package com.yahoo.athenz.instance.provider.impl;

import com.yahoo.athenz.instance.provider.InstanceProvider;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.jetty.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/instance/provider/impl/InstanceUtils.class */
public class InstanceUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(InstanceUtils.class);
    static final String ZTS_CERT_INSTANCE_ID = ".instanceid.athenz.";
    static final int ZTS_CERT_INSTANCE_ID_LEN = ZTS_CERT_INSTANCE_ID.length();
    static final String ZTS_CERT_INSTANCE_ID_URI = "athenz://instanceid/";
    static final int ZTS_CERT_INSTANCE_ID_URI_LEN = ZTS_CERT_INSTANCE_ID_URI.length();

    public static String getInstanceProperty(Map<String, String> map, String str) {
        if (map == null) {
            LOGGER.debug("getInstanceProperty: no attributes available");
            return null;
        }
        String str2 = map.get(str);
        if (str2 != null) {
            return str2;
        }
        LOGGER.debug("getInstanceProperty: {} attribute not available", str);
        return null;
    }

    static int dnsSuffixMatchIndex(String str, List<String> list) {
        for (String str2 : list) {
            if (str.endsWith(str2)) {
                return str.length() - str2.length();
            }
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> processK8SDnsSuffixList(String str) {
        ArrayList arrayList = new ArrayList();
        String property = System.getProperty(str);
        if (StringUtil.isEmpty(property)) {
            LOGGER.error("K8S DNS Suffix not specified - all requests must satisfy standard dns suffix checks");
        } else {
            for (String str2 : property.split(",")) {
                if (!StringUtil.isEmpty(str2)) {
                    if (str2.charAt(0) == '.') {
                        arrayList.add(str2);
                    } else {
                        arrayList.add("." + str2);
                    }
                }
            }
        }
        return arrayList;
    }

    static boolean k8sDnsSuffixCheck(String str, List<String> list) {
        if (list == null) {
            return false;
        }
        for (String str2 : list) {
            if (str.endsWith(str2) && str.substring(0, str.length() - str2.length()).chars().filter(i -> {
                return i == 46;
            }).count() > 0) {
                return true;
            }
        }
        return false;
    }

    static boolean validateSanDnsName(String str, String str2, List<String> list, List<String> list2, Set<String> set) {
        if ((set != null && set.contains(str)) || k8sDnsSuffixCheck(str, list2)) {
            return true;
        }
        int dnsSuffixMatchIndex = dnsSuffixMatchIndex(str, list);
        if (dnsSuffixMatchIndex == -1) {
            LOGGER.error("{} does not end with expected dns suffix value", str);
            return false;
        }
        for (String str3 : str.substring(0, dnsSuffixMatchIndex).split("\\.")) {
            if (str2.equals(str3)) {
                return true;
            }
        }
        LOGGER.error("{} does not include required service name {} component", str, str2);
        return false;
    }

    public static boolean validateCertRequestSanDnsNames(Map<String, String> map, String str, String str2, Set<String> set, List<String> list, List<String> list2, boolean z, StringBuilder sb) {
        if (set == null || set.isEmpty()) {
            LOGGER.error("No Cloud Provider DNS suffix specified for validation");
            return false;
        }
        String instanceProperty = getInstanceProperty(map, InstanceProvider.ZTS_INSTANCE_SAN_DNS);
        if (StringUtil.isEmpty(instanceProperty)) {
            LOGGER.error("Request contains no SAN DNS entries for validation");
            return false;
        }
        String[] split = instanceProperty.split(",");
        if (!extractCertRequestInstanceId(map, split, set, sb)) {
            LOGGER.error("Request does not contain expected instance id entry");
            return false;
        }
        ArrayList arrayList = new ArrayList();
        String replace = str.replace('.', '-');
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add("." + replace + "." + it.next());
        }
        HashSet hashSet = null;
        if (list2 != null && !list2.isEmpty()) {
            hashSet = new HashSet();
            for (String str3 : list2) {
                Iterator<String> it2 = set.iterator();
                while (it2.hasNext()) {
                    hashSet.add(str2 + "." + replace + "." + str3 + "." + it2.next());
                }
            }
        }
        if (z) {
            String instanceProperty2 = getInstanceProperty(map, InstanceProvider.ZTS_INSTANCE_HOSTNAME);
            if (!StringUtil.isEmpty(instanceProperty2) && !validateSanDnsName(instanceProperty2, str2, arrayList, list, hashSet)) {
                return false;
            }
        }
        boolean z2 = false;
        for (String str4 : split) {
            if (!str4.contains(ZTS_CERT_INSTANCE_ID)) {
                if (!validateSanDnsName(str4, str2, arrayList, list, hashSet)) {
                    return false;
                }
                z2 = true;
            }
        }
        if (z2) {
            return true;
        }
        LOGGER.error("Request does not contain expected host SAN DNS entry");
        return false;
    }

    private static boolean extractCertRequestInstanceId(Map<String, String> map, String[] strArr, Set<String> set, StringBuilder sb) {
        for (String str : strArr) {
            int indexOf = str.indexOf(ZTS_CERT_INSTANCE_ID);
            if (indexOf != -1) {
                if (sb.length() != 0) {
                    LOGGER.error("Multiple instance id values specified: {}, {}", str, sb);
                    return false;
                }
                if (!set.contains(str.substring(indexOf + ZTS_CERT_INSTANCE_ID_LEN))) {
                    LOGGER.error("Host: {} does not have expected instance id format", str);
                    return false;
                }
                sb.append((CharSequence) str, 0, indexOf);
            }
        }
        if (sb.length() != 0) {
            return true;
        }
        return extractCertRequestUriId(map, sb);
    }

    public static boolean extractCertRequestUriId(Map<String, String> map, StringBuilder sb) {
        int indexOf;
        String instanceProperty = getInstanceProperty(map, InstanceProvider.ZTS_INSTANCE_SAN_URI);
        if (StringUtil.isEmpty(instanceProperty)) {
            LOGGER.error("Request contains no SAN URI entries for validation");
            return false;
        }
        for (String str : instanceProperty.split(",")) {
            if (str.startsWith(ZTS_CERT_INSTANCE_ID_URI) && (indexOf = str.indexOf(47, ZTS_CERT_INSTANCE_ID_URI_LEN)) != -1) {
                String substring = str.substring(indexOf + 1);
                if (substring.isEmpty()) {
                    LOGGER.error("Empty instance uri provided in uri: {}", str);
                    return false;
                }
                sb.append(substring);
                return true;
            }
        }
        return false;
    }
}
