package io.hops.hopsworks.common.git;

import io.hops.hopsworks.api.auth.UserUtilities;
import io.hops.hopsworks.common.jupyter.JupyterJWTManager;
import io.hops.hopsworks.common.util.DateUtils;
import io.hops.hopsworks.common.util.Settings;
import io.hops.hopsworks.exceptions.GitOpException;
import io.hops.hopsworks.jwt.JWTController;
import io.hops.hopsworks.jwt.SignatureAlgorithm;
import io.hops.hopsworks.jwt.exception.DuplicateSigningKeyException;
import io.hops.hopsworks.jwt.exception.SigningKeyNotFoundException;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import java.util.logging.Level;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import org.apache.commons.io.FileUtils;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/git/GitJWTManager.class */
public class GitJWTManager {

    @EJB
    private JWTController jwtController;

    @EJB
    private Settings settings;

    @EJB
    private UserUtilities userUtilities;
    private final String TOKEN_FILE_NAME = JupyterJWTManager.TOKEN_FILE_NAME;

    @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
    public void materializeJWT(Users users, String str) throws GitOpException {
        try {
            FileUtils.writeStringToFile(getTokenFullPath(str).toFile(), createTokenForGitContainer(users, LocalDateTime.now().plus(this.settings.getGitJwtExpMs(), (TemporalUnit) ChronoUnit.MILLIS)));
        } catch (IOException e) {
            throw new GitOpException(RESTCodes.GitOpErrorCode.JWT_MATERIALIZATION_ERROR, Level.SEVERE, "Failed to materialize jwt", e.getMessage(), e);
        }
    }

    @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
    public String createGitContainerJWT(Users users) throws GitOpException {
        return createTokenForGitContainer(users, LocalDateTime.now().plus(this.settings.getGitJwtExpMs(), (TemporalUnit) ChronoUnit.MILLIS));
    }

    private String createTokenForGitContainer(Users users, LocalDateTime localDateTime) throws GitOpException {
        return createTokenForGitContainer(users.getUsername(), (String[]) this.userUtilities.getUserRoles(users).toArray(new String[1]), localDateTime);
    }

    private String createTokenForGitContainer(String str, String[] strArr, LocalDateTime localDateTime) throws GitOpException {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("roles", strArr);
            hashMap.put("renewable", false);
            return this.jwtController.createToken(this.settings.getJWTSigningKeyName(), false, this.settings.getJWTIssuer(), new String[]{"api", Settings.OPENSEARCH_GIT_INDEX}, DateUtils.localDateTime2Date(localDateTime), DateUtils.localDateTime2Date(DateUtils.getNow()), str, hashMap, SignatureAlgorithm.valueOf(this.settings.getJWTSignatureAlg()));
        } catch (DuplicateSigningKeyException | NoSuchAlgorithmException | SigningKeyNotFoundException e) {
            throw new GitOpException(RESTCodes.GitOpErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Failed to create jwt token for git", e.getMessage(), e);
        }
    }

    public Path getTokenFullPath(String str) {
        return Paths.get(str, JupyterJWTManager.TOKEN_FILE_NAME);
    }
}
