package com.yahoo.vespa.hosted.dockerapi;

import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.api.command.CreateContainerCmd;
import com.github.dockerjava.api.model.Bind;
import com.github.dockerjava.api.model.Capability;
import com.github.dockerjava.api.model.HostConfig;
import com.github.dockerjava.api.model.Ulimit;
import com.yahoo.config.provision.DockerImage;
import com.yahoo.vespa.hosted.dockerapi.Docker;
import com.yahoo.vespa.hosted.dockerapi.exception.DockerException;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Random;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.class */
class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
    private final DockerClient docker;
    private final DockerImage dockerImage;
    private final ContainerName containerName;
    private final Map<String, String> labels = new HashMap();
    private final List<String> environmentAssignments = new ArrayList();
    private final List<String> volumeBindSpecs = new ArrayList();
    private final List<Ulimit> ulimits = new ArrayList();
    private final Set<Capability> addCapabilities = new HashSet();
    private final Set<Capability> dropCapabilities = new HashSet();
    private final Set<String> securityOpts = new HashSet();
    private Optional<String> hostName = Optional.empty();
    private Optional<ContainerResources> containerResources = Optional.empty();
    private Optional<String> networkMode = Optional.empty();
    private Optional<String> ipv4Address = Optional.empty();
    private Optional<String> ipv6Address = Optional.empty();
    private Optional<String[]> entrypoint = Optional.empty();
    private boolean privileged = false;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CreateContainerCommandImpl(DockerClient dockerClient, DockerImage dockerImage, ContainerName containerName) {
        this.docker = dockerClient;
        this.dockerImage = dockerImage;
        this.containerName = containerName;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withHostName(String str) {
        this.hostName = Optional.of(str);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withResources(ContainerResources containerResources) {
        this.containerResources = Optional.of(containerResources);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withLabel(String str, String str2) {
        if (!$assertionsDisabled && str.contains("=")) {
            throw new AssertionError();
        }
        this.labels.put(str, str2);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withManagedBy(String str) {
        return withLabel("com.yahoo.vespa.managedby", str);
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withAddCapability(String str) {
        this.addCapabilities.add(Capability.valueOf(str));
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withDropCapability(String str) {
        this.dropCapabilities.add(Capability.valueOf(str));
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withSecurityOpts(String str) {
        this.securityOpts.add(str);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withPrivileged(boolean z) {
        this.privileged = z;
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withUlimit(String str, int i, int i2) {
        this.ulimits.add(new Ulimit(str, i, i2));
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withEntrypoint(String... strArr) {
        if (strArr.length < 1) {
            throw new IllegalArgumentException("Entrypoint must contain at least 1 element");
        }
        this.entrypoint = Optional.of(strArr);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withEnvironment(String str, String str2) {
        if (!$assertionsDisabled && str.indexOf(61) != -1) {
            throw new AssertionError();
        }
        this.environmentAssignments.add(str + "=" + str2);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withVolume(Path path, Path path2) {
        this.volumeBindSpecs.add(path + ":" + path2 + ":Z");
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withSharedVolume(Path path, Path path2) {
        this.volumeBindSpecs.add(path + ":" + path2 + ":z");
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withNetworkMode(String str) {
        this.networkMode = Optional.of(str);
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public Docker.CreateContainerCommand withIpAddress(InetAddress inetAddress) {
        if (inetAddress instanceof Inet6Address) {
            this.ipv6Address = Optional.of(inetAddress.getHostAddress());
        } else {
            this.ipv4Address = Optional.of(inetAddress.getHostAddress());
        }
        return this;
    }

    @Override // com.yahoo.vespa.hosted.dockerapi.Docker.CreateContainerCommand
    public void create() {
        try {
            createCreateContainerCmd().exec();
        } catch (RuntimeException e) {
            throw new DockerException("Failed to create container " + toString(), e);
        }
    }

    private CreateContainerCmd createCreateContainerCmd() {
        HostConfig withPrivileged = new HostConfig().withSecurityOpts(new ArrayList(this.securityOpts)).withBinds((List) this.volumeBindSpecs.stream().map(Bind::parse).collect(Collectors.toList())).withUlimits(this.ulimits).withCapAdd((Capability[]) this.addCapabilities.toArray(new Capability[0])).withCapDrop((Capability[]) this.dropCapabilities.toArray(new Capability[0])).withPrivileged(Boolean.valueOf(this.privileged));
        this.containerResources.ifPresent(containerResources -> {
            withPrivileged.withCpuShares(Integer.valueOf(containerResources.cpuShares())).withMemory(Long.valueOf(containerResources.memoryBytes())).withMemorySwap(Long.valueOf(containerResources.memoryBytes())).withCpuPeriod(containerResources.cpuQuota() > 0 ? Long.valueOf(containerResources.cpuPeriod()) : null).withCpuQuota(containerResources.cpuQuota() > 0 ? Long.valueOf(containerResources.cpuQuota()) : null);
        });
        CreateContainerCmd withEnv = this.docker.createContainerCmd(this.dockerImage.asString()).withHostConfig(withPrivileged).withName(this.containerName.asString()).withLabels(this.labels).withEnv(this.environmentAssignments);
        this.networkMode.filter(str -> {
            return !str.toLowerCase().equals("host");
        }).ifPresent(str2 -> {
            withEnv.withMacAddress(generateMACAddress(this.hostName, this.ipv4Address, this.ipv6Address));
        });
        Optional<String> optional = this.hostName;
        Objects.requireNonNull(withEnv);
        optional.ifPresent(withEnv::withHostName);
        Optional<String> optional2 = this.networkMode;
        Objects.requireNonNull(withPrivileged);
        optional2.ifPresent(withPrivileged::withNetworkMode);
        Optional<String> optional3 = this.ipv4Address;
        Objects.requireNonNull(withEnv);
        optional3.ifPresent(withEnv::withIpv4Address);
        Optional<String> optional4 = this.ipv6Address;
        Objects.requireNonNull(withEnv);
        optional4.ifPresent(withEnv::withIpv6Address);
        Optional<String[]> optional5 = this.entrypoint;
        Objects.requireNonNull(withEnv);
        optional5.ifPresent(withEnv::withEntrypoint);
        return withEnv;
    }

    private static String toRepeatedOption(String str, Collection<String> collection) {
        return (String) collection.stream().map(str2 -> {
            return str + " " + str2;
        }).collect(Collectors.joining(" "));
    }

    private static String toOptionalOption(String str, Optional<?> optional) {
        return (String) optional.map(obj -> {
            return str + " " + obj;
        }).orElse("");
    }

    private static String toFlagOption(String str, boolean z) {
        return z ? str : "";
    }

    public String toString() {
        return (String) Stream.of((Object[]) new String[]{"--name " + this.containerName.asString(), toOptionalOption("--hostname", this.hostName), toOptionalOption("--cpu-shares", this.containerResources.map((v0) -> {
            return v0.cpuShares();
        })), toOptionalOption("--cpus", this.containerResources.map((v0) -> {
            return v0.cpus();
        })), toOptionalOption("--memory", this.containerResources.map((v0) -> {
            return v0.memoryBytes();
        })), toRepeatedOption("--label", (List) this.labels.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
        }).collect(Collectors.toList())), toRepeatedOption("--ulimit", (List) this.ulimits.stream().map(ulimit -> {
            return ulimit.getName() + "=" + ulimit.getSoft() + ":" + ulimit.getHard();
        }).collect(Collectors.toList())), toRepeatedOption("--env", this.environmentAssignments), toRepeatedOption("--volume", this.volumeBindSpecs), toRepeatedOption("--cap-add", (List) this.addCapabilities.stream().map((v0) -> {
            return v0.toString();
        }).sorted().collect(Collectors.toList())), toRepeatedOption("--cap-drop", (List) this.dropCapabilities.stream().map((v0) -> {
            return v0.toString();
        }).sorted().collect(Collectors.toList())), toRepeatedOption("--security-opt", this.securityOpts), toOptionalOption("--net", this.networkMode), toOptionalOption("--ip", this.ipv4Address), toOptionalOption("--ip6", this.ipv6Address), toOptionalOption("--entrypoint", this.entrypoint.map(strArr -> {
            return strArr[0];
        })), toFlagOption("--privileged", this.privileged), this.dockerImage.asString(), (String) ((Stream) this.entrypoint.map((v0) -> {
            return Stream.of(v0);
        }).orElseGet(Stream::empty)).skip(1L).collect(Collectors.joining(" "))}).filter(str -> {
            return !str.isEmpty();
        }).collect(Collectors.joining(" "));
    }

    static String generateMACAddress(Optional<String> optional, Optional<String> optional2, Optional<String> optional3) {
        byte[] bArr = new byte[6];
        getPRNG(optional.orElse("") + optional2.orElse("") + optional3.orElse("")).nextBytes(bArr);
        bArr[0] = (byte) ((bArr[0] | 2) & 254);
        return (String) IntStream.range(0, bArr.length).mapToObj(i -> {
            return String.format("%02x", Byte.valueOf(bArr[i]));
        }).collect(Collectors.joining(":"));
    }

    private static Random getPRNG(String str) {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(str.getBytes());
            return secureRandom;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to get pseudo-random number generator", e);
        }
    }

    static {
        $assertionsDisabled = !CreateContainerCommandImpl.class.desiredAssertionStatus();
    }
}
