package io.hops.hopsworks.common.opensearch;

import io.hops.hopsworks.common.dao.project.team.ProjectTeamFacade;
import io.hops.hopsworks.common.hdfs.inode.InodeController;
import io.hops.hopsworks.common.util.Settings;
import io.hops.hopsworks.exceptions.OpenSearchException;
import io.hops.hopsworks.jwt.JWTController;
import io.hops.hopsworks.jwt.SignatureAlgorithm;
import io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException;
import io.hops.hopsworks.jwt.exception.SigningKeyNotFoundException;
import io.hops.hopsworks.persistence.entity.hdfs.inode.Inode;
import io.hops.hopsworks.persistence.entity.project.Project;
import io.hops.hopsworks.persistence.entity.project.team.ProjectRoleTypes;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.restutils.RESTCodes;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashMap;
import java.util.Optional;
import java.util.logging.Level;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/opensearch/OpenSearchJWTController.class */
public class OpenSearchJWTController {

    @EJB
    private JWTController jwtController;

    @EJB
    private Settings settings;

    @EJB
    private ProjectTeamFacade projectTeamFacade;

    @EJB
    private InodeController inodeController;

    public String getSigningKeyForELK() throws OpenSearchException {
        try {
            return this.jwtController.getSigningKeyForELK(SignatureAlgorithm.valueOf(this.settings.getJWTSignatureAlg()));
        } catch (NoSuchAlgorithmException e) {
            throw new OpenSearchException(RESTCodes.OpenSearchErrorCode.SIGNING_KEY_ERROR, Level.SEVERE, "Failed to get elk signing key", e.getMessage(), e);
        }
    }

    public String createTokenForELK(Users users, Project project) throws OpenSearchException {
        return createTokenForELK(project, this.projectTeamFacade.findCurrentRole(project, users));
    }

    public String createTokenForELKAsDataOwner(Project project) throws OpenSearchException {
        return createTokenForELK(project, ProjectRoleTypes.DATA_OWNER.getRole());
    }

    public String createTokenForELKAsAdmin() throws OpenSearchException {
        return createTokenForELK(this.settings.getOpenSearchAdminUser(), Optional.empty(), "admin");
    }

    public String createTokenForELKServices() throws OpenSearchException {
        return createTokenForELK(this.settings.getOpenSearchServiceLogUser(), Optional.empty(), "service_log_viewer");
    }

    private String createTokenForELK(Project project, String str) throws OpenSearchException {
        Inode projectRoot = this.inodeController.getProjectRoot(project.getName());
        return createTokenForELK(project.getName(), Optional.of(projectRoot.getId()), OpenSearchUtils.getValidRole(str));
    }

    private String createTokenForELK(String str, Optional<Long> optional, String str2) throws OpenSearchException {
        SignatureAlgorithm valueOf = SignatureAlgorithm.valueOf(this.settings.getJWTSignatureAlg());
        Date date = new Date(System.currentTimeMillis() + this.settings.getOpenSearchJwtExpMs());
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("roles", str2);
            hashMap.put("pn", OpenSearchUtils.getProjectNameWithNoSpecialCharacters(str));
            if (optional.isPresent()) {
                hashMap.put("piid", optional.get());
            }
            return this.jwtController.createTokenForELK(str, this.settings.getJWTIssuer(), hashMap, date, valueOf);
        } catch (DuplicateSigningKeyException | NoSuchAlgorithmException | SigningKeyNotFoundException e) {
            throw new OpenSearchException(RESTCodes.OpenSearchErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Failed to create jwt token for elk", e.getMessage(), e);
        }
    }
}
