package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.application.api.ApplicationPackage;
import com.yahoo.io.IOUtils;
import com.yahoo.io.reader.NamedReader;
import com.yahoo.path.Path;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.vespa.model.application.validation.Validation;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.class */
public class CloudDataPlaneFilterValidator implements Validator {
    private static final Logger log = Logger.getLogger(CloudDataPlaneFilterValidator.class.getName());

    @Override // com.yahoo.vespa.model.application.validation.Validator
    public void validate(Validation.Context context) {
        if (context.deployState().isHosted() && context.deployState().zone().system().isPublic()) {
            validateUniqueCertificates(context);
        }
    }

    private void validateUniqueCertificates(Validation.Context context) {
        Map map = (Map) context.deployState().getApplicationPackage().getFiles(ApplicationPackage.SECURITY_DIR, ".pem").stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, namedReader -> {
            return readCertificates(context, namedReader);
        }));
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator it = map.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.addAll(((List) ((Map.Entry) it.next()).getValue()).stream().filter(x509Certificate -> {
                return !hashSet2.add(x509Certificate);
            }).toList());
        }
        if (hashSet.isEmpty()) {
            return;
        }
        context.illegal("Duplicate certificate(s) detected in files: %s. Certificate subject of duplicates: %s".formatted(map.entrySet().stream().filter(entry -> {
            Stream stream = ((List) entry.getValue()).stream();
            Objects.requireNonNull(hashSet);
            return stream.anyMatch((v1) -> {
                return r1.contains(v1);
            });
        }).map((v0) -> {
            return v0.getKey();
        }).map(Path::fromString).map((v0) -> {
            return v0.getName();
        }).map(str -> {
            return ApplicationPackage.SECURITY_DIR.append(str).getRelative();
        }).sorted().toList().toString(), hashSet.stream().map(x509Certificate2 -> {
            return x509Certificate2.getSubjectX500Principal().getName();
        }).toList().toString()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<X509Certificate> readCertificates(Validation.Context context, NamedReader namedReader) {
        try {
            return X509CertificateUtils.certificateListFromPem(IOUtils.readAll(namedReader));
        } catch (Exception e) {
            log.warning("Exception reading certificate list from application package. File: %s, exception message: %s".formatted(namedReader.getName(), e.getMessage()));
            context.illegal("Error reading certificates from application package", e);
            return List.of();
        }
    }
}
