package io.hops.hopsworks.ca.api.certificates;

import io.hops.hopsworks.api.auth.key.ApiKeyRequired;
import io.hops.hopsworks.ca.api.filter.Audience;
import io.hops.hopsworks.ca.api.filter.NoCacheResponse;
import io.hops.hopsworks.ca.controllers.CAException;
import io.hops.hopsworks.ca.controllers.PKI;
import io.hops.hopsworks.ca.controllers.PKIUtils;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.hops.hopsworks.persistence.entity.pki.PKICertificate;
import io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.ejb.EJB;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.GenericEntity;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.security.GeneralSecurityException;

@Path("/certificate")
@Stateless
@Tag(name = "CertificatesResource", description = "Certificate Management API")
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/certificates/CertificatesResource.class */
public class CertificatesResource {

    @Inject
    private HostCertsResource hostCertsResource;

    @Inject
    private AppCertsResource appCertsResource;

    @Inject
    private KubeCertsResource kubeCertsResource;

    @Inject
    private ProjectCertsResource projectCertsResource;

    @Inject
    private CRLResource crlResource;

    @EJB
    private PKI pki;

    @EJB
    private PKIUtils pkiUtils;

    @EJB
    private NoCacheResponse noCacheResponse;

    @Path("/host")
    public HostCertsResource getHostCertsResource() {
        return this.hostCertsResource;
    }

    @Path("/app")
    public AppCertsResource getAppCertsResource() {
        return this.appCertsResource;
    }

    @Path("/kube")
    public KubeCertsResource getKubeCertsResource() {
        return this.kubeCertsResource;
    }

    @Path("/project")
    public ProjectCertsResource getProjectCertsResource() {
        return this.projectCertsResource;
    }

    @Path("/crl")
    public CRLResource getCrlResource() {
        return this.crlResource;
    }

    @Produces({"application/json"})
    @JWTRequired(acceptedTokens = {Audience.SERVICES, Audience.API}, allowedUserRoles = {"HOPS_ADMIN"})
    @Operation(summary = "Get x509 certificate in pem format", responses = {@ApiResponse(content = {@Content(schema = @Schema(implementation = CSRView.class))}, description = "CSRView")})
    @ApiKeyRequired(acceptedScopes = {ApiScope.AUTH}, allowedUserRoles = {"HOPS_ADMIN", "AGENT"})
    @GET
    @Path("/{name}")
    public Response getCertificate(@Parameter(description = "X.500 name of the Certificate", required = true) @PathParam("name") String str, @Parameter(description = "Status of certificate", required = true, schema = @Schema(allowableValues = {"VALID, REVOKED, EXPIRED"})) @QueryParam("status") PKICertificate.Status status) throws CAException, IOException {
        try {
            return this.noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(new GenericEntity<CSRView>(new CSRView(this.pkiUtils.convertToPEM(this.pki.loadCertificate(str, status)), null, null)) { // from class: io.hops.hopsworks.ca.api.certificates.CertificatesResource.1
            }).build();
        } catch (GeneralSecurityException e) {
            throw this.pkiUtils.certificateLoadingExceptionConvertToCAException(e);
        }
    }

    @GET
    @Path("/ready")
    public Response caReady() {
        return System.getProperty("io.hops.hopsworks.ca.readyToSign", "true").equalsIgnoreCase("false") ? Response.status(423).build() : Response.ok().build();
    }
}
