package io.hops.hopsworks.ca.api.certificates;

import com.google.common.base.Strings;
import io.hops.hadoop.shaded.org.jline.console.Printer;
import io.hops.hopsworks.ca.api.filter.Audience;
import io.hops.hopsworks.ca.api.filter.NoCacheResponse;
import io.hops.hopsworks.ca.controllers.CAException;
import io.hops.hopsworks.ca.controllers.CAInitializationException;
import io.hops.hopsworks.ca.controllers.CertificateType;
import io.hops.hopsworks.ca.controllers.PKI;
import io.hops.hopsworks.ca.controllers.PKIUtils;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.operator.OperatorCreationException;

@Api(value = "Host certificate service", description = "Manage host certificates")
@RequestScoped
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/certificates/HostCertsResource.class */
public class HostCertsResource {
    private static final String REVOKE_CERTIFICATES_PATTERN = "^%s__.*__[0-9]+.*";

    @EJB
    private NoCacheResponse noCacheResponse;

    @EJB
    private PKIUtils pkiUtils;

    @EJB
    private PKI pki;

    @Consumes({"application/json"})
    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @ApiOperation(value = "Sing Host CSR with IntermediateHopsCA", response = CSRView.class)
    @POST
    @Produces({"application/json"})
    public Response signCSR(CSRView cSRView) throws CAException {
        if (cSRView == null || cSRView.getCsr() == null || cSRView.getCsr().isEmpty()) {
            throw new IllegalArgumentException("Empty CSR");
        }
        try {
            String convertToPEM = this.pkiUtils.convertToPEM(this.pki.signCertificateSigningRequest(cSRView.getCsr(), CertificateType.HOST, cSRView.getRegion()));
            Pair<String, String> chainOfTrust = this.pki.getChainOfTrust(this.pkiUtils.getResponsibleCA(CertificateType.HOST));
            return this.noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(new GenericEntity<CSRView>(new CSRView(convertToPEM, chainOfTrust.getLeft(), chainOfTrust.getRight())) { // from class: io.hops.hopsworks.ca.api.certificates.HostCertsResource.1
            }).build();
        } catch (CAInitializationException | IOException | GeneralSecurityException | OperatorCreationException e) {
            throw this.pkiUtils.csrSigningExceptionConvertToCAException(e, CertificateType.HOST);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0067 A[Catch: InvalidNameException | CAInitializationException | GeneralSecurityException -> 0x00bf, TryCatch #0 {InvalidNameException | CAInitializationException | GeneralSecurityException -> 0x00bf, blocks: (B:22:0x001d, B:24:0x004f, B:10:0x005e, B:12:0x0067, B:13:0x008a, B:14:0x008b, B:15:0x0093, B:17:0x009d, B:19:0x00b8, B:9:0x0024), top: B:21:0x001d }] */
    /* JADX WARN: Removed duplicated region for block: B:14:0x008b A[Catch: InvalidNameException | CAInitializationException | GeneralSecurityException -> 0x00bf, TryCatch #0 {InvalidNameException | CAInitializationException | GeneralSecurityException -> 0x00bf, blocks: (B:22:0x001d, B:24:0x004f, B:10:0x005e, B:12:0x0067, B:13:0x008a, B:14:0x008b, B:15:0x0093, B:17:0x009d, B:19:0x00b8, B:9:0x0024), top: B:21:0x001d }] */
    @io.hops.hopsworks.jwt.annotation.JWTRequired(acceptedTokens = {io.hops.hopsworks.ca.api.filter.Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @javax.ws.rs.DELETE
    @io.swagger.annotations.ApiOperation("Revoke Host certificate")
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.ws.rs.core.Response revokeCertificate(@javax.ws.rs.QueryParam("certId") @io.swagger.annotations.ApiParam(value = "Identifier of the Certificate to revoke", required = true) java.lang.String r6, @javax.ws.rs.QueryParam("exact") @io.swagger.annotations.ApiParam("Flag whether certId is a full RFC4514 Distinguished Name string") java.lang.Boolean r7) throws io.hops.hopsworks.ca.controllers.CAException {
        /*
            r5 = this;
            r0 = r6
            boolean r0 = com.google.common.base.Strings.isNullOrEmpty(r0)
            if (r0 == 0) goto L11
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Empty certificate identifier"
            r1.<init>(r2)
            throw r0
        L11:
            java.util.ArrayList r0 = new java.util.ArrayList
            r1 = r0
            r1.<init>()
            r8 = r0
            r0 = r7
            if (r0 == 0) goto L24
            r0 = r7
            boolean r0 = r0.booleanValue()     // Catch: java.lang.Throwable -> Lbf
            if (r0 != 0) goto L4f
        L24:
            r0 = r5
            io.hops.hopsworks.ca.controllers.PKIUtils r0 = r0.pkiUtils     // Catch: java.lang.Throwable -> Lbf
            r1 = r6
            io.hops.hopsworks.ca.controllers.CertificateType r2 = io.hops.hopsworks.ca.controllers.CertificateType.HOST     // Catch: java.lang.Throwable -> Lbf
            org.bouncycastle.asn1.x500.X500Name r0 = r0.parseCertificateSubjectName(r1, r2)     // Catch: java.lang.Throwable -> Lbf
            r9 = r0
            r0 = r5
            io.hops.hopsworks.ca.controllers.PKIUtils r0 = r0.pkiUtils     // Catch: java.lang.Throwable -> Lbf
            r1 = r9
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> Lbf
            java.util.List r0 = r0.findAllValidSubjectsWithPartialMatch(r1)     // Catch: java.lang.Throwable -> Lbf
            r10 = r0
            r0 = r10
            r1 = r8
            javax.ws.rs.core.Response r1 = (v1) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                lambda$revokeCertificate$0(r1, v1);
            }     // Catch: java.lang.Throwable -> Lbf
            r0.forEach(r1)     // Catch: java.lang.Throwable -> Lbf
            goto L5e
        L4f:
            r0 = r8
            org.bouncycastle.asn1.x500.X500Name r1 = new org.bouncycastle.asn1.x500.X500Name     // Catch: java.lang.Throwable -> Lbf
            r2 = r1
            r3 = r6
            r2.<init>(r3)     // Catch: java.lang.Throwable -> Lbf
            boolean r0 = r0.add(r1)     // Catch: java.lang.Throwable -> Lbf
        L5e:
            r0 = r8
            boolean r0 = r0.isEmpty()     // Catch: java.lang.Throwable -> Lbf
            if (r0 == 0) goto L8b
            io.hops.hopsworks.ca.controllers.CertificateNotFoundException r0 = new io.hops.hopsworks.ca.controllers.CertificateNotFoundException     // Catch: java.lang.Throwable -> Lbf
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lbf
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> Lbf
            java.lang.String r3 = "Could not find a VALID certificate with ID: "
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lbf
            r3 = r6
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lbf
            java.lang.String r3 = " Is exact X509 Name: "
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lbf
            r3 = r7
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> Lbf
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> Lbf
            r1.<init>(r2)     // Catch: java.lang.Throwable -> Lbf
            throw r0     // Catch: java.lang.Throwable -> Lbf
        L8b:
            r0 = r8
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Throwable -> Lbf
            r9 = r0
        L93:
            r0 = r9
            boolean r0 = r0.hasNext()     // Catch: java.lang.Throwable -> Lbf
            if (r0 == 0) goto Lb8
            r0 = r9
            java.lang.Object r0 = r0.next()     // Catch: java.lang.Throwable -> Lbf
            org.bouncycastle.asn1.x500.X500Name r0 = (org.bouncycastle.asn1.x500.X500Name) r0     // Catch: java.lang.Throwable -> Lbf
            r10 = r0
            r0 = r5
            io.hops.hopsworks.ca.controllers.PKI r0 = r0.pki     // Catch: java.lang.Throwable -> Lbf
            r1 = r10
            io.hops.hopsworks.ca.controllers.CertificateType r2 = io.hops.hopsworks.ca.controllers.CertificateType.HOST     // Catch: java.lang.Throwable -> Lbf
            r0.revokeCertificate(r1, r2)     // Catch: java.lang.Throwable -> Lbf
            goto L93
        Lb8:
            javax.ws.rs.core.Response$ResponseBuilder r0 = javax.ws.rs.core.Response.ok()     // Catch: java.lang.Throwable -> Lbf
            javax.ws.rs.core.Response r0 = r0.build()     // Catch: java.lang.Throwable -> Lbf
            return r0
        Lbf:
            r9 = move-exception
            r0 = r5
            io.hops.hopsworks.ca.controllers.PKIUtils r0 = r0.pkiUtils
            r1 = r9
            io.hops.hopsworks.ca.controllers.CertificateType r2 = io.hops.hopsworks.ca.controllers.CertificateType.HOST
            io.hops.hopsworks.ca.controllers.CAException r0 = r0.certificateRevocationExceptionConvertToCAException(r1, r2)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.hops.hopsworks.ca.api.certificates.HostCertsResource.revokeCertificate(java.lang.String, java.lang.Boolean):javax.ws.rs.core.Response");
    }

    @Path(Printer.ALL)
    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @DELETE
    @ApiOperation("Revoke all Host certificates")
    public Response revokeCertificateGlob(@QueryParam("hostname") @ApiParam(value = "Hostname of the node to revoke certificates for", required = true) String str) throws CAException {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Empty hostname to revoke");
        }
        try {
            Iterator<String> it = this.pkiUtils.findAllHostCertificateSubjectsForHost(str).iterator();
            while (it.hasNext()) {
                this.pki.revokeCertificate(new X500Name(it.next()), CertificateType.HOST);
            }
            return Response.ok().build();
        } catch (CAInitializationException | GeneralSecurityException e) {
            throw this.pkiUtils.certificateRevocationExceptionConvertToCAException(e, CertificateType.HOST);
        }
    }
}
