH = "/hopsworks-ca/v2/certificate/";
    private static final String CERTIFICATE_IDENTIFIER = "certId";
    private static final String HOSTNAME = "hostname";
    private ObjectMapper objectMapper;
    private ResponseHandler<CSR> CA_SIGN_RESPONSE_HANDLER = new CASignCSRResponseHandler();
    private ResponseHandler<Void> CA_REVOKE_RESPONSE_HANDLER = new CARevokeX509ResponseHandler();

    @EJB
    private HttpClient client;

    @EJB
    private Settings settings;

    /* loaded from: input_file:io/hops/hopsworks/common/proxies/CAProxy$CARevokeX509ResponseHandler.class */
    private class CARevokeX509ResponseHandler implements ResponseHandler<Void> {
        private CARevokeX509ResponseHandler() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.http.client.ResponseHandler
        public Void handleResponse(HttpResponse httpResponse) throws ClientProtocolException, IOException {
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            if (200 == statusCode) {
                return null;
            }
            if (204 == statusCode) {
                throw new NotRetryableClientProtocolException((Throwable) new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_NOT_FOUND, Level.WARNING));
            }
            if (400 == statusCode) {
                throw new NotRetryableClientProtocolException((Throwable) CAProxy.this.constructHopsSecurityException(httpResponse, RESTCodes.SecurityErrorCode.CERTIFICATE_REVOKATION_USER_ERR, Level.FINE));
            }
            throw new ClientProtocolException("Temporary error while revoking certificate, HTTP status: " + statusCode);
        }
    }

    /* loaded from: input_file:io/hops/hopsworks/common/proxies/CAProxy$CASignCSRResponseHandler.class */
    private class CASignCSRResponseHandler implements ResponseHandler<CSR> {
        private CASignCSRResponseHandler() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.http.client.ResponseHandler
        public CSR handleResponse(HttpResponse httpResponse) throws ClientProtocolException, IOException {
            int statusCode = httpResponse.getStatusLine().getStatusCode();
            if (statusCode / 100 == 4) {
                throw new NotRetryableClientProtocolException((Throwable) constructSignHopsSecurityException(httpResponse));
            }
            if (statusCode / 100 != 2) {
                throw new ClientProtocolException((Throwable) constructSignHopsSecurityException(httpResponse));
            }
            return (CSR) CAProxy.this.objectMapper.readValue(EntityUtils.toString(httpResponse.getEntity(), Charset.defaultCharset()), CSR.class);
        }

        private HopsSecurityException constructSignHopsSecurityException(HttpResponse httpResponse) throws IOException {
            return CAProxy.this.constructHopsSecurityException(httpResponse, RESTCodes.SecurityErrorCode.CERTIFICATE_SIGN_USER_ERR, Level.FINE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/hops/hopsworks/common/proxies/CAProxy$CA_PATH.class */
    public enum CA_PATH {
        PROJECT_CA_PATH("/hopsworks-ca/v2/certificate/project"),
        DELA_CA_PATH("/hopsworks-ca/v2/certificate/dela"),
        HOST_CA_PATH("/hopsworks-ca/v2/certificate/host");

        private final String path;

        CA_PATH(String str) {
            this.path = str;
        }
    }

    @PostConstruct
    public void init() {
        this.objectMapper = new ObjectMapper();
        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        this.objectMapper.configure(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES, false);
        SimpleModule simpleModule = new SimpleModule();
        simpleModule.addDeserializer(CAException.class, new CAExceptionDeserializer());
        this.objectMapper.registerModule(simpleModule);
    }

    public CSR signProjectCSR(CSR csr) throws HopsSecurityException, GenericException {
        return signCSR(csr, CA_PATH.PROJECT_CA_PATH);
    }

    public CSR signDelaCSR(CSR csr) throws HopsSecurityException, GenericException {
        return signCSR(csr, CA_PATH.DELA_CA_PATH);
    }

    private CSR signCSR(CSR csr, CA_PATH ca_path) throws HopsSecurityException, GenericException {
        try {
            String writeValueAsString = this.objectMapper.writeValueAsString(csr);
            final HttpPost httpPost = new HttpPost(ca_path.path);
            httpPost.setHeader("Content-Type", CONTENT_TYPE_JSON);
            this.client.setAuthorizationHeader(httpPost);
            httpPost.setEntity(new StringEntity(writeValueAsString));
            return new HttpRetryableAction<CSR>() { // from class: io.hops.hopsworks.common.proxies.CAProxy.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.hops.hopsworks.common.proxies.client.HttpRetryableAction
                public CSR performAction() throws ClientProtocolException, IOException {
                    return (CSR) CAProxy.this.client.execute(httpPost, CAProxy.this.CA_SIGN_RESPONSE_HANDLER);
                }
            }.tryAction();
        } catch (JsonProcessingException e) {
            throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CSR_ERROR, Level.SEVERE, (String) null, (String) null, e);
        } catch (ClientProtocolException e2) {
            LOG.log(Level.SEVERE, "Could not sign CSR", (Throwable) e2);
            throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CSR_ERROR, Level.SEVERE, (String) null, (String) null, e2.getCause());
        } catch (IOException e3) {
            LOG.log(Level.SEVERE, "Could not sign CSR", (Throwable) e3);
            throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, "Generic error while signing CSR", (String) null, e3);
        }
    }

    public void revokeProjectX509(String str) throws HopsSecurityException, GenericException {
        revokeX509(CERTIFICATE_IDENTIFIER, str, CA_PATH.PROJECT_CA_PATH.path);
    }

    public void revokeDelaX509(String str) throws HopsSecurityException, GenericException {
        revokeX509(CERTIFICATE_IDENTIFIER, str, CA_PATH.DELA_CA_PATH.path);
    }

    public void revokeHostX509(String str) throws HopsSecurityException, GenericException {
        revokeX509(HOSTNAME, str, CA_PATH.HOST_CA_PATH.path + "/all");
    }

    private void revokeX509(String str, String str2, String str3) throws HopsSecurityException, GenericException {
        if (Strings.isNullOrEmpty(str2)) {
            throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_NOT_FOUND, Level.SEVERE, (String) null, "Certificate parameter value cannot be null or empty");
        }
        try {
            final HttpDelete httpDelete = new HttpDelete(new URIBuilder(str3).addParameter(str, str2).build());
            this.client.setAuthorizationHeader(httpDelete);
            new HttpRetryableAction<Void>() { // from class: io.hops.hopsworks.common.proxies.CAProxy.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.hops.hopsworks.common.proxies.client.HttpRetryableAction
                public Void performAction() throws ClientProtocolException, IOException {
                    return (Void) CAProxy.this.client.execute(httpDelete, CAProxy.this.CA_REVOKE_RESPONSE_HANDLER);
                }
            }.tryAction();
        } catch (URISyntaxException e) {
            throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, (String) null, (String) null, e);
        } catch (ClientProtocolException e2) {
            LOG.log(Level.WARNING, "Could not revoke X.509 " + str2, (Throwable) e2);
            if (!(e2.getCause() instanceof HopsSecurityException)) {
                throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_REVOKATION_ERROR, Level.WARNING, (String) null, (String) null, e2);
            }
            throw e2.getCause();
        } catch (IOException e3) {
            LOG.log(Level.SEVERE, "Could not revoke X.509 " + str2, (Throwable) e3);
            throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, "Generic error while revoking X.509", (String) null, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HopsSecurityException constructHopsSecurityException(HttpResponse httpResponse, RESTCodes.SecurityErrorCode securityErrorCode, Level level) throws IOException {
        CAException cAException = (CAException) this.objectMapper.readValue(httpResponse.getEntity().getContent(), CAException.class);
        return new HopsSecurityException(securityErrorCode, level, cAException.getUsrMsg(), cAException.getDevMsg());
    }
}
