package io.hops.hopsworks.ca.api.certificates;

import com.google.common.base.Strings;
import io.hops.hopsworks.ca.api.filter.Audience;
import io.hops.hopsworks.ca.api.filter.NoCacheResponse;
import io.hops.hopsworks.ca.controllers.CAException;
import io.hops.hopsworks.ca.controllers.CAInitializationException;
import io.hops.hopsworks.ca.controllers.CertificateType;
import io.hops.hopsworks.ca.controllers.PKI;
import io.hops.hopsworks.ca.controllers.PKIUtils;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.naming.InvalidNameException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.operator.OperatorCreationException;

@Api(value = "Project certificate service", description = "Manage Project certificates")
@RequestScoped
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/certificates/ProjectCertsResource.class */
public class ProjectCertsResource {

    @EJB
    private NoCacheResponse noCacheResponse;

    @EJB
    private PKIUtils pkiUtils;

    @EJB
    private PKI pki;

    @Consumes({"application/json"})
    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @ApiOperation(value = "Sign Project certificate with IntermediateHopsCA", response = CSRView.class)
    @POST
    @Produces({"application/json"})
    public Response signCSR(CSRView cSRView) throws IOException, CAException {
        if (cSRView == null || Strings.isNullOrEmpty(cSRView.getCsr())) {
            throw new IllegalArgumentException("Empty CSR");
        }
        try {
            String convertToPEM = this.pkiUtils.convertToPEM(this.pki.signCertificateSigningRequest(cSRView.getCsr(), CertificateType.PROJECT, null));
            Pair<String, String> chainOfTrust = this.pki.getChainOfTrust(this.pkiUtils.getResponsibleCA(CertificateType.PROJECT));
            return this.noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(new GenericEntity<CSRView>(new CSRView(convertToPEM, chainOfTrust.getLeft(), chainOfTrust.getRight())) { // from class: io.hops.hopsworks.ca.api.certificates.ProjectCertsResource.1
            }).build();
        } catch (CAInitializationException | IOException | GeneralSecurityException | OperatorCreationException e) {
            throw this.pkiUtils.csrSigningExceptionConvertToCAException(e, CertificateType.PROJECT);
        }
    }

    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @ApiOperation("Revoke Project certificate")
    @DELETE
    public Response revokeCertificate(@QueryParam("certId") @ApiParam(value = "Identifier of the Certificate to revoke", required = true) String str) throws IOException, CAException {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Empty certificate identifier");
        }
        try {
            this.pki.revokeCertificate(str, CertificateType.PROJECT);
            return Response.ok().build();
        } catch (InvalidNameException | CAInitializationException | GeneralSecurityException e) {
            throw this.pkiUtils.certificateRevocationExceptionConvertToCAException(e, CertificateType.PROJECT);
        }
    }
}
