package com.yahoo.vespa.model.application.validation.change;

import com.yahoo.config.application.api.ValidationId;
import com.yahoo.config.model.api.ConfigChangeAction;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.vespa.model.VespaModel;
import com.yahoo.vespa.model.container.http.Client;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.class */
public class CertificateRemovalChangeValidator implements ChangeValidator {
    private static final Logger logger = Logger.getLogger(CertificateRemovalChangeValidator.class.getName());

    @Override // com.yahoo.vespa.model.application.validation.change.ChangeValidator
    public List<ConfigChangeAction> validate(VespaModel vespaModel, VespaModel vespaModel2, DeployState deployState) {
        if (vespaModel.applicationPackage().getApplicationId().instance().isTester()) {
            return List.of();
        }
        vespaModel.getContainerClusters().forEach((str, applicationContainerCluster) -> {
            if (vespaModel2.getContainerClusters().containsKey(str)) {
                validateClients(str, applicationContainerCluster.getClients(), vespaModel2.getContainerClusters().get(str).getClients(), deployState);
            }
        });
        return List.of();
    }

    void validateClients(String str, List<Client> list, List<Client> list2, DeployState deployState) {
        List list3 = list.stream().filter(client -> {
            return !client.internal();
        }).map((v0) -> {
            return v0.certificates();
        }).flatMap((v0) -> {
            return v0.stream();
        }).toList();
        List list4 = list2.stream().filter(client2 -> {
            return !client2.internal();
        }).map((v0) -> {
            return v0.certificates();
        }).flatMap((v0) -> {
            return v0.stream();
        }).toList();
        logger.log(Level.FINE, "Certificates for cluster %s: Current: [%s], Next: [%s]".formatted(str, list3.stream().map(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal().getName();
        }).collect(Collectors.joining(", ")), list4.stream().map(x509Certificate2 -> {
            return x509Certificate2.getSubjectX500Principal().getName();
        }).collect(Collectors.joining(", "))));
        List list5 = list3.stream().filter(x509Certificate3 -> {
            return !list4.contains(x509Certificate3);
        }).toList();
        if (list5.isEmpty()) {
            return;
        }
        deployState.validationOverrides().invalid(ValidationId.certificateRemoval, "Data plane certificate(s) from cluster '" + str + "' is removed (removed certificates: " + list5.stream().map(x509Certificate4 -> {
            return x509Certificate4.getSubjectX500Principal().getName();
        }).toList() + ") This can cause client connection issues.", deployState.now());
    }
}
