package org.eclipse.jkube.enricher.generic.openshift;

import io.fabric8.kubernetes.api.builder.TypedVisitor;
import io.fabric8.kubernetes.api.builder.Visitor;
import io.fabric8.kubernetes.api.model.Container;
import io.fabric8.kubernetes.api.model.ContainerBuilder;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.PodSpecBuilder;
import io.fabric8.kubernetes.api.model.PodSpecFluent;
import io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder;
import io.fabric8.kubernetes.api.model.ServiceBuilder;
import io.fabric8.kubernetes.api.model.Volume;
import io.fabric8.kubernetes.api.model.VolumeMount;
import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.eclipse.jkube.kit.common.Configs;
import org.eclipse.jkube.kit.config.resource.PlatformMode;
import org.eclipse.jkube.kit.enricher.api.BaseEnricher;
import org.eclipse.jkube.kit.enricher.api.JKubeEnricherContext;
import org.eclipse.jkube.kit.enricher.api.util.InitContainerHandler;

/* loaded from: input_file:org/eclipse/jkube/enricher/generic/openshift/AutoTLSEnricher.class */
public class AutoTLSEnricher extends BaseEnricher {
    static final String ENRICHER_NAME = "jkube-openshift-autotls";
    static final String AUTOTLS_ANNOTATION_KEY = "service.alpha.openshift.io/serving-cert-secret-name";
    private String secretName;
    private final InitContainerHandler initContainerHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jkube/enricher/generic/openshift/AutoTLSEnricher$Config.class */
    public enum Config implements Configs.Config {
        TLS_SECRET_NAME("tlsSecretName", null),
        TLS_SECRET_VOLUME_MOUNT_POINT("tlsSecretVolumeMountPoint", "/var/run/secrets/jkube.io/tls-pem"),
        TLS_SECRET_VOLUME_NAME("tlsSecretVolumeName", "tls-pem"),
        JKS_VOLUME_MOUNT_POINT("jksVolumeMountPoint", "/var/run/secrets/jkube.io/tls-jks"),
        JKS_VOLUME_NAME("jksVolumeName", "tls-jks"),
        PEM_TO_JKS_INIT_CONTAINER_IMAGE("pemToJKSInitContainerImage", "jimmidyson/pemtokeystore:v0.1.0"),
        PEM_TO_JKS_INIT_CONTAINER_NAME("pemToJKSInitContainerName", "tls-jks-converter"),
        KEYSTORE_FILE_NAME("keystoreFileName", "keystore.jks"),
        KEYSTORE_PASSWORD("keystorePassword", "changeit"),
        KEYSTORE_CERT_ALIAS("keystoreCertAlias", "server");

        protected String key;
        protected String defaultValue;

        Config(String str, String str2) {
            this.key = str;
            this.defaultValue = str2;
        }

        public String getKey() {
            return this.key;
        }

        public String getDefaultValue() {
            return this.defaultValue;
        }
    }

    public AutoTLSEnricher(JKubeEnricherContext jKubeEnricherContext) {
        super(jKubeEnricherContext, ENRICHER_NAME);
        this.secretName = getConfig(Config.TLS_SECRET_NAME, getContext().getGav().getArtifactId() + "-tls");
        this.initContainerHandler = new InitContainerHandler(jKubeEnricherContext.getLog());
    }

    public void enrich(PlatformMode platformMode, KubernetesListBuilder kubernetesListBuilder) {
        if (isOpenShiftMode()) {
            kubernetesListBuilder.accept(new Visitor[]{new TypedVisitor<PodTemplateSpecBuilder>() { // from class: org.eclipse.jkube.enricher.generic.openshift.AutoTLSEnricher.1
                public void visit(PodTemplateSpecBuilder podTemplateSpecBuilder) {
                    AutoTLSEnricher.this.initContainerHandler.appendInitContainer(podTemplateSpecBuilder, createInitContainer());
                }

                private Container createInitContainer() {
                    return new ContainerBuilder().withName(AutoTLSEnricher.this.getConfig(Config.PEM_TO_JKS_INIT_CONTAINER_NAME)).withImage(AutoTLSEnricher.this.getConfig(Config.PEM_TO_JKS_INIT_CONTAINER_IMAGE)).withImagePullPolicy("IfNotPresent").withArgs(createArgsArray()).withVolumeMounts(createMounts()).build();
                }

                private List<String> createArgsArray() {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add("-cert-file");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.KEYSTORE_CERT_ALIAS) + "=/tls-pem/tls.crt");
                    arrayList.add("-key-file");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.KEYSTORE_CERT_ALIAS) + "=/tls-pem/tls.key");
                    arrayList.add("-keystore");
                    arrayList.add("/tls-jks/" + AutoTLSEnricher.this.getConfig(Config.KEYSTORE_FILE_NAME));
                    arrayList.add("-keystore-password");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.KEYSTORE_PASSWORD));
                    return arrayList;
                }

                private List<VolumeMount> createMounts() {
                    return Arrays.asList(new VolumeMountBuilder().withName(AutoTLSEnricher.this.getConfig(Config.TLS_SECRET_VOLUME_NAME)).withMountPath("/tls-pem").build(), new VolumeMountBuilder().withName(AutoTLSEnricher.this.getConfig(Config.JKS_VOLUME_NAME)).withMountPath("/tls-jks").build());
                }
            }});
            kubernetesListBuilder.accept(new Visitor[]{new TypedVisitor<PodSpecBuilder>() { // from class: org.eclipse.jkube.enricher.generic.openshift.AutoTLSEnricher.2
                public void visit(PodSpecBuilder podSpecBuilder) {
                    String config = AutoTLSEnricher.this.getConfig(Config.TLS_SECRET_VOLUME_NAME);
                    if (!isVolumeAlreadyExists(podSpecBuilder.buildVolumes(), config)) {
                        ((PodSpecFluent.VolumesNested) podSpecBuilder.addNewVolume().withName(config).withNewSecret().withSecretName(AutoTLSEnricher.this.secretName).endSecret()).endVolume();
                    }
                    String config2 = AutoTLSEnricher.this.getConfig(Config.JKS_VOLUME_NAME);
                    if (isVolumeAlreadyExists(podSpecBuilder.buildVolumes(), config2)) {
                        return;
                    }
                    ((PodSpecFluent.VolumesNested) podSpecBuilder.addNewVolume().withName(config2).withNewEmptyDir().withMedium("Memory").endEmptyDir()).endVolume();
                }

                private boolean isVolumeAlreadyExists(List<Volume> list, String str) {
                    Iterator<Volume> it = list.iterator();
                    while (it.hasNext()) {
                        if (str.equals(it.next().getName())) {
                            return true;
                        }
                    }
                    return false;
                }
            }});
            kubernetesListBuilder.accept(new Visitor[]{new TypedVisitor<ContainerBuilder>() { // from class: org.eclipse.jkube.enricher.generic.openshift.AutoTLSEnricher.3
                public void visit(ContainerBuilder containerBuilder) {
                    String config = AutoTLSEnricher.this.getConfig(Config.TLS_SECRET_VOLUME_NAME);
                    if (!isVolumeMountAlreadyExists(containerBuilder.buildVolumeMounts(), config)) {
                        containerBuilder.addNewVolumeMount().withName(config).withMountPath(AutoTLSEnricher.this.getConfig(Config.TLS_SECRET_VOLUME_MOUNT_POINT)).withReadOnly(true).endVolumeMount();
                    }
                    String config2 = AutoTLSEnricher.this.getConfig(Config.JKS_VOLUME_NAME);
                    if (isVolumeMountAlreadyExists(containerBuilder.buildVolumeMounts(), config2)) {
                        return;
                    }
                    containerBuilder.addNewVolumeMount().withName(config2).withMountPath(AutoTLSEnricher.this.getConfig(Config.JKS_VOLUME_MOUNT_POINT)).withReadOnly(true).endVolumeMount();
                }

                private boolean isVolumeMountAlreadyExists(List<VolumeMount> list, String str) {
                    Iterator<VolumeMount> it = list.iterator();
                    while (it.hasNext()) {
                        if (str.equals(it.next().getName())) {
                            return true;
                        }
                    }
                    return false;
                }
            }});
            kubernetesListBuilder.accept(new Visitor[]{new TypedVisitor<ServiceBuilder>() { // from class: org.eclipse.jkube.enricher.generic.openshift.AutoTLSEnricher.4
                public void visit(ServiceBuilder serviceBuilder) {
                    serviceBuilder.editOrNewMetadata().addToAnnotations(AutoTLSEnricher.AUTOTLS_ANNOTATION_KEY, AutoTLSEnricher.this.secretName).endMetadata();
                }
            }});
        }
    }
}
