package ai.traceable.agent.filter.opa;

import ai.traceable.javaagent.filter.com.squareup.okhttp3.Interceptor;
import ai.traceable.javaagent.filter.com.squareup.okhttp3.OkHttpClient;
import ai.traceable.javaagent.filter.com.squareup.okhttp3.Request;
import ai.traceable.javaagent.filter.com.squareup.okhttp3.Response;
import ai.traceable.javaagent.filter.com.squareup.okhttp3.tls.HandshakeCertificates;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.BlockingData;
import io.opentelemetry.javaagent.shaded.org.hypertrace.shaded.com.fasterxml.jackson.databind.DeserializationFeature;
import io.opentelemetry.javaagent.shaded.org.hypertrace.shaded.com.fasterxml.jackson.databind.JsonNode;
import io.opentelemetry.javaagent.shaded.org.hypertrace.shaded.com.fasterxml.jackson.databind.ObjectMapper;
import io.opentelemetry.javaagent.slf4j.Logger;
import io.opentelemetry.javaagent.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:inst/ai/traceable/agent/filter/opa/OpaCommunicator.classdata */
public class OpaCommunicator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OpaCommunicator.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final String PATH = "/v1/data";
    private final OkHttpClient httpClient;
    private final Request request;
    private volatile BlockingData blockingData;

    /* JADX INFO: Access modifiers changed from: protected */
    public OpaCommunicator(String str, String str2, boolean z, String str3) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (str2 != null && !str2.isEmpty()) {
            log.info("Adding authentication key");
            builder = withAuth(builder, str2);
        }
        if (str3 != null && !str3.isEmpty()) {
            withCustomCertFile(builder, str3);
        }
        this.httpClient = (z ? withSkipVerify(builder) : builder).build();
        this.request = new Request.Builder().url((str.endsWith("/") ? str.substring(0, str.length() - 1) : str) + PATH).get().build();
    }

    public void pollBlockingData() {
        try {
            Response execute = this.httpClient.newCall(this.request).execute();
            try {
                log.trace("Received response from OPA service: {}", execute);
                if (execute.isSuccessful()) {
                    if (execute.body() == null) {
                        log.warn("Unable to retrieve blocking data from the OPA service. Null response body");
                        if (execute != null) {
                            execute.close();
                            return;
                        }
                        return;
                    }
                    OBJECT_MAPPER.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
                    JsonNode readTree = OBJECT_MAPPER.readTree(execute.body().byteStream());
                    if (log.isDebugEnabled()) {
                        log.debug("Received blocking data from OPA service: {}", readTree);
                    }
                    if (readTree.at("/result").isEmpty()) {
                        if (log.isDebugEnabled()) {
                            log.debug("Empty data received from OPA.");
                        }
                        this.blockingData = new BlockingData();
                    } else {
                        this.blockingData = (BlockingData) OBJECT_MAPPER.treeToValue(readTree.at("/result/traceable/http/request"), BlockingData.class);
                    }
                }
                if (execute != null) {
                    execute.close();
                }
            } finally {
            }
        } catch (IOException e) {
            log.warn("Unable to make a successful get call to the OPA service.Error:" + e.getMessage());
        }
    }

    public BlockingData getBlockingData() {
        return this.blockingData;
    }

    private static OkHttpClient.Builder withAuth(OkHttpClient.Builder builder, String str) {
        builder.addInterceptor(getAuthInterceptor("Bearer " + str));
        return builder;
    }

    private static void withCustomCertFile(OkHttpClient.Builder builder, String str) {
        Path path = Paths.get(str, new String[0]);
        HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
        if (!Files.exists(path, new LinkOption[0])) {
            log.error("invalid cert_file path");
            return;
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Files.readAllBytes(path));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                while (byteArrayInputStream.available() > 0) {
                    try {
                        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                        if (generateCertificate instanceof X509Certificate) {
                            builder2.addTrustedCertificate((X509Certificate) generateCertificate);
                        } else {
                            log.error("Error constructing X509 certificate");
                        }
                    } catch (CertificateException e) {
                        log.error("Error while generating certificate", (Throwable) e);
                        return;
                    }
                }
                HandshakeCertificates build = builder2.build();
                builder.sslSocketFactory(build.sslSocketFactory(), build.trustManager());
            } catch (CertificateException e2) {
                log.error("Cannot find X.509 CertificateFactory", (Throwable) e2);
            }
        } catch (IOException e3) {
            log.error("error reading cert file", (Throwable) e3);
        }
    }

    private static OkHttpClient.Builder withSkipVerify(OkHttpClient.Builder builder) {
        try {
            TrustManager[] trustAllCertsManagers = getTrustAllCertsManagers();
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustAllCertsManagers, new SecureRandom());
            builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustAllCertsManagers[0]);
            builder.hostnameVerifier(getSkipVerifyHostnameVerifier());
        } catch (KeyManagementException e) {
            log.warn("Error in initializing SSL context. SkipVerify could not be set to true.", (Throwable) e);
        } catch (NoSuchAlgorithmException e2) {
            log.warn("Error in getting SSL context. SkipVerify could not be set to true.", (Throwable) e2);
        }
        return builder;
    }

    private static Interceptor getAuthInterceptor(String str) {
        return chain -> {
            return chain.proceed(chain.request().newBuilder().addHeader("Authorization", str).build());
        };
    }

    private static TrustManager[] getTrustAllCertsManagers() {
        return new TrustManager[]{new X509TrustManager() { // from class: ai.traceable.agent.filter.opa.OpaCommunicator.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    private static HostnameVerifier getSkipVerifyHostnameVerifier() {
        return (str, sSLSession) -> {
            return true;
        };
    }
}
