package io.gravitee.node.kubernetes.keystoreloader;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.gravitee.common.util.KeyStoreUtils;
import io.gravitee.kubernetes.client.KubernetesClient;
import io.gravitee.kubernetes.client.api.LabelSelector;
import io.gravitee.kubernetes.client.api.ResourceQuery;
import io.gravitee.kubernetes.client.api.WatchQuery;
import io.gravitee.kubernetes.client.config.KubernetesConfig;
import io.gravitee.kubernetes.client.model.v1.ConfigMap;
import io.gravitee.kubernetes.client.model.v1.Secret;
import io.gravitee.node.api.certificate.KeyStoreLoaderOptions;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.schedulers.Schedulers;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/node/kubernetes/keystoreloader/KubernetesPemRegistryKeyStoreLoader.class */
public class KubernetesPemRegistryKeyStoreLoader extends AbstractKubernetesKeyStoreLoader<ConfigMap> {
    public static final String GRAVITEEIO_PEM_REGISTRY_LABEL = "gravitee.io/component";
    private final ObjectMapper objectMapper;

    public KubernetesPemRegistryKeyStoreLoader(KeyStoreLoaderOptions keyStoreLoaderOptions, KubernetesClient kubernetesClient) {
        super(keyStoreLoaderOptions, kubernetesClient);
        this.objectMapper = new ObjectMapper();
        prepareLocations();
    }

    private void prepareLocations() {
        if (this.options.getType().equalsIgnoreCase("KUBERNETES-PEM-REGISTRY")) {
            this.resources.put("KUBERNETES-PEM-REGISTRY", null);
        }
    }

    public static boolean canHandle(KeyStoreLoaderOptions keyStoreLoaderOptions) {
        return keyStoreLoaderOptions.getType().equalsIgnoreCase("KUBERNETES-PEM-REGISTRY");
    }

    @Override // io.gravitee.node.kubernetes.keystoreloader.AbstractKubernetesKeyStoreLoader
    protected Completable init() {
        return Flowable.fromIterable(this.resources.keySet()).flatMapCompletable(str -> {
            if (!"KUBERNETES-PEM-REGISTRY".equals(str)) {
                return Completable.error(new IllegalArgumentException(String.format("unsupported keystore locations %s", str)));
            }
            String currentNamespace = KubernetesConfig.getInstance().getCurrentNamespace();
            return this.kubernetesClient.get(ResourceQuery.configMaps(currentNamespace).labelSelector(LabelSelector.equals(GRAVITEEIO_PEM_REGISTRY_LABEL, "KUBERNETES-PEM-REGISTRY".toLowerCase())).build()).flatMapCompletable(configMapList -> {
                List items = configMapList.getItems();
                if (items.isEmpty()) {
                    return Completable.error(new RuntimeException("No pem registry found in the current namespace"));
                }
                if (items.size() > 1) {
                    return Completable.error(new RuntimeException("multiple pem registry is not supported"));
                }
                String format = String.format("/%s/configmaps/%s", currentNamespace, ((ConfigMap) items.get(0)).getMetadata().getName());
                this.resources.put(format, ResourceQuery.from(format).build());
                return loadKeyStore((ConfigMap) items.get(0));
            }).doOnComplete(() -> {
                this.resources.remove("KUBERNETES-PEM-REGISTRY");
            });
        }).andThen(Completable.fromRunnable(this::emitKeyStoreEvent));
    }

    @Override // io.gravitee.node.kubernetes.keystoreloader.AbstractKubernetesKeyStoreLoader
    protected Flowable<ConfigMap> watch() {
        return Flowable.fromIterable(this.resources.keySet()).flatMap(str -> {
            return this.kubernetesClient.watch(WatchQuery.from(str).build()).observeOn(Schedulers.computation()).repeat().retryWhen(flowable -> {
                return flowable.delay(10000L, TimeUnit.MILLISECONDS);
            });
        }).filter(event -> {
            return event.getType().equalsIgnoreCase("MODIFIED");
        }).map((v0) -> {
            return v0.getObject();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.gravitee.node.kubernetes.keystoreloader.AbstractKubernetesKeyStoreLoader
    public Completable loadKeyStore(ConfigMap configMap) {
        if (!this.options.getType().equalsIgnoreCase("KUBERNETES-PEM-REGISTRY")) {
            return Completable.error(new RuntimeException(String.format("unsupported keystore type %s", this.options.getType())));
        }
        if (configMap.getMetadata().getLabels() != null && "KUBERNETES-PEM-REGISTRY".equalsIgnoreCase((String) configMap.getMetadata().getLabels().get(GRAVITEEIO_PEM_REGISTRY_LABEL)) && configMap.getData() != null) {
            return generateKeystoreFromPemRegistry(configMap);
        }
        this.keyStoresByLocation.put(GRAVITEEIO_PEM_REGISTRY_LABEL, initKeyStore());
        return Completable.complete();
    }

    private Completable generateKeystoreFromPemRegistry(ConfigMap configMap) {
        Flowable fromIterable = Flowable.fromIterable(configMap.getData().values());
        ObjectMapper objectMapper = this.objectMapper;
        Objects.requireNonNull(objectMapper);
        return fromIterable.map(objectMapper::readTree).filter((v0) -> {
            return v0.isArray();
        }).flatMap((v0) -> {
            return Flowable.fromIterable(v0);
        }).map((v0) -> {
            return v0.asText();
        }).distinct().filter(StringUtils::hasLength).flatMapMaybe(str -> {
            String[] split = str.split("/");
            return split.length != 2 ? Maybe.error(new IllegalArgumentException("Wrong or missing namespace or name of the TLS Secret")) : this.kubernetesClient.get(ResourceQuery.secret(split[0], split[1]).build()).map(this::secretToKeyStore);
        }).toList().map(list -> {
            return KeyStoreUtils.merge(list, getPassword());
        }).doOnSuccess(keyStore -> {
            this.keyStoresByLocation.put(GRAVITEEIO_PEM_REGISTRY_LABEL, keyStore);
        }).ignoreElement();
    }

    private KeyStore initKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, KeyStoreUtils.passwordToCharArray(getPassword()));
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException(String.format("Unable to reset the %s keystore", GRAVITEEIO_PEM_REGISTRY_LABEL), e);
        }
    }

    private KeyStore secretToKeyStore(Secret secret) {
        Map data = secret.getData();
        if (data == null || data.isEmpty()) {
            throw new IllegalStateException(String.format("No data has been found in the secret %s", secret.getMetadata().getName()));
        }
        return KeyStoreUtils.initFromPem(new String(Base64.getDecoder().decode((String) data.get("tls.crt")), StandardCharsets.UTF_8), new String(Base64.getDecoder().decode((String) data.get("tls.key")), StandardCharsets.UTF_8), getPassword(), secret.getMetadata().getName());
    }
}
