package run.mone.hera.webhook;

import ch.qos.logback.core.joran.util.beans.BeanUtil;
import com.xiaomi.youpin.docean.Ioc;
import io.fabric8.kubernetes.api.model.certificates.v1.CertificateSigningRequest;
import io.fabric8.kubernetes.api.model.certificates.v1.CertificateSigningRequestList;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.dsl.CertificateSigningRequestResource;
import io.fabric8.kubernetes.client.dsl.Resource;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import run.mone.hera.webhook.common.FileUtils;
import run.mone.hera.webhook.common.K8sUtilBean;

@EnableAutoConfiguration
@ComponentScan(basePackages = {"run.mone.hera.webhook"})
/* loaded from: input_file:BOOT-INF/classes/run/mone/hera/webhook/Bootstrap.class */
public class Bootstrap {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Bootstrap.class);
    private static K8sUtilBean k8sUtilBean;
    private static KubernetesClient kubernetesClient;
    private static String webhookConfigYaml;
    private static final String HERA_NAMESPACE = "ozhera-namespace";

    public static void main(String[] strArr) {
        try {
            Ioc.ins().init("run.mone.docean.plugin", "com.xiaomi.youpin.docean.plugin", "run.mone.hera.webhook");
            k8sUtilBean = (K8sUtilBean) Ioc.ins().getBean(K8sUtilBean.class);
            kubernetesClient = (KubernetesClient) Ioc.ins().getBean(KubernetesClient.class);
            createHeraEnvWebhook();
            SpringApplication.run((Class<?>) Bootstrap.class, strArr);
            Runtime.getRuntime().addShutdownHook(new Thread(() -> {
                deleteWebHookConfig();
            }));
        } catch (Throwable th) {
            th.printStackTrace();
            System.exit(-1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void deleteWebHookConfig() {
        k8sUtilBean.applyYaml(webhookConfigYaml, HERA_NAMESPACE, "delete");
    }

    public static void createHeraEnvWebhook() {
        try {
            String str = "hera-webhook-server" + ".ozhera-namespace.svc";
            Process callScript = callScript("/tmp/hera-webhook-tls-sh/generate_csr_by_openssl.sh", buildShellArgs("hera-webhook-server", HERA_NAMESPACE, "/tmp/hera-webhook-tls/", str));
            if (callScript == null) {
                log.error("generate SSL file error!!");
                return;
            }
            String csrBase64 = getCsrBase64(callScript);
            if (StringUtils.isEmpty(csrBase64)) {
                log.error("get csr base64 string is empty");
                return;
            }
            String certificate = getCertificate(str, csrBase64);
            callScript("/tmp/hera-webhook-tls-sh/generate_pem_p12_by_openssl.sh", buildShellArgs("hera-webhook-server", "/tmp/hera-webhook-tls/", certificate, "mone"));
            String replace = FileUtils.readResourceFile("/hera_init/webhook/hera_webhook_config.yaml").replace("${webhook_caBundle}", "'" + certificate + "'");
            webhookConfigYaml = replace;
            k8sUtilBean.applyYaml(replace, HERA_NAMESPACE, BeanUtil.PREFIX_ADDER);
        } catch (Throwable th) {
            log.error("create hera env webhook error : ", th);
        }
    }

    private static Process callScript(String str, String str2) {
        try {
            String str3 = "sh " + str + " " + str2;
            log.info("callScript comand : " + str3);
            return Runtime.getRuntime().exec(str3, (String[]) null, (File) null);
        } catch (Exception e) {
            throw new RuntimeException("call script error : ", e);
        }
    }

    private static String getCsrBase64(Process process) {
        String readLine;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
            do {
                try {
                    readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return null;
                    }
                    log.info(readLine);
                } finally {
                }
            } while (!readLine.startsWith("csr base64 is :"));
            String substring = readLine.substring("csr base64 is :".length());
            bufferedReader.close();
            return substring;
        } catch (Exception e) {
            throw new RuntimeException("call script error : ", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static String getCertificate(String str, String str2) {
        CertificateSigningRequestList certificateSigningRequestList = (CertificateSigningRequestList) kubernetesClient.certificates().v1().certificateSigningRequests().list();
        if (certificateSigningRequestList != null) {
            for (CertificateSigningRequest certificateSigningRequest : certificateSigningRequestList.getItems()) {
                if (str.equals(certificateSigningRequest.getMetadata().getName())) {
                    kubernetesClient.certificates().v1().certificateSigningRequests().delete(certificateSigningRequest);
                }
            }
        }
        try {
            k8sUtilBean.applyYaml(FileUtils.readResourceFile("/hera_init/webhook/csr/webhook_csr.yaml").replace("${CSR_NAME}", str).replace("${CSR_BASE64}", str2), null, BeanUtil.PREFIX_ADDER);
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= 30) {
                    break;
                }
                Resource resource = (Resource) kubernetesClient.certificates().v1().certificateSigningRequests().withName(str);
                if (resource != null && resource.get() != 0) {
                    z = true;
                    break;
                }
                TimeUnit.SECONDS.sleep(2L);
                i++;
            }
            if (!z) {
                throw new RuntimeException("the csr not create success!");
            }
            ((CertificateSigningRequestResource) kubernetesClient.certificates().v1().certificateSigningRequests().withName(str)).approve();
            boolean z2 = false;
            String str3 = null;
            int i2 = 0;
            while (true) {
                if (i2 >= 30) {
                    break;
                }
                str3 = ((CertificateSigningRequest) ((CertificateSigningRequestResource) kubernetesClient.certificates().v1().certificateSigningRequests().withName(str)).get()).getStatus().getCertificate();
                if (StringUtils.isNotEmpty(str3)) {
                    z2 = true;
                    break;
                }
                TimeUnit.SECONDS.sleep(2L);
                i2++;
            }
            if (z2) {
                return str3;
            }
            throw new RuntimeException("the csr not present success!");
        } catch (Throwable th) {
            throw new RuntimeException("laod yaml error : ", th);
        }
    }

    private static String buildShellArgs(String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str).append(StringUtils.SPACE);
        }
        return sb.toString().trim();
    }
}
