package com.yahoo.vespa.hosted.athenz.instanceproviderservice;

import com.google.inject.Inject;
import com.yahoo.config.provision.Zone;
import com.yahoo.net.HostName;
import com.yahoo.vespa.athenz.api.AthenzService;
import com.yahoo.vespa.athenz.identityprovider.api.IdentityType;
import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument;
import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId;
import com.yahoo.vespa.athenz.identityprovider.client.IdentityDocumentSigner;
import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
import com.yahoo.vespa.hosted.provision.Node;
import com.yahoo.vespa.hosted.provision.NodeRepository;
import com.yahoo.vespa.hosted.provision.node.Allocation;
import java.security.PrivateKey;
import java.time.Instant;
import java.util.HashSet;

/* loaded from: input_file:com/yahoo/vespa/hosted/athenz/instanceproviderservice/IdentityDocumentGenerator.class */
public class IdentityDocumentGenerator {
    private final IdentityDocumentSigner signer = new IdentityDocumentSigner();
    private final NodeRepository nodeRepository;
    private final Zone zone;
    private final KeyProvider keyProvider;
    private final AthenzProviderServiceConfig athenzProviderServiceConfig;

    @Inject
    public IdentityDocumentGenerator(AthenzProviderServiceConfig athenzProviderServiceConfig, NodeRepository nodeRepository, Zone zone, KeyProvider keyProvider) {
        this.athenzProviderServiceConfig = athenzProviderServiceConfig;
        this.nodeRepository = nodeRepository;
        this.zone = zone;
        this.keyProvider = keyProvider;
    }

    public SignedIdentityDocument generateSignedIdentityDocument(String str, IdentityType identityType) {
        try {
            Node node = (Node) this.nodeRepository.nodes().node(str, new Node.State[0]).orElseThrow(() -> {
                return new RuntimeException("Unable to find node " + str);
            });
            Allocation allocation = (Allocation) node.allocation().orElseThrow(() -> {
                return new RuntimeException("No allocation for node " + node.hostname());
            });
            VespaUniqueInstanceId vespaUniqueInstanceId = new VespaUniqueInstanceId(allocation.membership().index(), allocation.membership().cluster().id().value(), allocation.owner().instance().value(), allocation.owner().application().value(), allocation.owner().tenant().value(), this.zone.region().value(), this.zone.environment().value(), identityType);
            HashSet hashSet = new HashSet(node.ipConfig().primary());
            PrivateKey privateKey = this.keyProvider.getPrivateKey(this.athenzProviderServiceConfig.secretVersion());
            AthenzService athenzService = new AthenzService(this.athenzProviderServiceConfig.domain(), this.athenzProviderServiceConfig.serviceName());
            String localhost = HostName.getLocalhost();
            Instant now = Instant.now();
            return new SignedIdentityDocument(this.signer.generateSignature(vespaUniqueInstanceId, athenzService, localhost, node.hostname(), now, hashSet, identityType, privateKey), 0, vespaUniqueInstanceId, athenzService, 1, localhost, node.hostname(), now, hashSet, identityType);
        } catch (Exception e) {
            throw new RuntimeException("Exception generating identity document: " + e.getMessage(), e);
        }
    }
}
