package io.hops.hopsworks.ca.api.certificates;

import io.hops.hopsworks.api.auth.key.ApiKeyRequired;
import io.hops.hopsworks.ca.api.filter.Audience;
import io.hops.hopsworks.ca.api.filter.NoCacheResponse;
import io.hops.hopsworks.ca.controllers.CAException;
import io.hops.hopsworks.ca.controllers.PKI;
import io.hops.hopsworks.ca.controllers.PKIUtils;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.hops.hopsworks.persistence.entity.pki.PKICertificate;
import io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.Response;

@Api(value = "Certificate Management", description = "Certificate Management API")
@Path("/certificate")
@Stateless
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/certificates/CertificatesResource.class */
public class CertificatesResource {

    @Inject
    private HostCertsResource hostCertsResource;

    @Inject
    private AppCertsResource appCertsResource;

    @Inject
    private KubeCertsResource kubeCertsResource;

    @Inject
    private ProjectCertsResource projectCertsResource;

    @Inject
    private CRLResource crlResource;

    @EJB
    private PKI pki;

    @EJB
    private PKIUtils pkiUtils;

    @EJB
    private NoCacheResponse noCacheResponse;

    @Path("/host")
    public HostCertsResource getHostCertsResource() {
        return this.hostCertsResource;
    }

    @Path("/app")
    public AppCertsResource getAppCertsResource() {
        return this.appCertsResource;
    }

    @Path("/kube")
    public KubeCertsResource getKubeCertsResource() {
        return this.kubeCertsResource;
    }

    @Path("/project")
    public ProjectCertsResource getProjectCertsResource() {
        return this.projectCertsResource;
    }

    @Path("/crl")
    public CRLResource getCrlResource() {
        return this.crlResource;
    }

    @GET
    @Path("/{name}")
    @JWTRequired(acceptedTokens = {Audience.SERVICES, Audience.API}, allowedUserRoles = {"HOPS_ADMIN"})
    @ApiOperation(value = "Get x509 certificate in pem format", response = CSRView.class)
    @ApiKeyRequired(acceptedScopes = {ApiScope.AUTH}, allowedUserRoles = {"HOPS_ADMIN", "AGENT"})
    @Produces({"application/json"})
    public Response getCertificate(@PathParam("name") @ApiParam(value = "X.500 name of the Certificate", required = true) String str, @QueryParam("status") @ApiParam(value = "Status of certificate", required = true, allowableValues = "VALID, REVOKED, EXPIRED") PKICertificate.Status status) throws CAException, IOException {
        try {
            return this.noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(new GenericEntity<CSRView>(new CSRView(this.pkiUtils.convertToPEM(this.pki.loadCertificate(str, status)), null, null)) { // from class: io.hops.hopsworks.ca.api.certificates.CertificatesResource.1
            }).build();
        } catch (GeneralSecurityException e) {
            throw this.pkiUtils.certificateLoadingExceptionConvertToCAException(e);
        }
    }

    @GET
    @Path("/ready")
    public Response caReady() {
        return System.getProperty("io.hops.hopsworks.ca.readyToSign", "true").equalsIgnoreCase("false") ? Response.status(423).build() : Response.ok().build();
    }
}
