package org.apache.knox.gateway.service.metadata;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.dto.HomePageProfile;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.service.definition.Metadata;
import org.apache.knox.gateway.service.definition.ServiceDefinitionPair;
import org.apache.knox.gateway.service.metadata.ServiceModel;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.ServerInfoService;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.registry.ServiceDefinitionRegistry;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.KeystoreService;
import org.apache.knox.gateway.services.security.KeystoreServiceException;
import org.apache.knox.gateway.services.topology.TopologyService;
import org.apache.knox.gateway.topology.Service;
import org.apache.knox.gateway.topology.Topology;
import org.apache.knox.gateway.util.JsonUtils;
import org.apache.knox.gateway.util.X509CertificateUtil;

@Api(value = "metadata", description = "RESTful API to interact with metadata.")
@Singleton
@Path("/api/v1/metadata")
/* loaded from: input_file:org/apache/knox/gateway/service/metadata/KnoxMetadataResource.class */
public class KnoxMetadataResource {
    private static final String SNAPSHOT_VERSION_POSTFIX = "-SNAPSHOT";
    private Set<String> pinnedTopologies;
    private java.nio.file.Path pemFilePath;
    private java.nio.file.Path jksFilePath;

    @Context
    private HttpServletRequest request;
    private static final MetadataServiceMessages LOG = (MetadataServiceMessages) MessagesFactory.get(MetadataServiceMessages.class);
    private static final Set<String> UNREAL_SERVICES = Collections.unmodifiableSet(new HashSet(Arrays.asList("NAMENODE", "JOBTRACKER", "RESOURCEMANAGERAPI")));

    @GET
    @Path("info")
    @ApiOperation(value = "Get general proxy information", notes = "Get general proxy information such as TLS Public Certificate, Knox Admin UI Url, etc...", response = GeneralProxyInformation.class)
    @Produces({"application/json", "application/xml"})
    public GeneralProxyInformation getGeneralProxyInformation() {
        GeneralProxyInformation generalProxyInformation = new GeneralProxyInformation();
        GatewayServices gatewayServices = (GatewayServices) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services");
        if (gatewayServices != null) {
            ServerInfoService serverInfoService = (ServerInfoService) gatewayServices.getService(ServiceType.SERVER_INFO_SERVICE);
            generalProxyInformation.setVersion(serverInfoService.getBuildVersion() + " (hash=" + serverInfoService.getBuildHash() + ")");
            generalProxyInformation.setAdminApiBookUrl(String.format(Locale.ROOT, "https://knox.apache.org/books/knox-%s/user-guide.html#Admin+API", getAdminApiBookVersion(serverInfoService.getBuildVersion())));
            GatewayConfig gatewayConfig = (GatewayConfig) this.request.getServletContext().getAttribute("org.apache.knox.gateway.config");
            generalProxyInformation.setAdminUiUrl(getBaseGatewayUrl(gatewayConfig) + "/manager/admin-ui/");
            generalProxyInformation.setWebShellUrl(getBaseGatewayUrl(gatewayConfig) + "/homepage/webshell-ui/index.html");
            setTokenManagementEnabledFlag(generalProxyInformation, gatewayServices);
            generalProxyInformation.setEnableWebshell(String.valueOf(gatewayConfig.isWebShellEnabled()));
        }
        return generalProxyInformation;
    }

    private void setTokenManagementEnabledFlag(GeneralProxyInformation generalProxyInformation, GatewayServices gatewayServices) {
        try {
            boolean contains = ((AliasService) gatewayServices.getService(ServiceType.ALIAS_SERVICE)).getAliasesForCluster("__gateway").contains("knox.token.hash.key");
            generalProxyInformation.setEnableTokenManagement(Boolean.toString(contains));
            if (!contains) {
                LOG.tokenManagementDisabled();
            }
        } catch (AliasServiceException e) {
            LOG.failedToFetchGatewayAliasList(e.getMessage(), e);
        }
    }

    private String getAdminApiBookVersion(String str) {
        return str.replaceAll(SNAPSHOT_VERSION_POSTFIX, "").replaceAll("\\.", "-");
    }

    @GET
    @Produces({"application/octet-stream"})
    @Path("publicCert")
    public Response getPublicCertification(@QueryParam("type") @DefaultValue("pem") String str) {
        GatewayConfig gatewayConfig;
        Certificate publicCertificate;
        GatewayServices gatewayServices = (GatewayServices) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services");
        if (gatewayServices == null || (publicCertificate = getPublicCertificate(gatewayServices, (gatewayConfig = (GatewayConfig) this.request.getServletContext().getAttribute("org.apache.knox.gateway.config")))) == null) {
            return generateFailureFileDownloadResponse(Response.Status.SERVICE_UNAVAILABLE, "Could not generate public certificate");
        }
        if ("pem".equals(str)) {
            generateCertificatePem(publicCertificate, gatewayConfig);
            return generateSuccessFileDownloadResponse(this.pemFilePath);
        }
        if (!"jks".equals(str)) {
            return generateFailureFileDownloadResponse(Response.Status.BAD_REQUEST, "Invalid certification type provided!");
        }
        generateCertificateJks(publicCertificate, gatewayConfig);
        return generateSuccessFileDownloadResponse(this.jksFilePath);
    }

    private Response generateSuccessFileDownloadResponse(java.nio.file.Path path) {
        Response.ResponseBuilder ok = Response.ok(path.toFile());
        ok.header("Content-Disposition", "attachment;filename=" + path.getFileName().toString());
        return ok.build();
    }

    private Response generateFailureFileDownloadResponse(Response.Status status, String str) {
        Response.ResponseBuilder status2 = Response.status(status);
        status2.entity(str);
        return status2.build();
    }

    private Certificate getPublicCertificate(GatewayServices gatewayServices, GatewayConfig gatewayConfig) {
        try {
            return ((KeystoreService) gatewayServices.getService(ServiceType.KEYSTORE_SERVICE)).getKeystoreForGateway().getCertificate(gatewayConfig.getIdentityKeyAlias());
        } catch (KeyStoreException | KeystoreServiceException e) {
            LOG.failedToFetchPublicCert(e.getMessage(), e);
            return null;
        }
    }

    private void generateCertificatePem(Certificate certificate, GatewayConfig gatewayConfig) {
        try {
            if (this.pemFilePath == null || !this.pemFilePath.toFile().exists()) {
                this.pemFilePath = Paths.get(gatewayConfig.getGatewaySecurityDir(), "gateway-client-trust.pem");
                X509CertificateUtil.writeCertificateToFile(certificate, this.pemFilePath.toFile());
            }
        } catch (IOException | CertificateEncodingException e) {
            LOG.failedToGeneratePublicCert("PEM", e.getMessage(), e);
        }
    }

    private void generateCertificateJks(Certificate certificate, GatewayConfig gatewayConfig) {
        try {
            if (this.jksFilePath == null || !this.jksFilePath.toFile().exists()) {
                this.jksFilePath = Paths.get(gatewayConfig.getGatewaySecurityDir(), "gateway-client-trust.jks");
                X509CertificateUtil.writeCertificateToJks(certificate, this.jksFilePath.toFile());
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.failedToGeneratePublicCert("JKS", e.getMessage(), e);
        }
    }

    private String getBaseGatewayUrl(GatewayConfig gatewayConfig) {
        return this.request.getRequestURL().substring(0, this.request.getRequestURL().length() - this.request.getRequestURI().length()) + "/" + gatewayConfig.getGatewayPath();
    }

    @GET
    @Produces({"application/xml", "application/json"})
    @Path("topologies")
    public TopologyInformationWrapper getTopologies() {
        return getTopologies(null);
    }

    @GET
    @Produces({"application/xml", "application/json"})
    @Path("topologies/{name}")
    public TopologyInformationWrapper getTopology(@PathParam("name") String str) {
        return getTopologies(str);
    }

    private TopologyInformationWrapper getTopologies(String str) {
        TopologyInformationWrapper topologyInformationWrapper = new TopologyInformationWrapper();
        GatewayServices gatewayServices = (GatewayServices) this.request.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services");
        GatewayConfig gatewayConfig = (GatewayConfig) this.request.getServletContext().getAttribute("org.apache.knox.gateway.config");
        ServiceDefinitionRegistry serviceDefinitionRegistry = (ServiceDefinitionRegistry) gatewayServices.getService(ServiceType.SERVICE_DEFINITION_REGISTRY);
        Set hiddenTopologiesOnHomepage = gatewayConfig.getHiddenTopologiesOnHomepage();
        if (gatewayServices != null) {
            for (Topology topology : ((TopologyService) gatewayServices.getService(ServiceType.TOPOLOGY_SERVICE)).getTopologies()) {
                if (!hiddenTopologiesOnHomepage.contains(topology.getName()) && (str == null || topology.getName().equalsIgnoreCase(str))) {
                    HashSet hashSet = new HashSet();
                    HashSet hashSet2 = new HashSet();
                    topology.getServices().stream().filter(service -> {
                        return !UNREAL_SERVICES.contains(service.getRole());
                    }).forEach(service2 -> {
                        service2.getUrls().forEach(str2 -> {
                            ServiceModel serviceModel = getServiceModel(this.request, gatewayConfig.getGatewayPath(), topology.getName(), service2, getServiceMetadata(serviceDefinitionRegistry, service2), str2);
                            if (ServiceModel.Type.UI == serviceModel.getType()) {
                                hashSet2.add(serviceModel);
                            } else if (ServiceModel.Type.API_AND_UI != serviceModel.getType()) {
                                hashSet.add(serviceModel);
                            } else {
                                hashSet2.add(serviceModel);
                                hashSet.add(serviceModel);
                            }
                        });
                    });
                    topologyInformationWrapper.addTopology(topology.getName(), isPinnedTopology(topology.getName(), gatewayConfig), new TreeSet(hashSet), new TreeSet(hashSet2));
                }
            }
        }
        return topologyInformationWrapper;
    }

    boolean isPinnedTopology(String str, GatewayConfig gatewayConfig) {
        if (this.pinnedTopologies == null) {
            this.pinnedTopologies = gatewayConfig.getPinnedTopologiesOnHomepage();
        }
        return this.pinnedTopologies.contains(str);
    }

    private Metadata getServiceMetadata(ServiceDefinitionRegistry serviceDefinitionRegistry, Service service) {
        Optional findFirst = serviceDefinitionRegistry.getServiceDefinitions().stream().filter(serviceDefinitionPair -> {
            return serviceDefinitionPair.getService().getRole().equalsIgnoreCase(service.getRole());
        }).filter(serviceDefinitionPair2 -> {
            return service.getVersion() == null || service.getVersion().toString().equalsIgnoreCase(serviceDefinitionPair2.getService().getVersion());
        }).findFirst();
        if (findFirst.isPresent()) {
            return ((ServiceDefinitionPair) findFirst.get()).getService().getMetadata();
        }
        return null;
    }

    private ServiceModel getServiceModel(HttpServletRequest httpServletRequest, String str, String str2, Service service, Metadata metadata, String str3) {
        ServiceModel serviceModel = new ServiceModel();
        serviceModel.setRequest(httpServletRequest);
        serviceModel.setGatewayPath(str);
        serviceModel.setTopologyName(str2);
        serviceModel.setService(service);
        serviceModel.setServiceMetadata(metadata);
        serviceModel.setServiceUrl(str3);
        return serviceModel;
    }

    @GET
    @Produces({"application/json"})
    @Path("profiles/{profile}")
    public String getProfile(@PathParam("profile") String str) {
        Map homePageProfiles = ((GatewayConfig) this.request.getServletContext().getAttribute("org.apache.knox.gateway.config")).getHomePageProfiles();
        return homePageProfiles.containsKey(str.toLowerCase(Locale.getDefault())) ? JsonUtils.renderAsJsonString(new HomePageProfile((Collection) homePageProfiles.get(str)).getProfileElements()) : JsonUtils.renderAsJsonString(Collections.emptyMap());
    }
}
