package io.fabric8.maven.enricher.standard.openshift;

import io.fabric8.kubernetes.api.builder.TypedVisitor;
import io.fabric8.kubernetes.api.model.Container;
import io.fabric8.kubernetes.api.model.ContainerBuilder;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.PodSpecBuilder;
import io.fabric8.kubernetes.api.model.PodSpecFluent;
import io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder;
import io.fabric8.kubernetes.api.model.ServiceBuilder;
import io.fabric8.kubernetes.api.model.Volume;
import io.fabric8.kubernetes.api.model.VolumeMount;
import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
import io.fabric8.maven.core.config.PlatformMode;
import io.fabric8.maven.core.util.Configs;
import io.fabric8.maven.enricher.api.BaseEnricher;
import io.fabric8.maven.enricher.api.MavenEnricherContext;
import io.fabric8.maven.enricher.api.util.InitContainerHandler;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:io/fabric8/maven/enricher/standard/openshift/AutoTLSEnricher.class */
public class AutoTLSEnricher extends BaseEnricher {
    static final String ENRICHER_NAME = "fmp-openshift-autotls";
    static final String AUTOTLS_ANNOTATION_KEY = "service.alpha.openshift.io/serving-cert-secret-name";
    private String secretName;
    private final InitContainerHandler initContainerHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/fabric8/maven/enricher/standard/openshift/AutoTLSEnricher$Config.class */
    public enum Config implements Configs.Key {
        tlsSecretName,
        tlsSecretVolumeMountPoint { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.1
        },
        tlsSecretVolumeName { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.2
        },
        jksVolumeMountPoint { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.3
        },
        jksVolumeName { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.4
        },
        pemToJKSInitContainerImage { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.5
        },
        pemToJKSInitContainerName { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.6
        },
        keystoreFileName { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.7
        },
        keystorePassword { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.8
        },
        keystoreCertAlias { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.Config.9
        };

        protected String d;

        public String def() {
            return this.d;
        }
    }

    public AutoTLSEnricher(MavenEnricherContext mavenEnricherContext) {
        super(mavenEnricherContext, ENRICHER_NAME);
        this.secretName = getConfig(Config.tlsSecretName, getContext().getGav().getArtifactId() + "-tls");
        this.initContainerHandler = new InitContainerHandler(mavenEnricherContext.getLog());
    }

    public void create(PlatformMode platformMode, KubernetesListBuilder kubernetesListBuilder) {
        if (isOpenShiftMode()) {
            kubernetesListBuilder.accept(new TypedVisitor<PodSpecBuilder>() { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.1
                public void visit(PodSpecBuilder podSpecBuilder) {
                    String config = AutoTLSEnricher.this.getConfig(Config.tlsSecretVolumeName);
                    if (!isVolumeAlreadyExists(podSpecBuilder.buildVolumes(), config)) {
                        ((PodSpecFluent.VolumesNested) podSpecBuilder.addNewVolume().withName(config).withNewSecret().withSecretName(AutoTLSEnricher.this.secretName).endSecret()).endVolume();
                    }
                    String config2 = AutoTLSEnricher.this.getConfig(Config.jksVolumeName);
                    if (isVolumeAlreadyExists(podSpecBuilder.buildVolumes(), config2)) {
                        return;
                    }
                    ((PodSpecFluent.VolumesNested) podSpecBuilder.addNewVolume().withName(config2).withNewEmptyDir().withMedium("Memory").endEmptyDir()).endVolume();
                }

                private boolean isVolumeAlreadyExists(List<Volume> list, String str) {
                    Iterator<Volume> it = list.iterator();
                    while (it.hasNext()) {
                        if (str.equals(it.next().getName())) {
                            return true;
                        }
                    }
                    return false;
                }
            });
            kubernetesListBuilder.accept(new TypedVisitor<ContainerBuilder>() { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.2
                public void visit(ContainerBuilder containerBuilder) {
                    String config = AutoTLSEnricher.this.getConfig(Config.tlsSecretVolumeName);
                    if (!isVolumeMountAlreadyExists(containerBuilder.buildVolumeMounts(), config)) {
                        containerBuilder.addNewVolumeMount().withName(config).withMountPath(AutoTLSEnricher.this.getConfig(Config.tlsSecretVolumeMountPoint)).withReadOnly(true).endVolumeMount();
                    }
                    String config2 = AutoTLSEnricher.this.getConfig(Config.jksVolumeName);
                    if (isVolumeMountAlreadyExists(containerBuilder.buildVolumeMounts(), config2)) {
                        return;
                    }
                    containerBuilder.addNewVolumeMount().withName(config2).withMountPath(AutoTLSEnricher.this.getConfig(Config.jksVolumeMountPoint)).withReadOnly(true).endVolumeMount();
                }

                private boolean isVolumeMountAlreadyExists(List<VolumeMount> list, String str) {
                    Iterator<VolumeMount> it = list.iterator();
                    while (it.hasNext()) {
                        if (str.equals(it.next().getName())) {
                            return true;
                        }
                    }
                    return false;
                }
            });
            kubernetesListBuilder.accept(new TypedVisitor<ServiceBuilder>() { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.3
                public void visit(ServiceBuilder serviceBuilder) {
                    serviceBuilder.editOrNewMetadata().addToAnnotations(AutoTLSEnricher.AUTOTLS_ANNOTATION_KEY, AutoTLSEnricher.this.secretName).endMetadata();
                }
            });
        }
    }

    public void enrich(PlatformMode platformMode, KubernetesListBuilder kubernetesListBuilder) {
        if (isOpenShiftMode()) {
            kubernetesListBuilder.accept(new TypedVisitor<PodTemplateSpecBuilder>() { // from class: io.fabric8.maven.enricher.standard.openshift.AutoTLSEnricher.4
                public void visit(PodTemplateSpecBuilder podTemplateSpecBuilder) {
                    AutoTLSEnricher.this.initContainerHandler.appendInitContainer(podTemplateSpecBuilder, createInitContainer());
                }

                private Container createInitContainer() {
                    return new ContainerBuilder().withName(AutoTLSEnricher.this.getConfig(Config.pemToJKSInitContainerName)).withImage(AutoTLSEnricher.this.getConfig(Config.pemToJKSInitContainerImage)).withImagePullPolicy("IfNotPresent").withArgs(createArgsArray()).withVolumeMounts(createMounts()).build();
                }

                private List<String> createArgsArray() {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add("-cert-file");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.keystoreCertAlias) + "=/tls-pem/tls.crt");
                    arrayList.add("-key-file");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.keystoreCertAlias) + "=/tls-pem/tls.key");
                    arrayList.add("-keystore");
                    arrayList.add("/tls-jks/" + AutoTLSEnricher.this.getConfig(Config.keystoreFileName));
                    arrayList.add("-keystore-password");
                    arrayList.add(AutoTLSEnricher.this.getConfig(Config.keystorePassword));
                    return arrayList;
                }

                private List<VolumeMount> createMounts() {
                    return Arrays.asList(new VolumeMountBuilder().withName(AutoTLSEnricher.this.getConfig(Config.tlsSecretVolumeName)).withMountPath("/tls-pem").build(), new VolumeMountBuilder().withName(AutoTLSEnricher.this.getConfig(Config.jksVolumeName)).withMountPath("/tls-jks").build());
                }
            });
        }
    }
}
