package com.dajudge.kindcontainer.webhook;

import com.dajudge.kindcontainer.KubernetesContainer;
import com.dajudge.kindcontainer.pki.CertAuthority;
import com.dajudge.kindcontainer.pki.KeyStoreWrapper;
import io.sundr.model.Node;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.images.builder.Transferable;
import org.testcontainers.shaded.com.trilead.ssh2.Connection;
import org.testcontainers.shaded.org.awaitility.Awaitility;
import org.testcontainers.shaded.org.bouncycastle.asn1.x509.GeneralName;
import org.testcontainers.utility.DockerImageName;

/* loaded from: input_file:com/dajudge/kindcontainer/webhook/AdmissionControllerManager.class */
public class AdmissionControllerManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AdmissionControllerManager.class);
    private static final CertAuthority CA = new CertAuthority(System::currentTimeMillis, "CN=kindcontainer-webhooks");
    public static final KeyStoreWrapper WEBHOOK_CERTS = CA.newKeyPair("CN=webhook", Collections.singletonList(new GeneralName(2, "localhost")));
    private final List<Webhook> webhooks = new ArrayList();
    private final KubernetesContainer<?> k8s;
    private final int internalWebhookPort;
    private final Supplier<DockerImageName> nginxImage;
    private final Supplier<DockerImageName> opensshServerImage;
    private int nextTunnelPort;
    private GenericContainer<?> sshd;
    private GenericContainer<?> nginx;
    private Connection ssh;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dajudge/kindcontainer/webhook/AdmissionControllerManager$Webhook.class */
    public static class Webhook {
        private final String config;
        private final String webhook;
        private final int localPort;
        private final int tunnelPort;
        private final String path;

        private Webhook(String str, String str2, int i, int i2, String str3) {
            this.config = str;
            this.webhook = str2;
            this.localPort = i;
            this.tunnelPort = i2;
            this.path = str3;
        }
    }

    public AdmissionControllerManager(KubernetesContainer<?> kubernetesContainer, int i, Supplier<DockerImageName> supplier, Supplier<DockerImageName> supplier2) {
        this.k8s = kubernetesContainer;
        this.internalWebhookPort = i;
        this.nextTunnelPort = i + 1;
        this.nginxImage = supplier;
        this.opensshServerImage = supplier2;
    }

    public String mapWebhook(String str, String str2, int i, String str3) {
        List<Webhook> list = this.webhooks;
        int i2 = this.nextTunnelPort;
        this.nextTunnelPort = i2 + 1;
        list.add(new Webhook(str, str2, i, i2, str3));
        return String.format("https://localhost:%d/webhook/%s/%s", Integer.valueOf(this.internalWebhookPort), str, str2);
    }

    public void start() {
        if (this.webhooks.isEmpty()) {
            return;
        }
        String sshdConfig = sshdConfig();
        LOG.debug("Admission controller SSH tunnel config: {}", sshdConfig);
        this.sshd = new GenericContainer(this.opensshServerImage.get()).withNetworkMode("container:" + this.k8s.getContainerId()).withEnv("PASSWORD_ACCESS", "true").withEnv("USER_NAME", "t0ny").withEnv("USER_PASSWORD", "p3pp3r").withCopyToContainer(Transferable.of(sshdConfig), "/etc/ssh/sshd_config");
        String nginxConfig = nginxConfig();
        LOG.debug("Admission controller reverse proxy nginx config: {}", nginxConfig);
        this.nginx = new GenericContainer(this.nginxImage.get()).withNetworkMode("container:" + this.k8s.getContainerId()).withCopyToContainer(Transferable.of(WEBHOOK_CERTS.getCertificatePem()), "/tmp/server.crt").withCopyToContainer(Transferable.of(WEBHOOK_CERTS.getPrivateKeyPem()), "/tmp/server.key").withCopyToContainer(Transferable.of(nginxConfig), "/etc/nginx/conf.d/default.conf");
        this.sshd.start();
        this.nginx.start();
        this.ssh = sshConnect(this.k8s);
        try {
            this.ssh.authenticateWithPassword("t0ny", "p3pp3r");
            this.webhooks.forEach(webhook -> {
                try {
                    LOG.debug("Tunneling admission controller: {} -> {}", Integer.valueOf(webhook.tunnelPort), Integer.valueOf(webhook.localPort));
                    this.ssh.requestRemotePortForwarding("localhost", webhook.tunnelPort, "localhost", webhook.localPort);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            });
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private Connection sshConnect(KubernetesContainer<?> kubernetesContainer) {
        return (Connection) Awaitility.await().ignoreExceptions().until(() -> {
            Connection connection = new Connection(kubernetesContainer.getHost(), kubernetesContainer.getMappedPort(getExposedPort()).intValue());
            connection.connect();
            return connection;
        }, (v0) -> {
            return Objects.nonNull(v0);
        });
    }

    public int getExposedPort() {
        return 2222;
    }

    public void stop() {
        if (this.webhooks.isEmpty()) {
            return;
        }
        this.ssh.close();
        this.nginx.stop();
        this.sshd.stop();
    }

    private String nginxConfig() {
        ArrayList arrayList = new ArrayList(Arrays.asList("server {", "    listen " + this.internalWebhookPort + " ssl;", "    server_name localhost;", "    ssl_certificate /tmp/server.crt;", "    ssl_certificate_key /tmp/server.key;"));
        this.webhooks.forEach(webhook -> {
            String str = "/webhook/" + webhook.config + "/" + webhook.webhook;
            arrayList.addAll(Arrays.asList("    location " + str + " {", "        rewrite " + str + "(.*) " + webhook.path + "$1  break;", "        proxy_pass http://localhost:" + webhook.tunnelPort + Node.SEMICOLN, "    }"));
        });
        arrayList.add("}");
        return String.join("\n", arrayList);
    }

    private static String sshdConfig() {
        return "HostKeyAlgorithms ssh-rsa\nKexAlgorithms diffie-hellman-group1-sha1\nPasswordAuthentication yes\nAllowTcpForwarding yes\n";
    }

    public String getCaCertPem() {
        return CA.getCaKeyStore().getCertificatePem();
    }
}
