package com.yahoo.vespa.hosted.ca.restapi;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.yahoo.security.Pkcs10CsrUtils;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.text.StringUtilities;
import com.yahoo.vespa.athenz.api.AthenzService;
import com.yahoo.vespa.athenz.identityprovider.api.IdentityType;
import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument;
import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId;
import com.yahoo.vespa.hosted.ca.instance.InstanceIdentity;
import com.yahoo.vespa.hosted.ca.instance.InstanceRefresh;
import com.yahoo.vespa.hosted.ca.instance.InstanceRegistration;
import java.io.IOException;
import java.time.Instant;
import java.util.HashSet;

/* loaded from: input_file:com/yahoo/vespa/hosted/ca/restapi/InstanceSerializer.class */
public class InstanceSerializer {
    private static final String PROVIDER_FIELD = "provider";
    private static final String DOMAIN_FIELD = "domain";
    private static final String SERVICE_FIELD = "service";
    private static final String ATTESTATION_DATA_FIELD = "attestationData";
    private static final String CSR_FIELD = "csr";
    private static final String NAME_FIELD = "service";
    private static final String INSTANCE_ID_FIELD = "instanceId";
    private static final String X509_CERTIFICATE_FIELD = "x509Certificate";
    private static final String IDD_SIGNATURE_FIELD = "signature";
    private static final String IDD_SIGNING_KEY_VERSION_FIELD = "signing-key-version";
    private static final String IDD_PROVIDER_UNIQUE_ID_FIELD = "provider-unique-id";
    private static final String IDD_PROVIDER_SERVICE_FIELD = "provider-service";
    private static final String IDD_DOCUMENT_VERSION_FIELD = "document-version";
    private static final String IDD_CONFIGSERVER_HOSTNAME_FIELD = "configserver-hostname";
    private static final String IDD_INSTANCE_HOSTNAME_FIELD = "instance-hostname";
    private static final String IDD_CREATED_AT_FIELD = "created-at";
    private static final String IDD_IPADDRESSES_FIELD = "ip-addresses";
    private static final String IDD_IDENTITY_TYPE_FIELD = "identity-type";
    private static final ObjectMapper objectMapper = new ObjectMapper();

    private InstanceSerializer() {
    }

    public static InstanceRegistration registrationFromSlime(Slime slime) {
        Cursor cursor = slime.get();
        return new InstanceRegistration(requireField(PROVIDER_FIELD, cursor).asString(), requireField(DOMAIN_FIELD, cursor).asString(), requireField("service", cursor).asString(), attestationDataToIdentityDocument(StringUtilities.unescape(requireField(ATTESTATION_DATA_FIELD, cursor).asString())), Pkcs10CsrUtils.fromPem(requireField(CSR_FIELD, cursor).asString()));
    }

    public static InstanceRefresh refreshFromSlime(Slime slime) {
        return new InstanceRefresh(Pkcs10CsrUtils.fromPem(requireField(CSR_FIELD, slime.get()).asString()));
    }

    public static Slime identityToSlime(InstanceIdentity instanceIdentity) {
        Slime slime = new Slime();
        Cursor object = slime.setObject();
        object.setString(PROVIDER_FIELD, instanceIdentity.provider());
        object.setString("service", instanceIdentity.service());
        object.setString(INSTANCE_ID_FIELD, instanceIdentity.instanceId());
        instanceIdentity.x509Certificate().map(X509CertificateUtils::toPem).ifPresent(str -> {
            object.setString(X509_CERTIFICATE_FIELD, str);
        });
        return slime;
    }

    public static SignedIdentityDocument attestationDataToIdentityDocument(String str) {
        Cursor cursor = SlimeUtils.jsonToSlime(str).get();
        String asString = requireField(IDD_SIGNATURE_FIELD, cursor).asString();
        long asLong = requireField(IDD_SIGNING_KEY_VERSION_FIELD, cursor).asLong();
        VespaUniqueInstanceId fromDottedString = VespaUniqueInstanceId.fromDottedString(requireField(IDD_PROVIDER_UNIQUE_ID_FIELD, cursor).asString());
        AthenzService athenzService = new AthenzService(requireField(IDD_PROVIDER_SERVICE_FIELD, cursor).asString());
        long asLong2 = requireField(IDD_DOCUMENT_VERSION_FIELD, cursor).asLong();
        String asString2 = requireField(IDD_CONFIGSERVER_HOSTNAME_FIELD, cursor).asString();
        String asString3 = requireField(IDD_INSTANCE_HOSTNAME_FIELD, cursor).asString();
        Instant jsr310Instant = getJsr310Instant(requireField(IDD_CREATED_AT_FIELD, cursor).asDouble());
        HashSet hashSet = new HashSet();
        requireField(IDD_IPADDRESSES_FIELD, cursor).traverse((i, inspector) -> {
            hashSet.add(inspector.asString());
        });
        return new SignedIdentityDocument(asString, (int) asLong, fromDottedString, athenzService, (int) asLong2, asString2, asString3, jsr310Instant, hashSet, IdentityType.fromId(requireField(IDD_IDENTITY_TYPE_FIELD, cursor).asString()));
    }

    private static Instant getJsr310Instant(double d) {
        try {
            return (Instant) objectMapper.readValue(Double.toString(d), Instant.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static Cursor requireField(String str, Cursor cursor) {
        Cursor field = cursor.field(str);
        if (field.valid()) {
            return field;
        }
        throw new IllegalArgumentException("Missing required field '" + str + "'");
    }

    static {
        objectMapper.registerModule(new JavaTimeModule());
    }
}
