package io.hops.hopsworks.ca.api.certificates;

import com.google.common.base.Strings;
import io.hops.hopsworks.ca.api.filter.Audience;
import io.hops.hopsworks.ca.api.filter.NoCacheResponse;
import io.hops.hopsworks.ca.controllers.CAException;
import io.hops.hopsworks.ca.controllers.CertificateType;
import io.hops.hopsworks.ca.controllers.OpensslOperations;
import io.hops.hopsworks.ca.controllers.PKI;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.GenericEntity;
import javax.ws.rs.core.Response;
import org.javatuples.Pair;

@Api(value = "App certificate service", description = "Manage App certificates")
@RequestScoped
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/certificates/AppCertsResource.class */
public class AppCertsResource {

    @EJB
    private OpensslOperations opensslOperations;

    @EJB
    private NoCacheResponse noCacheResponse;

    @EJB
    private PKI pki;

    @Consumes({"application/json"})
    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @ApiOperation(value = "Sign App certificate with IntermediateHopsCA", response = CSRView.class)
    @POST
    @Produces({"application/json"})
    public Response signCSR(CSRView cSRView) throws IOException, CAException {
        if (cSRView == null || Strings.isNullOrEmpty(cSRView.getCsr())) {
            throw new IllegalArgumentException("Empty CSR");
        }
        String signCertificateRequest = this.opensslOperations.signCertificateRequest(cSRView.getCsr(), CertificateType.APP);
        Pair<String, String> chainOfTrust = this.pki.getChainOfTrust(this.pki.getResponsibileCA(CertificateType.APP));
        return this.noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(new GenericEntity<CSRView>(new CSRView(signCertificateRequest, chainOfTrust.getValue0(), chainOfTrust.getValue1())) { // from class: io.hops.hopsworks.ca.api.certificates.AppCertsResource.1
        }).build();
    }

    @JWTRequired(acceptedTokens = {Audience.SERVICES}, allowedUserRoles = {"AGENT"})
    @ApiOperation("Revoke App certificate")
    @DELETE
    public Response revokeCertificate(@QueryParam("certId") @ApiParam(value = "Identifier of the Certificate to revoke", required = true) String str) throws IOException, CAException {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Empty certificate identifier");
        }
        this.opensslOperations.revokeCertificate(str, CertificateType.APP);
        return Response.ok().build();
    }
}
