package com.yahoo.athenz.instance.provider.impl;

import com.yahoo.athenz.instance.provider.InstanceProvider;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/instance/provider/impl/InstanceUtils.class */
public class InstanceUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(InstanceUtils.class);
    static final String ZTS_CERT_INSTANCE_ID = ".instanceid.athenz.";
    static final String ZTS_CERT_INSTANCE_ID_URI = "athenz://instanceid/";

    public static String getInstanceProperty(Map<String, String> map, String str) {
        if (map == null) {
            LOGGER.debug("getInstanceProperty: no attributes available");
            return null;
        }
        String str2 = map.get(str);
        if (str2 != null) {
            return str2;
        }
        LOGGER.debug("getInstanceProperty: {} attribute not available", str);
        return null;
    }

    public static boolean validateCertRequestSanDnsNames(Map<String, String> map, String str, String str2, Set<String> set, StringBuilder sb) {
        if (set == null || set.isEmpty()) {
            LOGGER.error("No Cloud Provider DNS suffix specified for validation");
            return false;
        }
        String instanceProperty = getInstanceProperty(map, InstanceProvider.ZTS_INSTANCE_SAN_DNS);
        if (instanceProperty == null || instanceProperty.isEmpty()) {
            LOGGER.error("Request contains no SAN DNS entries for validation");
            return false;
        }
        HashSet hashSet = new HashSet();
        String replace = str.replace('.', '-');
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(str2 + "." + replace + "." + it.next());
        }
        boolean z = false;
        boolean z2 = false;
        for (String str3 : instanceProperty.split(",")) {
            int indexOf = str3.indexOf(ZTS_CERT_INSTANCE_ID);
            if (indexOf != -1) {
                sb.append((CharSequence) str3, 0, indexOf);
                if (!set.contains(str3.substring(indexOf + ZTS_CERT_INSTANCE_ID.length()))) {
                    LOGGER.error("Host: {} does not have expected instance id format", str3);
                    return false;
                }
                z2 = true;
            } else {
                if (!hashSet.contains(str3)) {
                    LOGGER.error("Unable to verify SAN DNS entry: {}", str3);
                    return false;
                }
                z = true;
            }
        }
        if (!z) {
            LOGGER.error("Request does not contain expected host SAN DNS entry");
            return false;
        }
        if (z2 || validateCertRequestUriId(map, sb)) {
            return true;
        }
        LOGGER.error("Request does not contain expected instance id entry");
        return false;
    }

    public static boolean validateCertRequestUriId(Map<String, String> map, StringBuilder sb) {
        int indexOf;
        String instanceProperty = getInstanceProperty(map, InstanceProvider.ZTS_INSTANCE_SAN_URI);
        if (instanceProperty == null || instanceProperty.isEmpty()) {
            LOGGER.error("Request contains no SAN URI entries for validation");
            return false;
        }
        for (String str : instanceProperty.split(",")) {
            if (str.startsWith(ZTS_CERT_INSTANCE_ID_URI) && (indexOf = str.indexOf(47, ZTS_CERT_INSTANCE_ID_URI.length())) != -1) {
                String substring = str.substring(indexOf + 1);
                if (substring.isEmpty()) {
                    LOGGER.error("Empty instance uri provided in uri: {}", str);
                    return false;
                }
                sb.append(substring);
                return true;
            }
        }
        return false;
    }
}
