package com.redhat.cloud.common.clowder.configsource;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.smallrye.config.ConfigValue;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.microprofile.config.spi.ConfigSource;
import org.jboss.logging.Logger;

/* loaded from: input_file:com/redhat/cloud/common/clowder/configsource/ClowderConfigSource.class */
public class ClowderConfigSource implements ConfigSource {
    public static final String CLOWDER_CONFIG_SOURCE = "ClowderConfigSource";
    public static final String KAFKA_BOOTSTRAP_SERVERS = "kafka.bootstrap.servers";
    public static final String CAMEL_KAFKA_BROKERS = "camel.component.kafka.brokers";
    public static final String KAFKA_SSL_TRUSTSTORE_TYPE_VALUE = "PEM";
    private static final String QUARKUS_LOG_CLOUDWATCH = "quarkus.log.cloudwatch";
    private static final String QUARKUS_DATASOURCE_JDBC_URL = "quarkus.datasource.jdbc.url";
    private static final String CLOWDER_ENDPOINTS = "clowder.endpoints.";
    private static final String CLOWDER_ENDPOINTS_PARAM_URL = "url";
    private static final String CLOWDER_ENDPOINT_STORE_TYPE = "PKCS12";
    private static final String CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_PATH = "trust-store-path";
    private static final String CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_PASSWORD = "trust-store-password";
    private static final String CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_TYPE = "trust-store-type";
    private static final int DEFAULT_PASSWORD_LENGTH = 33;
    Logger log = Logger.getLogger(getClass().getName());
    private final Map<String, ConfigValue> existingValues;
    private ClowderConfig root;
    private boolean translate;
    private String trustStorePath;
    private String trustStorePassword;
    public static final String KAFKA_SASL_JAAS_CONFIG_KEY = "kafka.sasl.jaas.config";
    public static final String KAFKA_SASL_MECHANISM_KEY = "kafka.sasl.mechanism";
    public static final String KAFKA_SECURITY_PROTOCOL_KEY = "kafka.security.protocol";
    public static final String KAFKA_SSL_TRUSTSTORE_LOCATION_KEY = "kafka.ssl.truststore.location";
    public static final String KAFKA_SSL_TRUSTSTORE_TYPE_KEY = "kafka.ssl.truststore.type";
    public static final String CAMEL_KAFKA_SASL_JAAS_CONFIG_KEY = "camel.component.kafka.sasl-jaas-config";
    public static final String CAMEL_KAFKA_SASL_MECHANISM_KEY = "camel.component.kafka.sasl-mechanism";
    public static final String CAMEL_KAFKA_SECURITY_PROTOCOL_KEY = "camel.component.kafka.security-protocol";
    public static final String CAMEL_KAFKA_SSL_TRUSTSTORE_LOCATION_KEY = "camel.component.kafka.ssl-truststore-location";
    public static final String CAMEL_KAFKA_SSL_TRUSTSTORE_TYPE_KEY = "camel.component.kafka.ssl-truststore-type";
    private static List<String> KAFKA_SASL_KEYS = List.of(KAFKA_SASL_JAAS_CONFIG_KEY, KAFKA_SASL_MECHANISM_KEY, KAFKA_SECURITY_PROTOCOL_KEY, KAFKA_SSL_TRUSTSTORE_LOCATION_KEY, KAFKA_SSL_TRUSTSTORE_TYPE_KEY, CAMEL_KAFKA_SASL_JAAS_CONFIG_KEY, CAMEL_KAFKA_SASL_MECHANISM_KEY, CAMEL_KAFKA_SECURITY_PROTOCOL_KEY, CAMEL_KAFKA_SSL_TRUSTSTORE_LOCATION_KEY, CAMEL_KAFKA_SSL_TRUSTSTORE_TYPE_KEY);

    public ClowderConfigSource(String str, Map<String, ConfigValue> map) {
        this.translate = true;
        this.existingValues = map;
        File file = new File(str);
        if (!file.canRead()) {
            this.log.warn("Can't read clowder config from " + file.getAbsolutePath() + ", not doing translations.");
            this.translate = false;
            return;
        }
        try {
            this.root = (ClowderConfig) new ObjectMapper().readValue(Files.readString(file.toPath()), ClowderConfig.class);
        } catch (IOException e) {
            this.log.warn("Reading the clowder config failed, not doing translations", e);
            this.translate = false;
        }
    }

    public Map<String, String> getProperties() {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, ConfigValue> entry : this.existingValues.entrySet()) {
            String value = getValue(entry.getKey());
            if (value == null) {
                value = entry.getValue().getValue();
            }
            hashMap.put(entry.getKey(), value);
        }
        return hashMap;
    }

    public Set<String> getPropertyNames() {
        return this.existingValues.keySet();
    }

    public int getOrdinal() {
        return 270;
    }

    public String getValue(String str) {
        String str2;
        String str3;
        if (this.translate) {
            if (str.equals("quarkus.http.port")) {
                return String.valueOf(this.root.webPort);
            }
            if (str.equals(KAFKA_BOOTSTRAP_SERVERS) || str.equals(CAMEL_KAFKA_BROKERS)) {
                if (this.root.kafka == null) {
                    throw new IllegalStateException("Kafka base object not present, can't set Kafka values");
                }
                StringBuilder sb = new StringBuilder();
                for (BrokerConfig brokerConfig : this.root.kafka.brokers) {
                    if (sb.length() > 0) {
                        sb.append(',');
                    }
                    sb.append(brokerConfig.hostname + ":" + brokerConfig.port);
                }
                return sb.toString();
            }
            if (str.startsWith("mp.messaging") && str.endsWith(".topic")) {
                if (this.root.kafka == null) {
                    throw new IllegalStateException("Kafka base object not present, can't set Kafka values");
                }
                String value = this.existingValues.get(str).getValue();
                for (TopicConfig topicConfig : this.root.kafka.topics) {
                    if (topicConfig.requestedName.equals(value)) {
                        return topicConfig.name;
                    }
                }
                return value;
            }
            if (KAFKA_SASL_KEYS.contains(str)) {
                if (this.root.kafka == null) {
                    throw new IllegalStateException("Kafka base object not present, can't set Kafka values");
                }
                Optional<BrokerConfig> findAny = this.root.kafka.brokers.stream().filter(brokerConfig2 -> {
                    return "sasl".equals(brokerConfig2.authtype);
                }).findAny();
                if (findAny.isPresent()) {
                    boolean z = -1;
                    switch (str.hashCode()) {
                        case -2119375724:
                            if (str.equals(CAMEL_KAFKA_SECURITY_PROTOCOL_KEY)) {
                                z = 5;
                                break;
                            }
                            break;
                        case -1691593259:
                            if (str.equals(KAFKA_SSL_TRUSTSTORE_TYPE_KEY)) {
                                z = 8;
                                break;
                            }
                            break;
                        case -1362287846:
                            if (str.equals(KAFKA_SASL_MECHANISM_KEY)) {
                                z = 2;
                                break;
                            }
                            break;
                        case -733989295:
                            if (str.equals(CAMEL_KAFKA_SASL_JAAS_CONFIG_KEY)) {
                                z = true;
                                break;
                            }
                            break;
                        case -295967481:
                            if (str.equals(CAMEL_KAFKA_SSL_TRUSTSTORE_LOCATION_KEY)) {
                                z = 7;
                                break;
                            }
                            break;
                        case -71758658:
                            if (str.equals(KAFKA_SECURITY_PROTOCOL_KEY)) {
                                z = 4;
                                break;
                            }
                            break;
                        case 651054476:
                            if (str.equals(CAMEL_KAFKA_SSL_TRUSTSTORE_TYPE_KEY)) {
                                z = 9;
                                break;
                            }
                            break;
                        case 1376785576:
                            if (str.equals(KAFKA_SASL_JAAS_CONFIG_KEY)) {
                                z = false;
                                break;
                            }
                            break;
                        case 1925821060:
                            if (str.equals(CAMEL_KAFKA_SASL_MECHANISM_KEY)) {
                                z = 3;
                                break;
                            }
                            break;
                        case 2021302480:
                            if (str.equals(KAFKA_SSL_TRUSTSTORE_LOCATION_KEY)) {
                                z = 6;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                        case true:
                            String str4 = findAny.get().sasl.username;
                            String str5 = findAny.get().sasl.password;
                            String str6 = findAny.get().sasl.saslMechanism;
                            boolean z2 = -1;
                            switch (str6.hashCode()) {
                                case -1875508938:
                                    if (str6.equals("SCRAM-SHA-512")) {
                                        z2 = true;
                                        break;
                                    }
                                    break;
                                case 76210602:
                                    if (str6.equals("PLAIN")) {
                                        z2 = false;
                                        break;
                                    }
                                    break;
                            }
                            switch (z2) {
                                case false:
                                    return "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + str4 + "\" password=\"" + str5 + "\";";
                                case true:
                                    return "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + str4 + "\" password=\"" + str5 + "\";";
                            }
                        case true:
                        case true:
                            break;
                        case true:
                        case true:
                            return findAny.get().sasl.securityProtocol;
                        case true:
                        case true:
                            return createTempKafkaCertFile(findAny.get().cacert);
                        case true:
                        case true:
                            return KAFKA_SSL_TRUSTSTORE_TYPE_VALUE;
                        default:
                            throw new IllegalStateException("Unexpected Kafka SASL config key: " + str);
                    }
                    return findAny.get().sasl.saslMechanism;
                }
            }
            if (str.startsWith("quarkus.datasource")) {
                String substring = str.substring("quarkus.datasource.".length());
                if (this.root.database == null) {
                    throw new IllegalStateException("No database section found");
                }
                if (substring.equals("username")) {
                    return this.root.database.username;
                }
                String str7 = this.root.database.sslMode;
                boolean z3 = !str7.equals("disable");
                boolean equals = str7.equals("verify-full");
                if (substring.equals("password")) {
                    return this.root.database.password;
                }
                if (substring.equals("jdbc.url")) {
                    String hostPortDb = getHostPortDb(this.root.database);
                    Object obj = "";
                    if (this.existingValues.containsKey(QUARKUS_DATASOURCE_JDBC_URL)) {
                        String value2 = this.existingValues.get(QUARKUS_DATASOURCE_JDBC_URL).getValue();
                        if (value2.contains(":tracing:")) {
                            this.log.warn("The support of OpenTracing in this library is deprecated and will be removed soon. Please consider switching to OpenTelemetry.");
                            obj = "tracing:";
                        } else if (value2.contains(":otel:")) {
                            obj = "otel:";
                        }
                    }
                    String format = String.format("jdbc:%s%s", obj, hostPortDb);
                    if (z3) {
                        format = format + "?sslmode=" + str7;
                    }
                    if (equals) {
                        format = format + "&sslrootcert=" + createTempRdsCertFile(this.root.database.rdsCa);
                    }
                    return format;
                }
                if (substring.startsWith("reactive.")) {
                    if (substring.equals("reactive.url")) {
                        return getHostPortDb(this.root.database);
                    }
                    if (substring.equals("reactive.postgresql.ssl-mode")) {
                        return str7;
                    }
                    if (equals) {
                        if (substring.equals("reactive.hostname-verification-algorithm")) {
                            return "HTTPS";
                        }
                        if (substring.equals("reactive.trust-certificate-pem")) {
                            return "true";
                        }
                        if (substring.equals("reactive.trust-certificate-pem.certs")) {
                            return createTempRdsCertFile(this.root.database.rdsCa);
                        }
                    }
                }
            }
            if (str.startsWith(QUARKUS_LOG_CLOUDWATCH)) {
                if (this.root.logging == null) {
                    throw new IllegalStateException("No logging section found");
                }
                if (this.root.logging.cloudwatch == null) {
                    throw new IllegalStateException("No cloudwatch section found in logging object");
                }
                if (this.root.logging.type != null && !this.root.logging.type.equals("null")) {
                    String substring2 = str.substring(QUARKUS_LOG_CLOUDWATCH.length() + 1);
                    boolean z4 = -1;
                    switch (substring2.hashCode()) {
                        case -1669454894:
                            if (substring2.equals("access-key-id")) {
                                z4 = false;
                                break;
                            }
                            break;
                        case -934795532:
                            if (substring2.equals("region")) {
                                z4 = 2;
                                break;
                            }
                            break;
                        case 852372150:
                            if (substring2.equals("log-group")) {
                                z4 = 3;
                                break;
                            }
                            break;
                        case 932262375:
                            if (substring2.equals("access-key-secret")) {
                                z4 = true;
                                break;
                            }
                            break;
                    }
                    switch (z4) {
                        case false:
                            return this.root.logging.cloudwatch.accessKeyId;
                        case true:
                            return this.root.logging.cloudwatch.secretAccessKey;
                        case true:
                            return this.root.logging.cloudwatch.region;
                        case true:
                            return this.root.logging.cloudwatch.logGroup;
                    }
                }
                if (str.equals("quarkus.log.cloudwatch.enabled")) {
                    return "false";
                }
            }
            if (str.startsWith(CLOWDER_ENDPOINTS)) {
                try {
                    if (this.root.endpoints == null) {
                        throw new IllegalStateException("No endpoints section found");
                    }
                    String substring3 = str.substring(CLOWDER_ENDPOINTS.length());
                    String[] split = substring3.split("\\.");
                    if (split.length == 1) {
                        this.log.warn("Endpoint '" + substring3 + "' is using the old format. Please move to the new one: [endpoint-name].[url|trust-store-path|trust-store-password|trust-store-type]");
                        str2 = split[0];
                        str3 = CLOWDER_ENDPOINTS_PARAM_URL;
                    } else {
                        if (split.length != 2) {
                            throw new IllegalArgumentException("Endpoint '" + substring3 + "' expects a different format: [endpoint-name].[url|trust-store-path|trust-store-password|trust-store-type]");
                        }
                        str2 = split[0];
                        str3 = split[1];
                    }
                    EndpointConfig endpointConfig = null;
                    for (EndpointConfig endpointConfig2 : this.root.endpoints) {
                        if ((endpointConfig2.app + "-" + endpointConfig2.name).equals(str2)) {
                            endpointConfig = endpointConfig2;
                        }
                    }
                    if (endpointConfig == null) {
                        this.log.warn("Endpoint '" + str2 + "' not found in the endpoints section");
                        return null;
                    }
                    String str8 = str3;
                    boolean z5 = -1;
                    switch (str8.hashCode()) {
                        case -2025609700:
                            if (str8.equals(CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_PASSWORD)) {
                                z5 = 2;
                                break;
                            }
                            break;
                        case 116079:
                            if (str8.equals(CLOWDER_ENDPOINTS_PARAM_URL)) {
                                z5 = false;
                                break;
                            }
                            break;
                        case 1978284070:
                            if (str8.equals(CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_PATH)) {
                                z5 = true;
                                break;
                            }
                            break;
                        case 1978426171:
                            if (str8.equals(CLOWDER_ENDPOINTS_PARAM_TRUST_STORE_TYPE)) {
                                z5 = 3;
                                break;
                            }
                            break;
                    }
                    switch (z5) {
                        case false:
                            return endpointConfig.tlsPort == null ? "http://" + endpointConfig.hostname + ":" + endpointConfig.port : "https://" + endpointConfig.hostname + ":" + endpointConfig.tlsPort;
                        case true:
                            if (endpointConfig.tlsPort == null) {
                                return null;
                            }
                            if (this.root.tlsCAPath == null) {
                                throw new IllegalStateException("Requested tls port for endpoint but did not provide tlsCAPath");
                            }
                            createTruststoreFile(this.root.tlsCAPath);
                            return this.trustStorePath;
                        case true:
                            if (endpointConfig.tlsPort == null) {
                                return null;
                            }
                            if (this.root.tlsCAPath == null) {
                                throw new IllegalStateException("Requested tls port for endpoint but did not provide tlsCAPath");
                            }
                            createTruststoreFile(this.root.tlsCAPath);
                            return this.trustStorePassword;
                        case true:
                            if (endpointConfig.tlsPort == null) {
                                return null;
                            }
                            if (this.root.tlsCAPath == null) {
                                throw new IllegalStateException("Requested tls port for endpoint but did not provide tlsCAPath");
                            }
                            return CLOWDER_ENDPOINT_STORE_TYPE;
                        default:
                            this.log.warn("Endpoint '" + str2 + "' requested an unknown param: '" + str3 + "'");
                            return null;
                    }
                } catch (IllegalStateException e) {
                    this.log.errorf("Failed to load config key '%s' from the Clowder configuration: %s", str, e.getMessage());
                    throw e;
                }
            }
        }
        if (this.existingValues.containsKey(str)) {
            return this.existingValues.get(str).getValue();
        }
        return null;
    }

    public String getName() {
        return CLOWDER_CONFIG_SOURCE;
    }

    private String getHostPortDb(DatabaseConfig databaseConfig) {
        return String.format("postgresql://%s:%d/%s", databaseConfig.hostname, databaseConfig.port, databaseConfig.name);
    }

    private void createTruststoreFile(String str) {
        if (this.trustStorePath != null) {
            return;
        }
        try {
            List<String> readCerts = readCerts(Files.readString(new File(str).toPath(), StandardCharsets.UTF_8));
            List list = (List) parsePemCert(readCerts).stream().map(this::buildX509Cert).collect(Collectors.toList());
            if (list.size() < 1) {
                throw new IllegalStateException("Could not parse any certificate in the file");
            }
            KeyStore keyStore = KeyStore.getInstance(CLOWDER_ENDPOINT_STORE_TYPE);
            keyStore.load(null);
            for (int i = 0; i < list.size(); i++) {
                keyStore.setCertificateEntry("cert-" + i, (Certificate) list.get(i));
            }
            char[] buildPassword = buildPassword(readCerts.get(0));
            this.trustStorePath = writeTruststore(keyStore, buildPassword);
            this.trustStorePassword = new String(buildPassword);
        } catch (IOException e) {
            throw new IllegalStateException("Couldn't load the certificate, but we were requested a truststore", e);
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("Couldn't load the keystore format PKCS12", e2);
        } catch (NoSuchAlgorithmException | CertificateException e3) {
            throw new IllegalStateException("Couldn't configure the keystore", e3);
        }
    }

    static List<String> readCerts(String str) {
        return (List) Arrays.stream(str.split("-----BEGIN CERTIFICATE-----")).filter(str2 -> {
            return !str2.isEmpty();
        }).map(str3 -> {
            return (String) Arrays.stream(str3.split("-----END CERTIFICATE-----")).filter(str3 -> {
                return !str3.isEmpty();
            }).findFirst().orElseThrow(() -> {
                return new IllegalStateException("Invalid certificate found");
            });
        }).map((v0) -> {
            return v0.trim();
        }).map(str4 -> {
            return str4.replaceAll("\n", "");
        }).collect(Collectors.toList());
    }

    private List<byte[]> parsePemCert(List<String> list) {
        return (List) list.stream().map(str -> {
            return Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
        }).collect(Collectors.toList());
    }

    private X509Certificate buildX509Cert(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new IllegalStateException("Couldn't load the x509 certificate factory", e);
        }
    }

    private String writeTruststore(KeyStore keyStore, char[] cArr) {
        try {
            File createTempFile = createTempFile("truststore", ".trust");
            keyStore.store(new FileOutputStream(createTempFile), cArr);
            return createTempFile.getAbsolutePath();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Truststore creation failed", e);
        }
    }

    private char[] buildPassword(String str) {
        int min = Math.min(DEFAULT_PASSWORD_LENGTH, str.length());
        char[] cArr = new char[min];
        str.getChars(0, min, cArr, 0);
        return cArr;
    }

    private String createTempRdsCertFile(String str) {
        if (str != null) {
            return createTempCertFile("rds-ca-root", str);
        }
        throw new IllegalStateException("'database.sslMode' is set to 'verify-full' in the Clowder config but the 'database.rdsCa' field is missing");
    }

    private String createTempKafkaCertFile(String str) {
        if (str != null) {
            return createTempCertFile("kafka-cacert", str);
        }
        return null;
    }

    private String createTempCertFile(String str, String str2) {
        try {
            return Files.write(Path.of(createTempFile(str, ".crt").getAbsolutePath(), new String[0]), str2.getBytes(StandardCharsets.UTF_8), new OpenOption[0]).toString();
        } catch (IOException e) {
            throw new UncheckedIOException("Certificate file creation failed", e);
        }
    }

    private File createTempFile(String str, String str2) throws IOException {
        File createTempFile = File.createTempFile(str, str2);
        try {
            createTempFile.deleteOnExit();
        } catch (SecurityException e) {
            this.log.warnf(e, "Delete on exit of the '%s' cert file denied by the security manager", str);
        }
        return createTempFile;
    }
}
