package com.dajudge.kindcontainer;

import com.dajudge.kindcontainer.ApiServerContainer;
import com.dajudge.kindcontainer.client.KubeConfigUtils;
import com.dajudge.kindcontainer.client.TinyK8sClient;
import com.dajudge.kindcontainer.client.config.Cluster;
import com.dajudge.kindcontainer.client.config.ClusterSpec;
import com.dajudge.kindcontainer.client.config.Context;
import com.dajudge.kindcontainer.client.config.ContextSpec;
import com.dajudge.kindcontainer.client.config.KubeConfig;
import com.dajudge.kindcontainer.client.config.User;
import com.dajudge.kindcontainer.client.config.UserSpec;
import com.dajudge.kindcontainer.pki.CertAuthority;
import com.dajudge.kindcontainer.pki.KeyStoreWrapper;
import com.github.dockerjava.api.command.CreateContainerCmd;
import com.github.dockerjava.api.command.InspectContainerResponse;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testcontainers.shaded.org.awaitility.Awaitility;
import org.testcontainers.shaded.org.bouncycastle.asn1.x509.GeneralName;
import org.testcontainers.utility.DockerImageName;

/* loaded from: input_file:com/dajudge/kindcontainer/ApiServerContainer.class */
public class ApiServerContainer<T extends ApiServerContainer<T>> extends KubernetesContainer<T> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ApiServerContainer.class);
    private static final String PKI_BASEDIR = "/etc/kubernetes/pki";
    private static final String ETCD_PKI_BASEDIR = "/etc/kubernetes/pki/etcd";
    private static final String ETCD_CLIENT_KEY = "/etc/kubernetes/pki/etcd/etcd/apiserver-client.key";
    private static final String ETCD_CLIENT_CERT = "/etc/kubernetes/pki/etcd/etcd/apiserver-client.crt";
    private static final String ETCD_CLIENT_CA = "/etc/kubernetes/pki/etcd/etcd/ca.crt";
    private static final String API_SERVER_CA = "/etc/kubernetes/pki/ca.crt";
    private static final String API_SERVER_CERT = "/etc/kubernetes/pki/apiserver.crt";
    private static final String API_SERVER_KEY = "/etc/kubernetes/pki/apiserver.key";
    private static final String API_SERVER_PUBKEY = "/etc/kubernetes/pki/apiserver.pub";
    private static final String DOCKER_BASE_PATH = "/docker";
    private static final String IP_ADDRESS_PATH = "/docker/ip.txt";
    private static final String ETCD_HOSTNAME_PATH = "/docker/etcd.txt";
    private static final int INTERNAL_API_SERVER_PORT = 6443;
    private final CertAuthority etcdCa;
    private final CertAuthority apiServerCa;
    private DockerImageName etcdImage;
    private final KeyStoreWrapper apiServerKeyPair;
    private EtcdContainer etcd;
    private Duration controlPlaneReadyTimeout;

    public ApiServerContainer() {
        this((ApiServerContainerVersion) KubernetesVersionEnum.latest(ApiServerContainerVersion.class));
    }

    public ApiServerContainer(ApiServerContainerVersion apiServerContainerVersion) {
        this(apiServerContainerVersion.toImageSpec());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public ApiServerContainer(KubernetesImageSpec<ApiServerContainerVersion> kubernetesImageSpec) {
        super(kubernetesImageSpec.getImage());
        this.etcdCa = new CertAuthority(System::currentTimeMillis, "CN=etcd CA");
        this.apiServerCa = new CertAuthority(System::currentTimeMillis, "CN=API Server CA");
        this.etcdImage = DockerImageName.parse("registry.k8s.io/etcd:3.5.12-0");
        this.apiServerKeyPair = this.apiServerCa.newKeyPair("O=system:masters,CN=kubernetes-admin", Arrays.asList(new GeneralName(7, Utils.resolve(getHost())), new GeneralName(2, "localhost"), new GeneralName(7, "127.0.0.1")));
        this.controlPlaneReadyTimeout = Duration.ofMinutes(5L);
        KeyStoreWrapper newKeyPair = this.etcdCa.newKeyPair("CN=API Server", Collections.emptyList());
        ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) ((ApiServerContainer) withCreateContainerCmdModifier(this::createContainerCmdModifier)).withEnv("ETCD_CLIENT_KEY", ETCD_CLIENT_KEY)).withEnv("ETCD_CLIENT_CERT", ETCD_CLIENT_CERT)).withEnv("ETCD_CLIENT_CA", ETCD_CLIENT_CA)).withEnv("API_SERVER_CA", API_SERVER_CA)).withEnv("API_SERVER_CERT", API_SERVER_CERT)).withEnv("API_SERVER_KEY", API_SERVER_KEY)).withEnv("API_SERVER_PUBKEY", API_SERVER_PUBKEY)).withEnv("IP_ADDRESS_PATH", IP_ADDRESS_PATH)).withEnv("ETCD_HOSTNAME_PATH", ETCD_HOSTNAME_PATH)).withCopyAsciiToContainer(this.apiServerKeyPair.getCertificatePem(), API_SERVER_CERT)).withCopyAsciiToContainer(this.apiServerKeyPair.getPrivateKeyPem(), API_SERVER_KEY)).withCopyAsciiToContainer(this.apiServerKeyPair.getPublicKeyPem(), API_SERVER_PUBKEY)).withCopyAsciiToContainer(this.apiServerCa.getCaKeyStore().getCertificatePem(), API_SERVER_CA)).withCopyAsciiToContainer(newKeyPair.getCertificatePem(), ETCD_CLIENT_CERT)).withCopyAsciiToContainer(newKeyPair.getPrivateKeyPem(), ETCD_CLIENT_KEY)).withCopyAsciiToContainer(this.etcdCa.getCaKeyStore().getCertificatePem(), ETCD_CLIENT_CA);
    }

    @Override // com.dajudge.kindcontainer.KubernetesContainer
    public int getInternalPort() {
        return INTERNAL_API_SERVER_PORT;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [com.dajudge.kindcontainer.ApiServerContainer$1] */
    private void createContainerCmdModifier(CreateContainerCmd createContainerCmd) {
        createContainerCmd.withEntrypoint(new String[0]);
        List list = (List) new HashMap<String, String>() { // from class: com.dajudge.kindcontainer.ApiServerContainer.1
            {
                put("advertise-address", Utils.resolve(ApiServerContainer.this.getHost()));
                put("allow-privileged", "true");
                put("authorization-mode", "Node,RBAC");
                put("enable-admission-plugins", "NodeRestriction");
                put("enable-bootstrap-token-auth", "true");
                put("client-ca-file", ApiServerContainer.API_SERVER_CA);
                put("tls-cert-file", ApiServerContainer.API_SERVER_CERT);
                put("tls-private-key-file", ApiServerContainer.API_SERVER_KEY);
                put("kubelet-client-certificate", ApiServerContainer.API_SERVER_CERT);
                put("kubelet-client-key", ApiServerContainer.API_SERVER_KEY);
                put("proxy-client-key-file", ApiServerContainer.API_SERVER_KEY);
                put("proxy-client-cert-file", ApiServerContainer.API_SERVER_CERT);
                put("etcd-cafile", ApiServerContainer.ETCD_CLIENT_CA);
                put("etcd-certfile", ApiServerContainer.ETCD_CLIENT_CERT);
                put("etcd-keyfile", ApiServerContainer.ETCD_CLIENT_KEY);
                put("etcd-servers", "https://localhost:2379");
                put("service-account-key-file", ApiServerContainer.API_SERVER_PUBKEY);
                put("service-account-signing-key-file", ApiServerContainer.API_SERVER_KEY);
                put("service-account-issuer", "https://kubernetes.default.svc.cluster.local");
                put("kubelet-preferred-address-types", "InternalIP,ExternalIP,Hostname");
                put("requestheader-allowed-names", "front-proxy-client");
                put("requestheader-client-ca-file", ApiServerContainer.API_SERVER_CA);
                put("requestheader-extra-headers-prefix", "X-Remote-Extra-");
                put("requestheader-group-headers", "X-Remote-Group");
                put("requestheader-username-headers", "X-Remote-User");
                put("runtime-config", "");
                put("secure-port", String.format("%d", Integer.valueOf(ApiServerContainer.INTERNAL_API_SERVER_PORT)));
                put("service-cluster-ip-range", "10.96.0.0/16");
            }
        }.entrySet().stream().map(entry -> {
            return String.format("--%s=%s", entry.getKey(), entry.getValue());
        }).collect(Collectors.toList());
        ArrayList arrayList = new ArrayList();
        arrayList.add("kube-apiserver");
        arrayList.addAll(list);
        createContainerCmd.withCmd((String[]) arrayList.toArray(new String[0]));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.testcontainers.containers.GenericContainer
    public void containerIsStarting(InspectContainerResponse inspectContainerResponse) {
        this.etcd = new EtcdContainer(this.etcdImage, this.etcdCa, inspectContainerResponse.getId());
        this.etcd.start();
        waitForApiServer();
        waitForDefaultNamespace();
        super.containerIsStarting(inspectContainerResponse);
    }

    private void waitForDefaultNamespace() {
        Awaitility.await().timeout(10L, TimeUnit.SECONDS).until(() -> {
            return client().v1().namespaces().find("default");
        }, (v0) -> {
            return v0.isPresent();
        });
    }

    private void waitForApiServer() {
        LOG.info("Waiting for API server...");
        Awaitility.await().pollInSameThread().pollInterval(Duration.ofMillis(100L)).pollDelay(Duration.ZERO).ignoreExceptions().timeout(this.controlPlaneReadyTimeout).until(() -> {
            return Boolean.valueOf(null != TinyK8sClient.fromKubeconfig(getKubeconfig()).v1().nodes().list());
        });
    }

    @Override // com.dajudge.kindcontainer.KubernetesContainer
    protected String getKubeconfig(String str) {
        Cluster cluster = new Cluster();
        cluster.setName("apiserver");
        cluster.setCluster(new ClusterSpec());
        cluster.getCluster().setServer(str);
        cluster.getCluster().setCertificateAuthorityData(base64(this.apiServerCa.getCaKeyStore().getCertificatePem()));
        User user = new User();
        user.setName("apiserver");
        user.setUser(new UserSpec());
        user.getUser().setClientKeyData(base64(this.apiServerKeyPair.getPrivateKeyPem()));
        user.getUser().setClientCertificateData(base64(this.apiServerKeyPair.getCertificatePem()));
        Context context = new Context();
        context.setName("apiserver");
        context.setContext(new ContextSpec());
        context.getContext().setCluster(cluster.getName());
        context.getContext().setUser(user.getName());
        KubeConfig kubeConfig = new KubeConfig();
        kubeConfig.setUsers(Collections.singletonList(user));
        kubeConfig.setClusters(Collections.singletonList(cluster));
        kubeConfig.setContexts(Collections.singletonList(context));
        kubeConfig.setCurrentContext(context.getName());
        return KubeConfigUtils.serializeKubeConfig(kubeConfig);
    }

    private String base64(String str) {
        return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.US_ASCII));
    }

    public T withEtcdImage(DockerImageName dockerImageName) {
        this.etcdImage = dockerImageName;
        return (T) self();
    }

    @Override // com.dajudge.kindcontainer.KubernetesContainer, org.testcontainers.containers.GenericContainer, org.testcontainers.lifecycle.Startable
    public void stop() {
        super.stop();
        this.etcd.stop();
    }

    public T withControlPlaneReadyTimeout(Duration duration) {
        this.controlPlaneReadyTimeout = duration;
        return (T) self();
    }
}
