package eu.openanalytics.containerproxy.backend.kubernetes;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.fasterxml.jackson.datatype.jsonp.JSONPModule;
import com.google.common.base.Splitter;
import com.nimbusds.jose.jwk.JWKParameterNames;
import eu.openanalytics.containerproxy.ContainerFailedToStartException;
import eu.openanalytics.containerproxy.backend.AbstractContainerBackend;
import eu.openanalytics.containerproxy.event.NewProxyEvent;
import eu.openanalytics.containerproxy.model.runtime.Container;
import eu.openanalytics.containerproxy.model.runtime.ExistingContainerInfo;
import eu.openanalytics.containerproxy.model.runtime.PortMappings;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.runtime.ProxyStartupLog;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerName;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerNameKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ContainerImageKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ContainerIndexKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.InstanceIdKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ProxiedAppKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ProxyIdKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValue;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValueKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValueKeyRegistry;
import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.service.AccessControlEvaluationService;
import eu.openanalytics.containerproxy.util.EnvironmentUtils;
import eu.openanalytics.containerproxy.util.Retrying;
import io.fabric8.kubernetes.api.model.ContainerBuilder;
import io.fabric8.kubernetes.api.model.ContainerPortBuilder;
import io.fabric8.kubernetes.api.model.ContainerState;
import io.fabric8.kubernetes.api.model.ContainerStatus;
import io.fabric8.kubernetes.api.model.EnvVar;
import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
import io.fabric8.kubernetes.api.model.Event;
import io.fabric8.kubernetes.api.model.EventList;
import io.fabric8.kubernetes.api.model.GenericKubernetesResource;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.LocalObjectReference;
import io.fabric8.kubernetes.api.model.ObjectMetaBuilder;
import io.fabric8.kubernetes.api.model.ObjectReferenceBuilder;
import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.api.model.PodBuilder;
import io.fabric8.kubernetes.api.model.PodDNSConfigBuilder;
import io.fabric8.kubernetes.api.model.PodList;
import io.fabric8.kubernetes.api.model.PodSpec;
import io.fabric8.kubernetes.api.model.Quantity;
import io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder;
import io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder;
import io.fabric8.kubernetes.api.model.SecurityContext;
import io.fabric8.kubernetes.api.model.SecurityContextBuilder;
import io.fabric8.kubernetes.api.model.Service;
import io.fabric8.kubernetes.api.model.ServiceBuilder;
import io.fabric8.kubernetes.api.model.ServicePortBuilder;
import io.fabric8.kubernetes.api.model.VolumeBuilder;
import io.fabric8.kubernetes.api.model.VolumeMount;
import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClientBuilder;
import io.fabric8.kubernetes.client.KubernetesClientException;
import io.fabric8.kubernetes.client.dsl.LogWatch;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
import io.fabric8.kubernetes.client.dsl.PodResource;
import io.fabric8.kubernetes.client.dsl.Resource;
import io.fabric8.kubernetes.client.dsl.ServiceResource;
import io.fabric8.kubernetes.client.dsl.base.PatchContext;
import io.fabric8.kubernetes.client.dsl.base.PatchType;
import io.fabric8.kubernetes.client.readiness.Readiness;
import io.fabric8.kubernetes.client.utils.Serialization;
import jakarta.json.JsonPatch;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.nio.channels.ClosedChannelException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.LocalDateTime;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.mandas.docker.client.DockerCertificates;
import org.opensaml.saml.saml2.core.Action;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationEvent;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import software.amazon.awssdk.core.internal.useragent.UserAgentConstant;

@ConditionalOnProperty(name = {"proxy.container-backend"}, havingValue = "kubernetes")
@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/backend/kubernetes/KubernetesBackend.class */
public class KubernetesBackend extends AbstractContainerBackend {
    private static final String PROPERTY_PREFIX = "proxy.kubernetes.";
    private static final String PROPERTY_NAMESPACE = "namespace";
    private static final String PROPERTY_API_VERSION = "api-version";
    private static final String PROPERTY_IMG_PULL_POLICY = "image-pull-policy";
    private static final String PROPERTY_IMG_PULL_SECRETS = "image-pull-secrets";
    private static final String PROPERTY_IMG_PULL_SECRET = "image-pull-secret";
    private static final String PROPERTY_NODE_SELECTOR = "node-selector";
    private static final String PROPERTY_CLUSTER_DOMAIN = "cluster-domain";
    private static final String DEFAULT_NAMESPACE = "default";
    private static final String DEFAULT_API_VERSION = "v1";
    private static final String DEFAULT_CLUSTER_DOMAIN = "cluster.local";
    private static final String SECRET_KEY_REF = "secretKeyRef";
    private static final String HEADLESS_SERVICE_NAME = "sp-headless-service";
    private static final String HEADLESS_SERVICE_LABEL = "openanalytics.eu/sp-headless-service";
    private static final String HEADLESS_SERVICE_LABEL_VALUE = "true";
    private static final String ANNOTATION_MANIFEST_POLICY = "openanalytics.eu/sp-additional-manifest-policy";

    @Inject
    private PodPatcher podPatcher;

    @Inject
    private AccessControlEvaluationService accessControlEvaluationService;
    private KubernetesClient kubeClient;
    private KubernetesManifestsRemover kubernetesManifestsRemover;
    private Boolean logManifests;
    private int totalWaitMs;
    private List<String> appNamespaces;
    private String nodeSelectorString;
    private String kubeNamespace;
    private String apiVersion;
    private String imagePullPolicy;
    private String clusterDomain;
    private final ObjectMapper writer = new ObjectMapper(new YAMLFactory());
    private final List<LocalObjectReference> imagePullSecrets = new ArrayList();

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    @PostConstruct
    public void initialize() {
        super.initialize();
        ConfigBuilder configBuilder = new ConfigBuilder();
        String property = getProperty("url");
        if (property != null) {
            configBuilder.withMasterUrl(property);
        }
        String property2 = getProperty("cert-path");
        if (property2 != null && Files.isDirectory(Paths.get(property2, new String[0]), new LinkOption[0])) {
            Path path = Paths.get(property2, DockerCertificates.DEFAULT_CA_CERT_NAME);
            if (Files.exists(path, new LinkOption[0])) {
                configBuilder.withCaCertFile(path.toString());
            }
            Path path2 = Paths.get(property2, DockerCertificates.DEFAULT_CLIENT_CERT_NAME);
            if (Files.exists(path2, new LinkOption[0])) {
                configBuilder.withClientCertFile(path2.toString());
            }
            Path path3 = Paths.get(property2, DockerCertificates.DEFAULT_CLIENT_KEY_NAME);
            if (Files.exists(path3, new LinkOption[0])) {
                configBuilder.withClientKeyFile(path3.toString());
            }
        }
        initialize(new KubernetesClientBuilder().withConfig(configBuilder.build()).build());
    }

    public void initialize(KubernetesClient kubernetesClient) {
        super.initialize();
        this.kubeClient = kubernetesClient;
        this.kubeNamespace = getProperty("namespace", "default");
        this.appNamespaces = EnvironmentUtils.readList(this.environment, "app-namespaces");
        if (this.appNamespaces == null) {
            this.appNamespaces = new ArrayList();
        } else {
            this.appNamespaces = new ArrayList(this.appNamespaces);
        }
        this.appNamespaces.add(this.kubeNamespace);
        this.logManifests = (Boolean) this.environment.getProperty(PodPatcher.DEBUG_PROPERTY, Boolean.class, false);
        this.totalWaitMs = ((Integer) this.environment.getProperty("proxy.kubernetes.pod-wait-time", Integer.class, 60000)).intValue();
        this.nodeSelectorString = getProperty(PROPERTY_NODE_SELECTOR);
        this.apiVersion = getProperty(PROPERTY_API_VERSION, "v1");
        this.imagePullPolicy = getProperty(PROPERTY_IMG_PULL_POLICY);
        this.clusterDomain = getProperty(PROPERTY_CLUSTER_DOMAIN, DEFAULT_CLUSTER_DOMAIN);
        String property = getProperty(PROPERTY_IMG_PULL_SECRET);
        if (property != null) {
            this.imagePullSecrets.add(new LocalObjectReference(property));
        }
        List<String> readList = EnvironmentUtils.readList(this.environment, "proxy.kubernetes.image-pull-secrets");
        if (readList != null) {
            this.imagePullSecrets.addAll(readList.stream().map(LocalObjectReference::new).toList());
        }
        this.kubernetesManifestsRemover = new KubernetesManifestsRemover(this.kubeClient, this.appNamespaces, this.identifierService);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    public Proxy startContainer(Authentication authentication, Container container, ContainerSpec containerSpec, Proxy proxy, ProxySpec proxySpec, ProxyStartupLog.ProxyStartupLogBuilder proxyStartupLogBuilder) throws ContainerFailedToStartException {
        Container.ContainerBuilder builder = container.toBuilder();
        String uuid = UUID.randomUUID().toString();
        builder.id(uuid);
        KubernetesSpecExtension kubernetesSpecExtension = (KubernetesSpecExtension) proxySpec.getSpecExtension(KubernetesSpecExtension.class);
        try {
            List<String> valueOrDefault = containerSpec.getVolumes().getValueOrDefault(Collections.emptyList());
            ArrayList arrayList = new ArrayList();
            VolumeMount[] volumeMountArr = new VolumeMount[valueOrDefault.size()];
            for (int i = 0; i < valueOrDefault.size(); i++) {
                String[] split = valueOrDefault.get(i).split(":");
                String str = split[0];
                String str2 = split[1];
                String str3 = "shinyproxy-volume-" + i;
                arrayList.add(new VolumeBuilder().withNewHostPath(str, "").withName(str3).build());
                volumeMountArr[i] = new VolumeMountBuilder().withMountPath(str2).withName(str3).build();
            }
            ArrayList arrayList2 = new ArrayList();
            for (Map.Entry<String, String> entry : buildEnv(authentication, containerSpec, proxy).entrySet()) {
                if (entry.getValue().toLowerCase().startsWith(SECRET_KEY_REF.toLowerCase())) {
                    String[] split2 = entry.getValue().split(":");
                    if (split2.length != 3) {
                        this.slog.warn(proxy, String.format("Invalid secret key reference: %s=%s. Expected format: '%s:<name>:<key>'", entry.getKey(), entry.getValue(), SECRET_KEY_REF));
                    } else {
                        arrayList2.add(new EnvVar(entry.getKey(), null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelectorBuilder().withName(split2[1]).withKey(split2[2]).build()).build()));
                    }
                } else {
                    arrayList2.add(new EnvVar(entry.getKey(), entry.getValue(), null));
                }
            }
            SecurityContext build = new SecurityContextBuilder().withPrivileged(Boolean.valueOf(isPrivileged() || containerSpec.isPrivileged())).build();
            ResourceRequirementsBuilder resourceRequirementsBuilder = new ResourceRequirementsBuilder();
            try {
                resourceRequirementsBuilder.addToRequests("cpu", parseCpuQuantity(containerSpec.getCpuRequest().getValueOrNull()));
                try {
                    resourceRequirementsBuilder.addToLimits("cpu", parseCpuQuantity(containerSpec.getCpuLimit().getValueOrNull()));
                    try {
                        resourceRequirementsBuilder.addToRequests("memory", parseMemoryQuantity(containerSpec.getMemoryRequest().getValueOrNull()));
                        try {
                            resourceRequirementsBuilder.addToLimits("memory", parseMemoryQuantity(containerSpec.getMemoryLimit().getValueOrNull()));
                            ContainerBuilder withTerminationMessagePolicy = new ContainerBuilder().withImage(containerSpec.getImage().getValue()).withCommand(containerSpec.getCmd().getValueOrNull()).withName("sp-container-" + container.getIndex()).withPorts(containerSpec.getPortMapping().stream().map(portMapping -> {
                                return new ContainerPortBuilder().withContainerPort(portMapping.getPort()).build();
                            }).toList()).withVolumeMounts(volumeMountArr).withSecurityContext(build).withResources(resourceRequirementsBuilder.build()).withEnv(arrayList2).withTerminationMessagePolicy("FallbackToLogsOnError");
                            if (this.imagePullPolicy != null) {
                                withTerminationMessagePolicy.withImagePullPolicy(this.imagePullPolicy);
                            }
                            HashMap hashMap = new HashMap();
                            HashMap hashMap2 = new HashMap();
                            hashMap2.put(UserAgentConstant.APP_ID, uuid);
                            hashMap2.put(HEADLESS_SERVICE_LABEL, "true");
                            String left = StringUtils.left(containerSpec.getResourceName().getValueOrDefault("sp-pod-" + proxy.getId() + "-" + container.getIndex()), 63);
                            ObjectMetaBuilder withName = new ObjectMetaBuilder().withNamespace(this.kubeNamespace).withName(left);
                            Stream.concat(proxy.getRuntimeValues().values().stream(), container.getRuntimeValues().values().stream()).forEach(runtimeValue -> {
                                if (runtimeValue.getKey().getIncludeAsLabel().booleanValue()) {
                                    hashMap2.put(runtimeValue.getKey().getKeyAsLabel(), runtimeValue.toString());
                                    hashMap.put(runtimeValue.getKey().getKeyAsLabel(), runtimeValue.toString());
                                }
                                if (runtimeValue.getKey().getIncludeAsAnnotation().booleanValue()) {
                                    withName.addToAnnotations(runtimeValue.getKey().getKeyAsLabel(), runtimeValue.toString());
                                }
                            });
                            if (containerSpec.getLabels().isPresent()) {
                                hashMap2.putAll(containerSpec.getLabels().getValue());
                            }
                            withName.addToLabels(hashMap2);
                            PodBuilder withMetadata = new PodBuilder().withApiVersion(this.apiVersion).withKind("Pod").withMetadata(withName.build());
                            PodSpec podSpec = new PodSpec();
                            podSpec.setContainers(Collections.singletonList(withTerminationMessagePolicy.build()));
                            if (containerSpec.getDns().isPresent()) {
                                podSpec.setDnsConfig(new PodDNSConfigBuilder().addToNameservers((String[]) containerSpec.getDns().getValue().toArray(new String[0])).build());
                            }
                            podSpec.setVolumes(arrayList);
                            podSpec.setImagePullSecrets(this.imagePullSecrets);
                            podSpec.setRestartPolicy("Never");
                            podSpec.setHostname(left);
                            podSpec.setSubdomain(HEADLESS_SERVICE_NAME);
                            if (this.nodeSelectorString != null) {
                                podSpec.setNodeSelector(Splitter.on(",").withKeyValueSeparator("=").split(this.nodeSelectorString));
                            }
                            Pod build2 = withMetadata.withSpec(podSpec).build();
                            Pod applyPodPatches = applyPodPatches(authentication, proxySpec, kubernetesSpecExtension, proxy, build2, container);
                            String namespace = applyPodPatches.getMetadata().getNamespace();
                            builder.addRuntimeValue(new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(namespace, applyPodPatches.getMetadata().getName())), false);
                            this.applicationEventPublisher.publishEvent((ApplicationEvent) new NewProxyEvent(proxy.toBuilder().updateContainer(builder.build()).build(), authentication));
                            createAdditionalManifests(authentication, proxySpec, proxy, kubernetesSpecExtension, namespace, container);
                            proxyStartupLogBuilder.startingContainer(container.getIndex());
                            Pod create = ((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(namespace)).resource(applyPodPatches)).create();
                            if (!Retrying.retry((i2, i3) -> {
                                Pod pod = (Pod) this.kubeClient.resource((KubernetesClient) create).get();
                                Optional<String> containerFailure = getContainerFailure(pod);
                                if (!containerFailure.isPresent()) {
                                    return !Readiness.getInstance().isReady(pod) ? Retrying.FAILURE : Retrying.SUCCESS;
                                }
                                this.slog.warn(proxy, containerFailure.get());
                                return new Retrying.Result(false, false);
                            }, this.totalWaitMs, "Kubernetes Pod", 10, proxy, this.slog) && !Readiness.getInstance().isReady((HasMetadata) this.kubeClient.resource((KubernetesClient) create).get())) {
                                logKubernetesWarnings(proxy, create.getMetadata().getNamespace(), build2.getMetadata().getName());
                                throw new ContainerFailedToStartException("Kubernetes Pod did not start in time", null, builder.build());
                            }
                            proxyStartupLogBuilder.containerStarted(container.getIndex());
                            parseKubernetesEvents(containerSpec.getIndex().intValue(), (Pod) this.kubeClient.resource((KubernetesClient) create).get(), proxyStartupLogBuilder);
                            Map<Integer, Integer> hashMap3 = new HashMap();
                            if (isUseInternalNetwork()) {
                                createHeadlessService(namespace);
                            } else {
                                Service service = (Service) ((ServiceResource) ((NonNamespaceOperation) this.kubeClient.services().inNamespace2(namespace)).resource(((ServiceBuilder) ((ServiceBuilder) new ServiceBuilder().withApiVersion(this.apiVersion).withKind("Service").withNewMetadata().withName(getServiceName(proxy, container)).withLabels(hashMap).endMetadata()).withNewSpec().addToSelector(UserAgentConstant.APP_ID, uuid).withType("NodePort").withPorts(containerSpec.getPortMapping().stream().map(portMapping2 -> {
                                    return new ServicePortBuilder().withPort(portMapping2.getPort()).build();
                                }).toList()).endSpec()).build())).create();
                                Retrying.retry((i4, i5) -> {
                                    return new Retrying.Result(isServiceReady((Service) this.kubeClient.resource((KubernetesClient) service).get()));
                                }, 60000);
                                hashMap3 = (Map) ((Service) this.kubeClient.resource((KubernetesClient) service).get()).getSpec().getPorts().stream().collect(Collectors.toMap((v0) -> {
                                    return v0.getPort();
                                }, (v0) -> {
                                    return v0.getNodePort();
                                }));
                            }
                            Container build3 = builder.build();
                            return proxy.toBuilder().addTargets(setupPortMappingExistingProxy(proxy, build3, hashMap3)).updateContainer(build3).build();
                        } catch (IllegalArgumentException e) {
                            throw new IllegalArgumentException("Invalid container-memory-limit: " + e.getMessage());
                        }
                    } catch (IllegalArgumentException e2) {
                        throw new IllegalArgumentException("Invalid container-memory-request: " + e2.getMessage());
                    }
                } catch (IllegalArgumentException e3) {
                    throw new IllegalArgumentException("Invalid container-cpu-limit: " + e3.getMessage());
                }
            } catch (IllegalArgumentException e4) {
                throw new IllegalArgumentException("Invalid container-cpu-request: " + e4.getMessage());
            }
        } catch (ContainerFailedToStartException e5) {
            throw e5;
        } catch (Throwable th) {
            throw new ContainerFailedToStartException("Kubernetes container failed to start", th, builder.build());
        }
    }

    private Pod applyPodPatches(Authentication authentication, ProxySpec proxySpec, KubernetesSpecExtension kubernetesSpecExtension, Proxy proxy, Pod pod, Container container) throws JsonProcessingException {
        Pod patchWithDebug = this.podPatcher.patchWithDebug(proxy, pod, readPatchFromSpec(kubernetesSpecExtension.kubernetesPodPatches));
        for (AuthorizedPodPatches authorizedPodPatches : kubernetesSpecExtension.kubernetesAuthorizedPodPatches) {
            if (this.accessControlEvaluationService.checkAccess(authentication, proxySpec, authorizedPodPatches.accessControl, proxy, container)) {
                patchWithDebug = this.podPatcher.patchWithDebug(proxy, patchWithDebug, readPatchFromSpec(authorizedPodPatches.patches));
            }
        }
        return patchWithDebug;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void logKubernetesWarnings(Proxy proxy, String str, String str2) {
        try {
            for (Event event : ((EventList) ((NonNamespaceOperation) this.kubeClient.v1().events().inNamespace2(str)).withInvolvedObject(new ObjectReferenceBuilder().withKind("Pod").withName(str2).withNamespace(str).build()).list()).getItems()) {
                if (event.getType().equals("Warning") || event.getReason().equals("Killing") || event.getReason().equals("Evicted")) {
                    String str3 = (String) Optional.ofNullable(event.getSource()).map((v0) -> {
                        return v0.getComponent();
                    }).orElse(null);
                    String str4 = null;
                    if (event.getEventTime() != null && event.getEventTime().getTime() != null) {
                        str4 = event.getEventTime().getTime();
                    } else if (event.getLastTimestamp() != null) {
                        str4 = event.getLastTimestamp();
                    }
                    this.slog.warn(proxy, String.format("Kubernetes warning at %s, '%s', source: '%s'", str4, event.getMessage(), str3));
                }
            }
        } catch (KubernetesClientException e) {
            if (e.getCode() != 403) {
                throw e;
            }
            this.log.warn("Cannot parse events of pod because of insufficient permissions. Give the ShinyProxy ServiceAccount permission to get events of pods in order to show Kubernetes warnings in ShinyProxy logs.");
        }
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [java.time.LocalDateTime] */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.time.LocalDateTime] */
    /* JADX WARN: Type inference failed for: r0v22, types: [java.time.LocalDateTime] */
    private LocalDateTime getEventTime(Event event) {
        if (event.getEventTime() != null && event.getEventTime().getTime() != null) {
            return ZonedDateTime.parse(event.getEventTime().getTime()).toLocalDateTime();
        }
        if (event.getFirstTimestamp() != null) {
            return ZonedDateTime.parse(event.getFirstTimestamp()).toLocalDateTime();
        }
        if (event.getLastTimestamp() != null) {
            return ZonedDateTime.parse(event.getLastTimestamp()).toLocalDateTime();
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.time.LocalDateTime] */
    private void parseKubernetesEvents(int i, Pod pod, ProxyStartupLog.ProxyStartupLogBuilder proxyStartupLogBuilder) {
        try {
            LocalDateTime localDateTime = null;
            LocalDateTime localDateTime2 = null;
            LocalDateTime localDateTime3 = null;
            for (Event event : ((EventList) ((NonNamespaceOperation) this.kubeClient.v1().events().inNamespace2(pod.getMetadata().getNamespace())).withInvolvedObject(new ObjectReferenceBuilder().withKind("Pod").withName(pod.getMetadata().getName()).withNamespace(pod.getMetadata().getNamespace()).build()).list()).getItems()) {
                if (event.getCount() == null || event.getCount().intValue() <= 1) {
                    if (event.getReason().equalsIgnoreCase("Pulling")) {
                        localDateTime = getEventTime(event);
                    } else if (event.getReason().equalsIgnoreCase("Pulled")) {
                        localDateTime2 = getEventTime(event);
                    } else if (event.getReason().equalsIgnoreCase("Scheduled")) {
                        localDateTime3 = getEventTime(event);
                    }
                }
            }
            if (localDateTime != null && localDateTime2 != null) {
                proxyStartupLogBuilder.imagePulled(i, localDateTime, localDateTime2);
            }
            if (localDateTime3 != null) {
                proxyStartupLogBuilder.containerScheduled(i, ZonedDateTime.parse(pod.getMetadata().getCreationTimestamp()).toLocalDateTime(), localDateTime3);
            }
        } catch (KubernetesClientException e) {
            if (e.getCode() != 403) {
                throw e;
            }
            this.log.warn("Cannot parse events of pod because of insufficient permissions. If fine-grained statistics are desired, give the ShinyProxy ServiceAccount permission to events of pods.");
        }
    }

    private JsonPatch readPatchFromSpec(String str) throws JsonProcessingException {
        if (str == null || StringUtils.isBlank(str)) {
            return null;
        }
        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
        objectMapper.registerModule(new JSONPModule());
        return (JsonPatch) objectMapper.readValue(str, JsonPatch.class);
    }

    private void createAdditionalManifests(Authentication authentication, ProxySpec proxySpec, Proxy proxy, KubernetesSpecExtension kubernetesSpecExtension, String str, Container container) throws JsonProcessingException {
        Iterator<GenericKubernetesResource> it = parseAdditionalManifests(proxy, str, kubernetesSpecExtension.getKubernetesAdditionalManifests(), false).iterator();
        while (it.hasNext()) {
            applyAdditionalManifest(proxy, it.next());
        }
        for (AuthorizedAdditionalManifests authorizedAdditionalManifests : kubernetesSpecExtension.kubernetesAuthorizedAdditionalManifests) {
            if (this.accessControlEvaluationService.checkAccess(authentication, proxySpec, authorizedAdditionalManifests.accessControl, proxy, container)) {
                Iterator<GenericKubernetesResource> it2 = parseAdditionalManifests(proxy, str, authorizedAdditionalManifests.manifests, false).iterator();
                while (it2.hasNext()) {
                    applyAdditionalManifest(proxy, it2.next());
                }
            }
        }
        Iterator<GenericKubernetesResource> it3 = parseAdditionalManifests(proxy, str, kubernetesSpecExtension.getKubernetesAdditionalPersistentManifests(), true).iterator();
        while (it3.hasNext()) {
            applyAdditionalManifest(proxy, it3.next());
        }
        for (AuthorizedAdditionalManifests authorizedAdditionalManifests2 : kubernetesSpecExtension.kubernetesAuthorizedAdditionalPersistentManifests) {
            if (this.accessControlEvaluationService.checkAccess(authentication, proxySpec, authorizedAdditionalManifests2.accessControl, proxy, container)) {
                Iterator<GenericKubernetesResource> it4 = parseAdditionalManifests(proxy, str, authorizedAdditionalManifests2.manifests, true).iterator();
                while (it4.hasNext()) {
                    applyAdditionalManifest(proxy, it4.next());
                }
            }
        }
    }

    private void applyAdditionalManifest(Proxy proxy, GenericKubernetesResource genericKubernetesResource) {
        NonNamespaceOperation nonNamespaceOperation = (NonNamespaceOperation) this.kubeClient.genericKubernetesResources(genericKubernetesResource.getApiVersion(), genericKubernetesResource.getKind()).inNamespace2(genericKubernetesResource.getMetadata().getNamespace());
        String orDefault = genericKubernetesResource.getMetadata().getAnnotations() != null ? genericKubernetesResource.getMetadata().getAnnotations().getOrDefault(ANNOTATION_MANIFEST_POLICY, "CreateOnce") : "CreateOnce";
        if (orDefault.equalsIgnoreCase("CreateOnce")) {
            if (this.kubeClient.resource((KubernetesClient) genericKubernetesResource).get() == 0) {
                ((Resource) nonNamespaceOperation.resource(genericKubernetesResource)).create();
                return;
            }
            return;
        }
        if (orDefault.equalsIgnoreCase("Patch")) {
            if (this.kubeClient.resource((KubernetesClient) genericKubernetesResource).get() == 0) {
                ((Resource) nonNamespaceOperation.resource(genericKubernetesResource)).create();
                return;
            } else {
                ((Resource) nonNamespaceOperation.withName(genericKubernetesResource.getMetadata().getName())).patch(PatchContext.of(PatchType.JSON_MERGE), (PatchContext) genericKubernetesResource);
                return;
            }
        }
        if (orDefault.equalsIgnoreCase(Action.DELETE_ACTION)) {
            if (this.kubeClient.resource((KubernetesClient) genericKubernetesResource).get() != 0) {
                this.kubeClient.resource((KubernetesClient) genericKubernetesResource).withGracePeriod(0L).delete();
            }
        } else {
            if (!orDefault.equalsIgnoreCase("Replace")) {
                this.slog.warn(proxy, String.format("Unknown manifest-policy: %s", orDefault));
                return;
            }
            if (this.kubeClient.resource((KubernetesClient) genericKubernetesResource).get() != 0) {
                this.kubeClient.resource((KubernetesClient) genericKubernetesResource).withGracePeriod(0L).delete();
            }
            ((Resource) nonNamespaceOperation.resource(genericKubernetesResource)).create();
        }
    }

    private List<GenericKubernetesResource> parseAdditionalManifests(Proxy proxy, String str, List<String> list, Boolean bool) throws JsonProcessingException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            GenericKubernetesResource genericKubernetesResource = (GenericKubernetesResource) Serialization.yamlMapper().readValue(str2, GenericKubernetesResource.class);
            GenericKubernetesResource genericKubernetesResource2 = (GenericKubernetesResource) ((Resource) this.kubeClient.genericKubernetesResources(genericKubernetesResource.getApiVersion(), genericKubernetesResource.getKind()).load(new ByteArrayInputStream(str2.getBytes()))).item();
            if (genericKubernetesResource.getMetadata().getNamespace() == null) {
                genericKubernetesResource2.getMetadata().setNamespace(str);
            }
            if (genericKubernetesResource2.getMetadata().getLabels() == null) {
                genericKubernetesResource2.getMetadata().setLabels(new HashMap());
            }
            genericKubernetesResource2.getMetadata().getLabels().put("openanalytics.eu/sp-additional-manifest", "true");
            genericKubernetesResource2.getMetadata().getLabels().put("openanalytics.eu/sp-persistent-manifest", bool.toString());
            genericKubernetesResource2.getMetadata().getLabels().put("openanalytics.eu/sp-manifest-id", this.kubernetesManifestsRemover.getManifestId(proxy.getSpecId(), proxy.getUserId()));
            if (this.logManifests.booleanValue()) {
                this.slog.info(proxy, "Creating additional manifest: \n" + this.writer.writeValueAsString(genericKubernetesResource2));
            }
            arrayList.add(genericKubernetesResource2);
        }
        return arrayList;
    }

    private boolean isServiceReady(Service service) {
        return (service == null || service.getStatus() == null || service.getStatus().getLoadBalancer() == null) ? false : true;
    }

    private void createHeadlessService(String str) {
        if (((ServiceResource) ((NonNamespaceOperation) this.kubeClient.services().inNamespace2(str)).withName(HEADLESS_SERVICE_NAME)).get() == 0) {
            ((ServiceResource) ((NonNamespaceOperation) this.kubeClient.services().inNamespace2(str)).resource(((ServiceBuilder) ((ServiceBuilder) new ServiceBuilder().withApiVersion(this.apiVersion).withKind("Service").withNewMetadata().withName(HEADLESS_SERVICE_NAME).endMetadata()).withNewSpec().addToSelector(HEADLESS_SERVICE_LABEL, "true").withClusterIP("None").endSpec()).build())).create();
        }
    }

    private String getPodFqdn(Pod pod) {
        return String.format("%s.%s.%s.svc.%s", pod.getSpec().getHostname(), pod.getSpec().getSubdomain(), pod.getMetadata().getNamespace(), this.clusterDomain);
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected URI calculateTarget(Container container, PortMappings.PortMappingEntry portMappingEntry, Integer num) throws Exception {
        String hostIP;
        int intValue;
        Pod orElseThrow = getPod(container).orElseThrow(() -> {
            return new ContainerFailedToStartException("Pod not found while calculating target", null, container);
        });
        if (isUseInternalNetwork()) {
            hostIP = getPodFqdn(orElseThrow);
            intValue = portMappingEntry.getPort().intValue();
        } else {
            hostIP = orElseThrow.getStatus().getHostIP();
            intValue = num.intValue();
        }
        return new URI(String.format("%s://%s:%s%s", getDefaultTargetProtocol(), hostIP, Integer.valueOf(intValue), portMappingEntry.getTargetPath()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected void doStopProxy(Proxy proxy) {
        Service service;
        for (Container container : proxy.getContainers()) {
            Optional<BackendContainerName> podInfo = getPodInfo(container);
            if (!podInfo.isEmpty()) {
                String namespace = podInfo.get().getNamespace();
                String name = podInfo.get().getName();
                if (getContainerFailure(namespace, name).isPresent()) {
                    logKubernetesWarnings(proxy, namespace, name);
                }
                ((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(namespace)).withName(name)).withGracePeriod(0L).delete();
                if (!isUseInternalNetwork() && (service = (Service) ((ServiceResource) ((NonNamespaceOperation) this.kubeClient.services().inNamespace2(namespace)).withName(getServiceName(proxy, container))).get()) != null) {
                    this.kubeClient.resource((KubernetesClient) service).withGracePeriod(0L).delete();
                }
                this.kubernetesManifestsRemover.deleteAdditionalManifests(proxy.getSpecId(), proxy.getUserId());
            }
        }
    }

    private boolean canAccessLogs(Proxy proxy, BackendContainerName backendContainerName) {
        try {
            ((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(backendContainerName.getNamespace())).withName(backendContainerName.getName())).getLog();
            return true;
        } catch (KubernetesClientException e) {
            this.slog.warn(proxy, e, "Cannot access pod logs, not collecting logs");
            return false;
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend, eu.openanalytics.containerproxy.backend.IContainerBackend
    public BiConsumer<OutputStream, OutputStream> getOutputAttacher(Proxy proxy, boolean z) {
        if (proxy.getContainers().isEmpty()) {
            return null;
        }
        return (outputStream, outputStream2) -> {
            LogWatch logWatch = null;
            InputStream inputStream = null;
            try {
                try {
                    Optional<BackendContainerName> podInfo = getPodInfo((Container) proxy.getContainers().getFirst());
                    if (!podInfo.isPresent()) {
                        this.slog.warn(proxy, "Error while attaching to container output: pod info not found");
                    } else if (canAccessLogs(proxy, podInfo.get())) {
                        if (z) {
                            logWatch = ((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(podInfo.get().getNamespace())).withName(podInfo.get().getName())).watchLog();
                            IOUtils.copy(logWatch.getOutput(), outputStream);
                        } else {
                            inputStream = ((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(podInfo.get().getNamespace())).withName(podInfo.get().getName())).getLogInputStream();
                            IOUtils.copy(inputStream, outputStream);
                        }
                    }
                    if (logWatch != null) {
                        logWatch.close();
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        logWatch.close();
                    }
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    throw th;
                }
            } catch (ClosedChannelException e3) {
                if (0 != 0) {
                    logWatch.close();
                }
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                    }
                }
            } catch (IOException e5) {
                this.slog.error(proxy, e5, "Error while attaching to container output");
                if (0 != 0) {
                    logWatch.close();
                }
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e6) {
                    }
                }
            }
        };
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected String getPropertyPrefix() {
        return PROPERTY_PREFIX;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v90, types: [java.util.Map] */
    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public List<ExistingContainerInfo> scanExistingContainers() {
        String str;
        Map<RuntimeValueKey<?>, RuntimeValue> parseLabelsAndAnnotationsAsRuntimeValues;
        this.log.debug("Looking for existing pods in namespaces {}", this.appNamespaces);
        ArrayList arrayList = new ArrayList();
        for (String str2 : this.appNamespaces) {
            for (Pod pod : ((PodList) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(str2)).withLabel(ProxiedAppKey.inst.getKeyAsLabel(), "true").list()).getItems()) {
                Map<String, String> labels = pod.getMetadata().getLabels();
                Map<String, String> annotations = pod.getMetadata().getAnnotations();
                if (labels != null && (str = labels.get(UserAgentConstant.APP_ID)) != null && (parseLabelsAndAnnotationsAsRuntimeValues = parseLabelsAndAnnotationsAsRuntimeValues(str, labels, annotations)) != null) {
                    parseLabelsAndAnnotationsAsRuntimeValues.put(ContainerImageKey.inst, new RuntimeValue(ContainerImageKey.inst, ((io.fabric8.kubernetes.api.model.Container) pod.getSpec().getContainers().getFirst()).getImage()));
                    parseLabelsAndAnnotationsAsRuntimeValues.put(BackendContainerNameKey.inst, new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(pod.getMetadata().getNamespace(), pod.getMetadata().getName())));
                    String str3 = (String) parseLabelsAndAnnotationsAsRuntimeValues.get(InstanceIdKey.inst).getObject();
                    if (this.appRecoveryService.canRecoverProxy(str3).booleanValue()) {
                        String str4 = (String) parseLabelsAndAnnotationsAsRuntimeValues.get(ProxyIdKey.inst).getObject();
                        Integer num = (Integer) parseLabelsAndAnnotationsAsRuntimeValues.get(ContainerIndexKey.inst).getObject();
                        HashMap hashMap = new HashMap();
                        if (!isUseInternalNetwork()) {
                            Service service = (Service) ((ServiceResource) ((NonNamespaceOperation) this.kubeClient.services().inNamespace2(str2)).withName("sp-service-" + str4 + "-" + num)).get();
                            if (service == null) {
                                this.log.warn("Ignoring container {} because it has no associated service", str);
                            } else {
                                hashMap = (Map) service.getSpec().getPorts().stream().collect(Collectors.toMap((v0) -> {
                                    return v0.getPort();
                                }, (v0) -> {
                                    return v0.getNodePort();
                                }));
                            }
                        }
                        arrayList.add(new ExistingContainerInfo(str, parseLabelsAndAnnotationsAsRuntimeValues, ((io.fabric8.kubernetes.api.model.Container) pod.getSpec().getContainers().getFirst()).getImage(), hashMap));
                    } else {
                        this.log.warn("Ignoring container {} because instanceId {} is not correct", str, str3);
                    }
                }
            }
        }
        return arrayList;
    }

    private Optional<String> getContainerFailure(String str, String str2) {
        return getContainerFailure(((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(str)).withName(str2)).get());
    }

    private Optional<String> getContainerFailure(Pod pod) {
        if (pod == null) {
            return Optional.of("Kubernetes container failed, pod does not exist");
        }
        Optional<ContainerStatus> findFirst = pod.getStatus().getContainerStatuses().stream().findFirst();
        ContainerState containerState = null;
        if (findFirst.isPresent() && findFirst.get().getState() != null) {
            containerState = findFirst.get().getState();
        } else if (findFirst.isPresent() && findFirst.get().getLastState() != null) {
            containerState = findFirst.get().getLastState();
        }
        if (containerState == null || containerState.getTerminated() == null) {
            return pod.isMarkedForDeletion() ? Optional.of(String.format("Kubernetes pod is being terminated, node: '%s'", pod.getSpec().getNodeName())) : Optional.empty();
        }
        return Optional.of(String.format("Kubernetes pod failed, reason: '%s', exitCode: '%s', node: '%s', message:\n%s\nlogs:\n%s\n", containerState.getTerminated().getReason(), containerState.getTerminated().getExitCode(), pod.getSpec().getNodeName(), pod.getStatus().getMessage(), containerState.getTerminated().getMessage()));
    }

    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public boolean isProxyHealthy(Proxy proxy) {
        Iterator<Container> it = proxy.getContainers().iterator();
        while (it.hasNext()) {
            Optional<BackendContainerName> podInfo = getPodInfo(it.next());
            if (!podInfo.isEmpty()) {
                Optional<String> containerFailure = getContainerFailure(podInfo.get().getNamespace(), podInfo.get().getName());
                if (containerFailure.isPresent()) {
                    this.slog.warn(proxy, containerFailure.get());
                    return false;
                }
            }
        }
        return true;
    }

    private Map<RuntimeValueKey<?>, RuntimeValue> parseLabelsAndAnnotationsAsRuntimeValues(String str, Map<String, String> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap();
        for (RuntimeValueKey<?> runtimeValueKey : RuntimeValueKeyRegistry.getRuntimeValueKeys()) {
            if (runtimeValueKey.getIncludeAsLabel().booleanValue()) {
                String str2 = map.get(runtimeValueKey.getKeyAsLabel());
                if (str2 != null) {
                    hashMap.put(runtimeValueKey, new RuntimeValue(runtimeValueKey, runtimeValueKey.deserializeFromString(str2)));
                }
            } else if (runtimeValueKey.getIncludeAsAnnotation().booleanValue() && map2 != null) {
                String str3 = map2.get(runtimeValueKey.getKeyAsLabel());
                if (str3 != null) {
                    hashMap.put(runtimeValueKey, new RuntimeValue(runtimeValueKey, runtimeValueKey.deserializeFromString(str3)));
                }
            } else if (runtimeValueKey.isRequired().booleanValue()) {
                this.log.warn("Ignoring container {} because no label or annotation named {} is found", str, runtimeValueKey.getKeyAsLabel());
                return null;
            }
        }
        return hashMap;
    }

    private Optional<BackendContainerName> getPodInfo(Container container) {
        BackendContainerName backendContainerName = (BackendContainerName) container.getRuntimeObjectOrNull(BackendContainerNameKey.inst);
        return backendContainerName == null ? Optional.empty() : Optional.of(backendContainerName);
    }

    private String getServiceName(Proxy proxy, Container container) {
        return "sp-service-" + proxy.getId() + "-" + container.getIndex();
    }

    private Optional<Pod> getPod(Container container) {
        return getPodInfo(container).flatMap(this::getPod);
    }

    private Optional<Pod> getPod(BackendContainerName backendContainerName) {
        return Optional.ofNullable(((PodResource) ((NonNamespaceOperation) this.kubeClient.pods().inNamespace2(backendContainerName.getNamespace())).withName(backendContainerName.getName())).get());
    }

    private Quantity parseCpuQuantity(String str) {
        if (str == null) {
            return null;
        }
        if (str.endsWith("M")) {
            str = str.substring(0, str.length() - 1) + "m";
        }
        Quantity quantity = new Quantity(str);
        quantity.getNumericalAmount();
        if (quantity.getFormat().equals("m") || quantity.getFormat().isEmpty()) {
            return quantity;
        }
        throw new IllegalArgumentException("Invalid format for CPU resources");
    }

    private Quantity parseMemoryQuantity(String str) {
        if (str == null) {
            return null;
        }
        Iterator it = List.of(JWKParameterNames.RSA_FIRST_PRIME_FACTOR, JWKParameterNames.RSA_OTHER_PRIMES__FACTOR_CRT_COEFFICIENT, "g", "m", JWKParameterNames.OCT_KEY_VALUE).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str2 = (String) it.next();
            if (str.endsWith(str2)) {
                str = str.substring(0, str.length() - 1) + str2.toUpperCase();
                break;
            }
            if (str.endsWith(str2 + "i")) {
                str = str.substring(0, str.length() - 2) + str2.toUpperCase() + "i";
                break;
            }
        }
        Quantity quantity = new Quantity(str);
        quantity.getNumericalAmount();
        if (quantity.getFormat().equals("m") || quantity.getFormat().equals("mi") || quantity.getFormat() == "") {
            throw new IllegalArgumentException("Invalid format for memory resources");
        }
        return quantity;
    }
}
