package com.spotify.helios.common;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import com.spotify.helios.common.descriptors.ExecHealthCheck;
import com.spotify.helios.common.descriptors.HealthCheck;
import com.spotify.helios.common.descriptors.HttpHealthCheck;
import com.spotify.helios.common.descriptors.Job;
import com.spotify.helios.common.descriptors.JobId;
import com.spotify.helios.common.descriptors.PortMapping;
import com.spotify.helios.common.descriptors.ServiceEndpoint;
import com.spotify.helios.common.descriptors.TcpHealthCheck;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:com/spotify/helios/common/JobValidator.class */
public class JobValidator {
    public static final Pattern NAME_VERSION_PATTERN = Pattern.compile("[0-9a-zA-Z-_.]+");
    public static final Pattern HOSTNAME_PATTERN = Pattern.compile("^([a-z0-9][a-z0-9-]{0,62}$)");
    public static final Pattern DOMAIN_PATTERN = Pattern.compile("^(?:(?:[a-zA-Z0-9]|(?:[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9]))(\\.(?:[a-zA-Z0-9]|(?:[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])))*)\\.?$");
    public static final Pattern IPV4_PATTERN = Pattern.compile("^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$");
    public static final Pattern NAMESPACE_PATTERN = Pattern.compile("^([a-z0-9_]{4,30})$");
    public static final Pattern REPO_PATTERN = Pattern.compile("^([a-z0-9-_.]+)$");
    public static final Pattern DIGIT_PERIOD = Pattern.compile("^[0-9.]+$");
    public static final Pattern PORT_MAPPING_PROTO_PATTERN = Pattern.compile("(tcp|udp)");
    public static final Pattern PORT_MAPPING_NAME_PATTERN = Pattern.compile("\\S+");
    public static final Pattern REGISTRATION_NAME_PATTERN = Pattern.compile("[_\\-\\w]+");
    public static final List<String> VALID_NETWORK_MODES = ImmutableList.of(Job.DEFAULT_NETWORK_MODE, "host");
    private final boolean shouldValidateJobHash;

    public JobValidator() {
        this(true);
    }

    public JobValidator(boolean z) {
        this.shouldValidateJobHash = z;
    }

    public Set<String> validate(Job job) {
        HashSet newHashSet = Sets.newHashSet();
        newHashSet.addAll(validateJobId(job));
        newHashSet.addAll(validateJobImage(job.getImage()));
        newHashSet.addAll(validateJobHostName(job.getHostname()));
        HashSet newHashSet2 = Sets.newHashSet();
        Iterator<PortMapping> it = job.getPorts().values().iterator();
        while (it.hasNext()) {
            Integer externalPort = it.next().getExternalPort();
            if (newHashSet2.contains(externalPort) && externalPort != null) {
                newHashSet.add(String.format("Duplicate external port mapping: %s", externalPort));
            }
            newHashSet2.add(externalPort);
        }
        for (Map.Entry<String, PortMapping> entry : job.getPorts().entrySet()) {
            String key = entry.getKey();
            PortMapping value = entry.getValue();
            if (!PORT_MAPPING_PROTO_PATTERN.matcher(value.getProtocol()).matches()) {
                newHashSet.add(String.format("Invalid port mapping protocol: %s", value.getProtocol()));
            }
            if (!legalPort(value.getInternalPort())) {
                newHashSet.add(String.format("Invalid internal port: %d", Integer.valueOf(value.getInternalPort())));
            }
            if (value.getExternalPort() != null && !legalPort(value.getExternalPort().intValue())) {
                newHashSet.add(String.format("Invalid external port: %d", value.getExternalPort()));
            }
            if (!PORT_MAPPING_NAME_PATTERN.matcher(key).matches()) {
                newHashSet.add(String.format("Invalid port mapping endpoint name: %s", key));
            }
        }
        for (ServiceEndpoint serviceEndpoint : job.getRegistration().keySet()) {
            for (String str : job.getRegistration().get(serviceEndpoint).getPorts().keySet()) {
                if (!job.getPorts().containsKey(str)) {
                    newHashSet.add(String.format("Service registration refers to missing port mapping: %s=%s", serviceEndpoint, str));
                }
                if (!REGISTRATION_NAME_PATTERN.matcher(serviceEndpoint.getName()).matches()) {
                    newHashSet.add(String.format("Invalid service registration name: %s", serviceEndpoint.getName()));
                }
            }
        }
        for (Map.Entry<String, String> entry2 : job.getVolumes().entrySet()) {
            String key2 = entry2.getKey();
            String value2 = entry2.getValue();
            if (!key2.startsWith("/")) {
                newHashSet.add("Volume path is not absolute: " + key2);
            } else if (Strings.isNullOrEmpty(value2) || value2.startsWith("/")) {
                String[] split = key2.split(":", 3);
                if (key2.isEmpty() || key2.equals("/") || split.length > 2 || (split.length > 1 && split[1].isEmpty())) {
                    newHashSet.add(String.format("Invalid volume path: %s", key2));
                }
            } else {
                newHashSet.add("Volume source is not absolute: " + value2);
            }
        }
        Date expires = job.getExpires();
        if (expires != null && expires.before(new Date())) {
            newHashSet.add("Job expires in the past");
        }
        newHashSet.addAll(validateJobHealthCheck(job));
        newHashSet.addAll(validateJobNetworkMode(job));
        return newHashSet;
    }

    private Set<String> validateJobImage(String str) {
        HashSet newHashSet = Sets.newHashSet();
        if (str == null) {
            newHashSet.add("Image was not specified.");
        } else {
            validateImageReference(str, newHashSet);
        }
        return newHashSet;
    }

    private Set<String> validateJobId(Job job) {
        HashSet newHashSet = Sets.newHashSet();
        JobId id = job.getId();
        if (id == null) {
            newHashSet.add("Job id was not specified.");
            return newHashSet;
        }
        String version = id.getVersion();
        String hash = id.getHash();
        JobId id2 = job.toBuilder().build().getId();
        newHashSet.addAll(validateJobName(id, id2));
        newHashSet.addAll(validateJobVersion(version, id2));
        if (this.shouldValidateJobHash) {
            newHashSet.addAll(validateJobHash(hash, id2));
        }
        return newHashSet;
    }

    private Set<String> validateJobName(JobId jobId, JobId jobId2) {
        HashSet newHashSet = Sets.newHashSet();
        String name = jobId.getName();
        if (Strings.isNullOrEmpty(name)) {
            newHashSet.add("Job name was not specified.");
            return newHashSet;
        }
        if (!NAME_VERSION_PATTERN.matcher(name).matches()) {
            newHashSet.add(String.format("Job name may only contain [0-9a-zA-Z-_.] in job name [%s].", jobId2.getName()));
        }
        if (!jobId2.getName().equals(name)) {
            newHashSet.add(String.format("Id name mismatch: %s != %s", name, jobId2.getName()));
        }
        return newHashSet;
    }

    private Set<String> validateJobHostName(String str) {
        HashSet newHashSet = Sets.newHashSet();
        if (Strings.isNullOrEmpty(str)) {
            return newHashSet;
        }
        if (!HOSTNAME_PATTERN.matcher(str).matches()) {
            newHashSet.add(String.format("Invalid hostname (%s), only [a-z0-9][a-z0-9-] are allowed, size between 1 and 63", str));
        }
        return newHashSet;
    }

    private Set<String> validateJobVersion(String str, JobId jobId) {
        HashSet newHashSet = Sets.newHashSet();
        if (Strings.isNullOrEmpty(str)) {
            newHashSet.add(String.format("Job version was not specified in job id [%s].", jobId));
            return newHashSet;
        }
        if (!NAME_VERSION_PATTERN.matcher(str).matches()) {
            newHashSet.add(String.format("Job version may only contain [0-9a-zA-Z-_.] in job version [%s].", jobId.getVersion()));
        }
        if (!jobId.getVersion().equals(str)) {
            newHashSet.add(String.format("Id version mismatch: %s != %s", str, jobId.getVersion()));
        }
        return newHashSet;
    }

    private Set<String> validateJobHash(String str, JobId jobId) {
        HashSet newHashSet = Sets.newHashSet();
        if (Strings.isNullOrEmpty(str)) {
            newHashSet.add(String.format("Job hash was not specified in job id [%s].", jobId));
            return newHashSet;
        }
        if (str.indexOf(58) != -1) {
            newHashSet.add(String.format("Job hash contains colon in job id [%s].", jobId));
        }
        if (!jobId.getHash().equals(str)) {
            newHashSet.add(String.format("Id hash mismatch: %s != %s", str, jobId.getHash()));
        }
        return newHashSet;
    }

    private boolean validateImageReference(String str, Collection<String> collection) {
        String str2;
        boolean z = true;
        int lastIndexOf = str.lastIndexOf(64);
        int lastIndexOf2 = str.lastIndexOf(58);
        if (lastIndexOf != -1) {
            str2 = str.substring(0, lastIndexOf);
            z = true & validateDigest(str.substring(lastIndexOf + 1), collection);
        } else {
            if (lastIndexOf2 != -1) {
                String substring = str.substring(lastIndexOf2 + 1);
                if (!substring.contains("/")) {
                    str2 = str.substring(0, lastIndexOf2);
                    z = true & validateTag(substring, collection);
                }
            }
            str2 = str;
        }
        if (str2.contains("://")) {
            collection.add("Invalid repository name (ex: \"registry.domain.tld/myrepos\")");
            return false;
        }
        String[] split = str2.split("/", 2);
        if (!split[0].contains(".") && !split[0].contains(":") && !split[0].equals("localhost")) {
            return validateRepositoryName(str2, collection);
        }
        if (split.length < 2) {
            collection.add("Invalid repository name (ex: \"registry.domain.tld/myrepos\")");
            return false;
        }
        return z & validateEndpoint(split[0], collection) & validateRepositoryName(split[1], collection);
    }

    private boolean validateTag(String str, Collection<String> collection) {
        boolean z = true;
        if (str.isEmpty()) {
            collection.add("Tag cannot be empty");
            z = false;
        }
        if (str.contains("/") || str.contains(":")) {
            collection.add(String.format("Illegal tag: \"%s\"", str));
            z = false;
        }
        return z;
    }

    private boolean validateDigest(String str, Collection<String> collection) {
        if (str.isEmpty()) {
            collection.add("Digest cannot be empty");
            return false;
        }
        int indexOf = str.indexOf(58);
        int lastIndexOf = str.lastIndexOf(58);
        if (indexOf > 0 && indexOf == lastIndexOf && indexOf != str.length() - 1) {
            return true;
        }
        collection.add(String.format("Illegal digest: \"%s\"", str));
        return false;
    }

    private boolean validateEndpoint(String str, Collection<String> collection) {
        String[] split = str.split(":", 2);
        if (!validateAddress(split[0], collection)) {
            return false;
        }
        if (split.length <= 1) {
            return true;
        }
        try {
            int intValue = Integer.valueOf(split[1]).intValue();
            if (intValue >= 0 && intValue <= 65535) {
                return true;
            }
            collection.add(String.format("Invalid port in endpoint: \"%s\"", str));
            return false;
        } catch (NumberFormatException e) {
            collection.add(String.format("Invalid port in endpoint: \"%s\"", str));
            return false;
        }
    }

    private boolean validateAddress(String str, Collection<String> collection) {
        if (IPV4_PATTERN.matcher(str).matches()) {
            return true;
        }
        if (DOMAIN_PATTERN.matcher(str).matches() && !DIGIT_PERIOD.matcher(str).find()) {
            return true;
        }
        collection.add(String.format("Invalid domain name: \"%s\"", str));
        return false;
    }

    private boolean validateRepositoryName(String str, Collection<String> collection) {
        String str2;
        String str3;
        boolean z = true;
        String[] split = str.split("/", 2);
        if (split.length < 2) {
            str2 = "library";
            str3 = split[0];
        } else {
            str2 = split[0];
            str3 = split[1];
        }
        if (!NAMESPACE_PATTERN.matcher(str2).matches()) {
            collection.add(String.format("Invalid namespace name (%s), only [a-z0-9_] are allowed, size between 4 and 30", str2));
            z = false;
        }
        if (!REPO_PATTERN.matcher(str3).matches()) {
            collection.add(String.format("Invalid repository name (%s), only [a-z0-9-_.] are allowed", str3));
            z = false;
        }
        return z;
    }

    private Set<String> validateJobHealthCheck(Job job) {
        HealthCheck healthCheck = job.getHealthCheck();
        if (healthCheck == null) {
            return Collections.emptySet();
        }
        HashSet newHashSet = Sets.newHashSet();
        if (healthCheck instanceof ExecHealthCheck) {
            List<String> command = ((ExecHealthCheck) healthCheck).getCommand();
            if (command == null || command.isEmpty()) {
                newHashSet.add("A command must be defined for `docker exec`-based health checks.");
            }
        } else if ((healthCheck instanceof HttpHealthCheck) || (healthCheck instanceof TcpHealthCheck)) {
            String port = healthCheck instanceof HttpHealthCheck ? ((HttpHealthCheck) healthCheck).getPort() : ((TcpHealthCheck) healthCheck).getPort();
            Map<String, PortMapping> ports = job.getPorts();
            if (Strings.isNullOrEmpty(port)) {
                newHashSet.add("A port must be defined for HTTP and TCP health checks.");
            } else if (!ports.containsKey(port)) {
                newHashSet.add(String.format("Health check port '%s' not defined in the job. Known ports are '%s'", port, Joiner.on(", ").join(ports.keySet())));
            }
        }
        return newHashSet;
    }

    private Set<String> validateJobNetworkMode(Job job) {
        String networkMode = job.getNetworkMode();
        if (networkMode == null) {
            return Collections.emptySet();
        }
        HashSet newHashSet = Sets.newHashSet();
        if (!VALID_NETWORK_MODES.contains(networkMode) && !networkMode.startsWith("container:")) {
            newHashSet.add(String.format("A Docker container's network mode must be %s, or container:<name|id>.", Joiner.on(", ").join(VALID_NETWORK_MODES)));
        }
        return newHashSet;
    }

    private boolean legalPort(int i) {
        return i >= 0 && i <= 65535;
    }
}
