package ai.vespa.hosted.api;

import ai.vespa.hosted.api.DeploymentLog;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.config.provision.ApplicationName;
import com.yahoo.config.provision.Environment;
import com.yahoo.config.provision.InstanceName;
import com.yahoo.config.provision.TenantName;
import com.yahoo.config.provision.zone.ZoneId;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.SslContextBuilder;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Inspector;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.text.Utf8;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.OptionalLong;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:ai/vespa/hosted/api/ControllerHttpClient.class */
public abstract class ControllerHttpClient {
    private final HttpClient client;
    private final URI endpoint;

    /* loaded from: input_file:ai/vespa/hosted/api/ControllerHttpClient$InstanceInfo.class */
    public static class InstanceInfo {
        private final ApplicationId applicationId;
        private final List<ZoneDeployment> zones;

        InstanceInfo(ApplicationId applicationId, List<ZoneDeployment> list) {
            this.applicationId = applicationId;
            this.zones = list;
        }

        public ApplicationId applicationId() {
            return this.applicationId;
        }

        public List<ZoneDeployment> zones() {
            return this.zones;
        }
    }

    /* loaded from: input_file:ai/vespa/hosted/api/ControllerHttpClient$MutualTlsControllerHttpClient.class */
    private static class MutualTlsControllerHttpClient extends ControllerHttpClient {
        private MutualTlsControllerHttpClient(URI uri, SSLContext sSLContext) {
            super(uri, (SSLContext) Objects.requireNonNull(sSLContext));
        }

        private MutualTlsControllerHttpClient(URI uri, PrivateKey privateKey, List<X509Certificate> list) {
            this(uri, new SslContextBuilder().withKeyStore(privateKey, list).build());
        }
    }

    /* loaded from: input_file:ai/vespa/hosted/api/ControllerHttpClient$SigningControllerHttpClient.class */
    private static class SigningControllerHttpClient extends ControllerHttpClient {
        private final RequestSigner signer;

        private SigningControllerHttpClient(URI uri, String str, ApplicationId applicationId) {
            super(uri, null);
            this.signer = new RequestSigner(str, applicationId.serializedForm());
        }

        private SigningControllerHttpClient(URI uri, Path path, ApplicationId applicationId) {
            this(uri, (String) ControllerHttpClient.unchecked(() -> {
                return Files.readString(path, StandardCharsets.UTF_8);
            }), applicationId);
        }

        @Override // ai.vespa.hosted.api.ControllerHttpClient
        protected HttpRequest request(HttpRequest.Builder builder, Method method, Supplier<InputStream> supplier) {
            return this.signer.signed(builder, method, supplier);
        }
    }

    /* loaded from: input_file:ai/vespa/hosted/api/ControllerHttpClient$ZoneDeployment.class */
    public static class ZoneDeployment {
        private final ZoneId zone;
        private final Optional<String> uri;

        public ZoneDeployment(ZoneId zoneId, Optional<String> optional) {
            this.zone = zoneId;
            this.uri = optional;
        }

        public ZoneId zone() {
            return this.zone;
        }

        public boolean isDeployed() {
            return this.uri.isPresent();
        }
    }

    protected ControllerHttpClient(URI uri, SSLContext sSLContext) {
        if (sSLContext == null) {
            try {
                sSLContext = SSLContext.getDefault();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }
        this.endpoint = uri.resolve("/");
        this.client = HttpClient.newBuilder().connectTimeout(Duration.ofSeconds(5L)).version(HttpClient.Version.HTTP_1_1).sslContext(sSLContext).sslParameters(tlsv12Parameters(sSLContext)).build();
    }

    public static ControllerHttpClient withSignatureKey(URI uri, String str, ApplicationId applicationId) {
        return new SigningControllerHttpClient(uri, str, applicationId);
    }

    public static ControllerHttpClient withSignatureKey(URI uri, Path path, ApplicationId applicationId) {
        return new SigningControllerHttpClient(uri, path, applicationId);
    }

    public static ControllerHttpClient withSSLContext(URI uri, SSLContext sSLContext) {
        return new MutualTlsControllerHttpClient(uri, sSLContext);
    }

    public static ControllerHttpClient withKeyAndCertificate(URI uri, Path path, Path path2) {
        PrivateKey privateKey = (PrivateKey) unchecked(() -> {
            return KeyUtils.fromPemEncodedPrivateKey(Files.readString(path, StandardCharsets.UTF_8));
        });
        List<X509Certificate> list = (List) unchecked(() -> {
            return X509CertificateUtils.certificateListFromPem(Files.readString(path2, StandardCharsets.UTF_8));
        });
        for (X509Certificate x509Certificate : list) {
            if (Instant.now().isBefore(x509Certificate.getNotBefore().toInstant()) || Instant.now().isAfter(x509Certificate.getNotAfter().toInstant())) {
                throw new IllegalStateException("Certificate at '" + path2 + "' is valid between " + x509Certificate.getNotBefore() + " and " + x509Certificate.getNotAfter() + " — not now.");
            }
        }
        return new MutualTlsControllerHttpClient(uri, privateKey, list);
    }

    public String submit(Submission submission, TenantName tenantName, ApplicationName applicationName) {
        return toMessage(send(request(HttpRequest.newBuilder(applicationPath(tenantName, applicationName).resolve("submit")).timeout(Duration.ofMinutes(30L)), Method.POST, new MultiPartStreamer().addJson("submitOptions", metaToJson(submission)).addFile("applicationZip", submission.applicationZip()).addFile("applicationTestZip", submission.applicationTestZip())), 1));
    }

    public DeploymentResult deploy(Deployment deployment, ApplicationId applicationId, ZoneId zoneId) {
        return toDeploymentResult(send(request(HttpRequest.newBuilder(deploymentJobPath(applicationId, zoneId)).timeout(Duration.ofMinutes(20L)), Method.POST, toDataStream(deployment)), 1));
    }

    public String deactivate(ApplicationId applicationId, ZoneId zoneId) {
        return toMessage(send(request(HttpRequest.newBuilder(deploymentPath(applicationId, zoneId)).timeout(Duration.ofMinutes(3L)), Method.DELETE)));
    }

    public String suspend(ApplicationId applicationId, ZoneId zoneId, boolean z) {
        return toMessage(send(request(HttpRequest.newBuilder(suspendPath(applicationId, zoneId)).timeout(Duration.ofSeconds(10L)), z ? Method.POST : Method.DELETE)));
    }

    public ZoneId defaultZone(Environment environment) {
        return ZoneId.from(environment.value(), toInspector(send(request(HttpRequest.newBuilder(defaultRegionPath(environment)).timeout(Duration.ofSeconds(10L)), Method.GET))).field("name").asString());
    }

    public String compileVersion(ApplicationId applicationId, OptionalInt optionalInt) {
        URI compileVersionPath = compileVersionPath(applicationId.tenant(), applicationId.application());
        if (optionalInt.isPresent()) {
            compileVersionPath = withQuery(compileVersionPath, "allowMajor", Integer.toString(optionalInt.getAsInt()));
        }
        return toInspector(send(request(HttpRequest.newBuilder(compileVersionPath).timeout(Duration.ofSeconds(20L)), Method.GET))).field("compileVersion").asString();
    }

    public TestConfig testConfig(ApplicationId applicationId, ZoneId zoneId) {
        return TestConfig.fromJson((byte[]) send(request(HttpRequest.newBuilder(testConfigPath(applicationId, zoneId)).timeout(Duration.ofSeconds(10L)), Method.GET)).body());
    }

    public DeploymentLog deploymentLog(ApplicationId applicationId, ZoneId zoneId, long j, long j2) {
        return toDeploymentLog(send(request(HttpRequest.newBuilder(runPath(applicationId, zoneId, j, j2)).timeout(Duration.ofMinutes(2L)), Method.GET)));
    }

    public HttpResponse<byte[]> applicationPackage(ApplicationId applicationId) {
        return send(request(HttpRequest.newBuilder(applicationPackagePath(applicationId)).timeout(Duration.ofMinutes(2L)), Method.GET));
    }

    public Set<TenantName> tenants() {
        return toTenants(send(request(HttpRequest.newBuilder(tenantsPath()).timeout(Duration.ofSeconds(20L)), Method.GET)));
    }

    public Set<ApplicationName> applications(TenantName tenantName) {
        return toApplications(send(request(HttpRequest.newBuilder(applicationsPath(tenantName)).timeout(Duration.ofSeconds(20L)), Method.GET)));
    }

    public Set<ApplicationId> applicationInstances(TenantName tenantName) {
        return toApplicationInstances(send(request(HttpRequest.newBuilder(applicationsPath(tenantName)).timeout(Duration.ofSeconds(20L)), Method.GET)), tenantName);
    }

    public InstanceInfo applicationInstance(ApplicationId applicationId) {
        return toInstanceInfo(send(request(HttpRequest.newBuilder(instancePath(applicationId)).timeout(Duration.ofSeconds(20L)), Method.GET)), applicationId);
    }

    public DeploymentLog followDeploymentUntilDone(ApplicationId applicationId, ZoneId zoneId, long j, Consumer<DeploymentLog.Entry> consumer) {
        long j2 = -1;
        DeploymentLog deploymentLog = null;
        while (true) {
            DeploymentLog deploymentLog2 = deploymentLog(applicationId, zoneId, j, j2);
            Iterator<DeploymentLog.Entry> it = deploymentLog2.entries().iterator();
            while (it.hasNext()) {
                consumer.accept(it.next());
            }
            deploymentLog = deploymentLog == null ? deploymentLog2 : deploymentLog.updatedWith(deploymentLog2);
            j2 = deploymentLog.last().orElse(j2);
            if (!deploymentLog.isActive()) {
                break;
            }
            try {
                Thread.sleep(1000L);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        }
        return deploymentLog;
    }

    public DeploymentLog deploymentLog(ApplicationId applicationId, ZoneId zoneId, long j) {
        return deploymentLog(applicationId, zoneId, j, -1L);
    }

    protected HttpRequest request(HttpRequest.Builder builder, Method method, Supplier<InputStream> supplier) {
        return builder.method(method.name(), HttpRequest.BodyPublishers.ofInputStream(supplier)).build();
    }

    private HttpRequest request(HttpRequest.Builder builder, Method method) {
        return request(builder, method, InputStream::nullInputStream);
    }

    private HttpRequest request(HttpRequest.Builder builder, Method method, byte[] bArr) {
        return request(builder, method, () -> {
            return new ByteArrayInputStream(bArr);
        });
    }

    private HttpRequest request(HttpRequest.Builder builder, Method method, MultiPartStreamer multiPartStreamer) {
        HttpRequest.Builder header = builder.setHeader("Content-Type", multiPartStreamer.contentType());
        Objects.requireNonNull(multiPartStreamer);
        return request(header, method, multiPartStreamer::data);
    }

    private URI applicationApiPath() {
        return concatenated(this.endpoint, "application", "v4");
    }

    private URI tenantsPath() {
        return concatenated(applicationApiPath(), "tenant");
    }

    private URI tenantPath(TenantName tenantName) {
        return concatenated(applicationApiPath(), "tenant", tenantName.value());
    }

    private URI applicationsPath(TenantName tenantName) {
        return concatenated(tenantPath(tenantName), "application");
    }

    private URI applicationPath(TenantName tenantName, ApplicationName applicationName) {
        return concatenated(tenantPath(tenantName), "application", applicationName.value());
    }

    private URI compileVersionPath(TenantName tenantName, ApplicationName applicationName) {
        return concatenated(applicationPath(tenantName, applicationName), "compile-version");
    }

    private URI instancePath(ApplicationId applicationId) {
        return concatenated(applicationPath(applicationId.tenant(), applicationId.application()), "instance", applicationId.instance().value());
    }

    private URI deploymentPath(ApplicationId applicationId, ZoneId zoneId) {
        return concatenated(instancePath(applicationId), "environment", zoneId.environment().value(), "region", zoneId.region().value());
    }

    private URI suspendPath(ApplicationId applicationId, ZoneId zoneId) {
        return concatenated(deploymentPath(applicationId, zoneId), "suspend");
    }

    private URI deploymentJobPath(ApplicationId applicationId, ZoneId zoneId) {
        return concatenated(instancePath(applicationId), "deploy", jobNameOf(zoneId));
    }

    private URI jobPath(ApplicationId applicationId, ZoneId zoneId) {
        return concatenated(instancePath(applicationId), "job", jobNameOf(zoneId));
    }

    private URI testConfigPath(ApplicationId applicationId, ZoneId zoneId) {
        return concatenated(jobPath(applicationId, zoneId), "test-config");
    }

    private URI runPath(ApplicationId applicationId, ZoneId zoneId, long j, long j2) {
        return withQuery(concatenated(jobPath(applicationId, zoneId), "run", Long.toString(j)), "after", Long.toString(j2));
    }

    private URI applicationPackagePath(ApplicationId applicationId) {
        return concatenated(applicationPath(applicationId.tenant(), applicationId.application()), "package");
    }

    private URI defaultRegionPath(Environment environment) {
        return concatenated(this.endpoint, "zone", "v1", "environment", environment.value(), "default");
    }

    private static URI concatenated(URI uri, String... strArr) {
        return uri.resolve(((String) Stream.of((Object[]) strArr).map(str -> {
            return URLEncoder.encode(str, StandardCharsets.UTF_8);
        }).collect(Collectors.joining("/"))) + "/");
    }

    private static URI withQuery(URI uri, String str, String str2) {
        return uri.resolve("?" + (uri.getRawQuery() != null ? uri.getRawQuery() + "&" : "") + URLEncoder.encode(str, StandardCharsets.UTF_8) + "=" + URLEncoder.encode(str2, StandardCharsets.UTF_8));
    }

    private static String jobNameOf(ZoneId zoneId) {
        return (zoneId.environment().isProduction() ? "production" : zoneId.environment().value()) + "-" + zoneId.region().value();
    }

    private HttpResponse<byte[]> send(HttpRequest httpRequest) {
        return send(httpRequest, 10);
    }

    private HttpResponse<byte[]> send(HttpRequest httpRequest, int i) {
        if (i < 1) {
            throw new IllegalStateException("Programming error, attempts must be at least 1");
        }
        UncheckedIOException uncheckedIOException = null;
        for (int i2 = 1; i2 <= i; i2++) {
            try {
                HttpResponse<byte[]> send = this.client.send(httpRequest, HttpResponse.BodyHandlers.ofByteArray());
                if (send.statusCode() / 100 == 2) {
                    return send;
                }
                Cursor cursor = toSlime((byte[]) send.body()).get();
                String str = send.request() + " returned code " + send.statusCode() + (cursor.field("error-code").valid() ? " (" + cursor.field("error-code").asString() + ")" : "") + ": " + cursor.field("message").asString();
                if (send.statusCode() == 403) {
                    throw new IllegalArgumentException("Access denied for " + httpRequest + ": " + str);
                }
                if (send.statusCode() / 100 == 4) {
                    throw new IllegalArgumentException("Bad request for " + httpRequest + ": " + str);
                }
                throw new IOException(str);
            } catch (IOException e) {
                if (uncheckedIOException == null) {
                    uncheckedIOException = new UncheckedIOException("Failed " + httpRequest + ": " + e, e);
                } else {
                    uncheckedIOException.addSuppressed(e);
                }
                if (i2 < 10) {
                    try {
                        Thread.sleep(10 << i2);
                    } catch (InterruptedException e2) {
                        throw new RuntimeException(e2);
                    }
                }
            } catch (InterruptedException e3) {
                throw new RuntimeException(e3);
            }
        }
        throw uncheckedIOException;
    }

    private static <T> T unchecked(Callable<T> callable) {
        try {
            return callable.call();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static String metaToJson(Deployment deployment) {
        Slime slime = new Slime();
        Cursor object = slime.setObject();
        deployment.version().ifPresent(str -> {
            object.setString("vespaVersion", str);
        });
        if (deployment.isDryRun()) {
            object.setString("dryRun", "true");
        }
        return toJson(slime);
    }

    private static String metaToJson(Submission submission) {
        Slime slime = new Slime();
        Cursor object = slime.setObject();
        submission.repository().ifPresent(str -> {
            object.setString("repository", str);
        });
        submission.branch().ifPresent(str2 -> {
            object.setString("branch", str2);
        });
        submission.commit().ifPresent(str3 -> {
            object.setString("commit", str3);
        });
        submission.sourceUrl().ifPresent(str4 -> {
            object.setString("sourceUrl", str4);
        });
        submission.authorEmail().ifPresent(str5 -> {
            object.setString("authorEmail", str5);
        });
        submission.projectId().ifPresent(l -> {
            object.setLong("projectId", l.longValue());
        });
        submission.risk().ifPresent(num -> {
            object.setLong("risk", num.intValue());
        });
        submission.description().ifPresent(str6 -> {
            object.setString("description", str6);
        });
        return toJson(slime);
    }

    private static MultiPartStreamer toDataStream(Deployment deployment) {
        MultiPartStreamer multiPartStreamer = new MultiPartStreamer();
        multiPartStreamer.addJson("deployOptions", metaToJson(deployment));
        multiPartStreamer.addFile("applicationZip", deployment.applicationZip());
        return multiPartStreamer;
    }

    private static String asString(HttpResponse<byte[]> httpResponse) {
        return new String((byte[]) httpResponse.body(), StandardCharsets.UTF_8);
    }

    private static Inspector toInspector(HttpResponse<byte[]> httpResponse) {
        return toSlime((byte[]) httpResponse.body()).get();
    }

    private static String toMessage(HttpResponse<byte[]> httpResponse) {
        return toInspector(httpResponse).field("message").asString();
    }

    private static DeploymentResult toDeploymentResult(HttpResponse<byte[]> httpResponse) {
        Inspector inspector = toInspector(httpResponse);
        return new DeploymentResult(inspector.field("message").asString(), inspector.field("run").asLong());
    }

    private static DeploymentLog toDeploymentLog(HttpResponse<byte[]> httpResponse) {
        Inspector inspector = toInspector(httpResponse);
        ArrayList arrayList = new ArrayList();
        inspector.field("log").traverse((str, inspector2) -> {
            inspector2.traverse((i, inspector2) -> {
                arrayList.add(new DeploymentLog.Entry(Instant.ofEpochMilli(inspector2.field("at").asLong()), DeploymentLog.Level.of(inspector2.field("type").asString()), inspector2.field("message").asString(), "copyVespaLogs".equals(str)));
            });
        });
        return new DeploymentLog(arrayList, inspector.field("active").asBool(), valueOf(inspector.field("status").asString()), inspector.field("lastId").valid() ? OptionalLong.of(inspector.field("lastId").asLong()) : OptionalLong.empty());
    }

    private static Set<TenantName> toTenants(HttpResponse<byte[]> httpResponse) {
        HashSet hashSet = new HashSet();
        toInspector(httpResponse).traverse((i, inspector) -> {
            hashSet.add(TenantName.from(inspector.field("tenant").asString()));
        });
        return hashSet;
    }

    private static Set<ApplicationName> toApplications(HttpResponse<byte[]> httpResponse) {
        HashSet hashSet = new HashSet();
        toInspector(httpResponse).traverse((i, inspector) -> {
            hashSet.add(ApplicationName.from(inspector.field("application").asString()));
        });
        return hashSet;
    }

    private static Set<ApplicationId> toApplicationInstances(HttpResponse<byte[]> httpResponse, TenantName tenantName) {
        HashSet hashSet = new HashSet();
        toInspector(httpResponse).traverse((i, inspector) -> {
            ApplicationName from = ApplicationName.from(inspector.field("application").asString());
            inspector.field("instances").traverse((i, inspector) -> {
                hashSet.add(ApplicationId.from(tenantName, from, InstanceName.from(inspector.field("instance").asString())));
            });
        });
        return hashSet;
    }

    private static InstanceInfo toInstanceInfo(HttpResponse<byte[]> httpResponse, ApplicationId applicationId) {
        ArrayList arrayList = new ArrayList();
        toInspector(httpResponse).field("instances").traverse((i, inspector) -> {
            arrayList.add(new ZoneDeployment(ZoneId.from(inspector.field("environment").asString(), inspector.field("region").asString()), inspector.field("url").valid() ? Optional.of(inspector.field("url").asString()) : Optional.empty()));
        });
        return new InstanceInfo(applicationId, arrayList);
    }

    private static Slime toSlime(byte[] bArr) {
        return SlimeUtils.jsonToSlime(bArr);
    }

    private static String toJson(Slime slime) {
        try {
            return Utf8.toString(SlimeUtils.toJsonBytes(slime));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static SSLParameters tlsv12Parameters(SSLContext sSLContext) {
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        defaultSSLParameters.setProtocols(new String[]{"TLSv1.2"});
        return defaultSSLParameters;
    }

    private static DeploymentLog.Status valueOf(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1867169789:
                if (str.equals("success")) {
                    z = 8;
                    break;
                }
                break;
            case -1479172968:
                if (str.equals("testFailure")) {
                    z = 3;
                    break;
                }
                break;
            case -1194777649:
                if (str.equals("aborted")) {
                    z = true;
                    break;
                }
                break;
            case -158086377:
                if (str.equals("installationFailed")) {
                    z = 5;
                    break;
                }
                break;
            case 96784904:
                if (str.equals("error")) {
                    z = 2;
                    break;
                }
                break;
            case 419812008:
                if (str.equals("nodeAllocationFailure")) {
                    z = 4;
                    break;
                }
                break;
            case 1290238527:
                if (str.equals("endpointCertificateTimeout")) {
                    z = 7;
                    break;
                }
                break;
            case 1364087650:
                if (str.equals("deploymentFailed")) {
                    z = 6;
                    break;
                }
                break;
            case 1550783935:
                if (str.equals("running")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return DeploymentLog.Status.running;
            case true:
                return DeploymentLog.Status.aborted;
            case true:
                return DeploymentLog.Status.error;
            case true:
                return DeploymentLog.Status.testFailure;
            case true:
                return DeploymentLog.Status.nodeAllocationFailure;
            case true:
                return DeploymentLog.Status.installationFailed;
            case true:
                return DeploymentLog.Status.deploymentFailed;
            case true:
                return DeploymentLog.Status.endpointCertificateTimeout;
            case true:
                return DeploymentLog.Status.success;
            default:
                throw new IllegalArgumentException("Unexpected status '" + str + "'");
        }
    }
}
