package com.ibm.cloud.objectstorage.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.ibm.cloud.objectstorage.ClientConfiguration;
import com.ibm.cloud.objectstorage.SDKGlobalConfiguration;
import com.ibm.cloud.objectstorage.http.apache.SdkProxyRoutePlanner;
import com.ibm.cloud.objectstorage.http.apache.client.impl.ApacheConnectionManagerFactory;
import com.ibm.cloud.objectstorage.http.apache.utils.ApacheUtils;
import com.ibm.cloud.objectstorage.http.conn.ssl.SdkTLSSocketFactory;
import com.ibm.cloud.objectstorage.http.settings.HttpClientSettings;
import com.ibm.cloud.objectstorage.log.InternalLogApi;
import com.ibm.cloud.objectstorage.log.InternalLogFactory;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/ibm/cloud/objectstorage/oauth/DefaultTokenManager.class */
public class DefaultTokenManager implements TokenManager {
    private static final String BASIC_AUTH = "Basic Yng6Yng=";
    private static final String CONTENT_TYPE = "application/x-www-form-urlencoded";
    private static final String ACCEPT = "application/json";
    private static final String REFRESH_GRANT_TYPE = "refresh_token";
    private static final String RESPONSE_TYPE = "cloud_iam";
    private TokenProvider provider;
    private volatile Token token;
    private ClientConfiguration clientConfiguration;
    private HttpClientSettings httpClientSettings;
    protected static final InternalLogApi log = InternalLogFactory.getLog((Class<?>) DefaultTokenManager.class);
    private static final Set<Integer> NON_RETRYABLE_STATUS_CODES = new HashSet(4);
    private volatile boolean asyncInProgress = false;
    private String iamEndpoint = SDKGlobalConfiguration.IAM_ENDPOINT;
    private int iamMaxRetry = SDKGlobalConfiguration.IAM_MAX_RETRY;
    private double iamRefreshOffset = SDKGlobalConfiguration.IAM_REFRESH_OFFSET;
    private final ExecutorService executor = Executors.newSingleThreadExecutor();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/cloud/objectstorage/oauth/DefaultTokenManager$TokenRefreshTask.class */
    public class TokenRefreshTask implements Runnable {
        private String iamEndpoint;
        private DefaultTokenManager tokenManager;
        private Token refreshedToken = null;

        TokenRefreshTask(String str, DefaultTokenManager defaultTokenManager) {
            this.iamEndpoint = str;
            this.tokenManager = defaultTokenManager;
        }

        @Override // java.lang.Runnable
        public void run() {
            while (this.refreshedToken == null && System.currentTimeMillis() / 1000 < this.tokenManager.token.getExpirationTime()) {
                try {
                    this.refreshedToken = retrieveIAMToken(this.tokenManager.token.getRefresh_token());
                } catch (OAuthServiceException e) {
                    DefaultTokenManager.log.info("Exception refreshing IAM token. Returned status code " + e.getStatusCode());
                }
                if (this.refreshedToken == null) {
                    try {
                        Thread.sleep(30000L);
                    } catch (InterruptedException e2) {
                        DefaultTokenManager.log.info("Token refresh task interrupted." + e2.getMessage());
                    }
                }
            }
            if (this.refreshedToken != null) {
                this.tokenManager.cacheToken(this.refreshedToken);
                DefaultTokenManager.log.info("Token refreshed");
            } else {
                DefaultTokenManager.log.info("Token could not be refreshed.");
            }
            this.tokenManager.asyncInProgress = false;
        }

        protected Token retrieveIAMToken(String str) {
            SSLContext createDefault;
            DefaultTokenManager.log.debug("OAuthTokenManager.retrieveIAMToken");
            try {
                if (SDKGlobalConfiguration.isCertCheckingDisabled()) {
                    if (DefaultTokenManager.log.isWarnEnabled()) {
                        DefaultTokenManager.log.warn("SSL Certificate checking for endpoints has been explicitly disabled.");
                    }
                    createDefault = SSLContext.getInstance("TLS");
                    createDefault.init(null, new TrustManager[]{new ApacheConnectionManagerFactory.TrustingX509TrustManager()}, null);
                } else {
                    createDefault = SSLContexts.createDefault();
                }
                SdkTLSSocketFactory sdkTLSSocketFactory = new SdkTLSSocketFactory(createDefault, new DefaultHostnameVerifier());
                HttpClientBuilder create = HttpClientBuilder.create();
                if (DefaultTokenManager.this.httpClientSettings != null) {
                    DefaultTokenManager.addProxyConfig(create, DefaultTokenManager.this.httpClientSettings);
                }
                CloseableHttpClient build = create.setSSLSocketFactory(sdkTLSSocketFactory).build();
                HttpPost httpPost = new HttpPost(this.iamEndpoint);
                httpPost.setHeader("Authorization", DefaultTokenManager.BASIC_AUTH);
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                httpPost.setHeader("Accept", DefaultTokenManager.ACCEPT);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("grant_type", DefaultTokenManager.REFRESH_GRANT_TYPE));
                arrayList.add(new BasicNameValuePair("response_type", DefaultTokenManager.RESPONSE_TYPE));
                arrayList.add(new BasicNameValuePair(DefaultTokenManager.REFRESH_GRANT_TYPE, str));
                httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                HttpResponse execute = build.execute((HttpUriRequest) httpPost);
                if (execute.getStatusLine().getStatusCode() / 100 == 2) {
                    return (Token) new ObjectMapper().readValue(EntityUtils.toString(execute.getEntity()), Token.class);
                }
                DefaultTokenManager.log.info("Response code= " + execute.getStatusLine().getStatusCode() + ", Reason= " + execute.getStatusLine().getReasonPhrase() + ".Throwing OAuthServiceException");
                OAuthServiceException oAuthServiceException = new OAuthServiceException("Token retrival from IAM service failed with refresh token");
                oAuthServiceException.setStatusCode(execute.getStatusLine().getStatusCode());
                oAuthServiceException.setStatusMessage(execute.getStatusLine().getReasonPhrase());
                throw oAuthServiceException;
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
                return null;
            } catch (IOException e2) {
                e2.printStackTrace();
                return null;
            } catch (KeyManagementException e3) {
                e3.printStackTrace();
                return null;
            } catch (NoSuchAlgorithmException e4) {
                e4.printStackTrace();
                return null;
            } catch (ClientProtocolException e5) {
                e5.printStackTrace();
                return null;
            }
        }
    }

    public DefaultTokenManager(String str) {
        log.debug("DefaultTokenManager api key constructor");
        this.provider = new DefaultTokenProvider(str);
    }

    public DefaultTokenManager(TokenProvider tokenProvider) {
        this.provider = tokenProvider;
    }

    public void setIamEndpoint(String str) {
        this.iamEndpoint = str;
    }

    public void setIamRefreshOffset(double d) {
        this.iamRefreshOffset = d;
    }

    public void setIamMaxRetry(int i) {
        this.iamMaxRetry = i;
    }

    public TokenProvider getProvider() {
        return this.provider;
    }

    @Override // com.ibm.cloud.objectstorage.oauth.TokenManager
    public String getToken() {
        log.debug("DefaultTokenManager getToken()");
        if (!checkCache()) {
            retrieveToken();
        }
        if (this.token == null) {
            this.token = retrieveTokenFromCache();
        }
        if (hasTokenExpired(this.token)) {
            this.token = retrieveTokenFromCache();
        }
        if (isTokenExpiring(this.token) && !isAsyncInProgress()) {
            if (null != this.token.getRefresh_token()) {
                this.asyncInProgress = true;
                submitRefreshTask();
            } else {
                retrieveToken();
                this.token = retrieveTokenFromCache();
            }
        }
        return (this.token.getAccess_token() == null || this.token.getAccess_token().isEmpty()) ? (this.token.getDelegated_refresh_token() == null || this.token.getDelegated_refresh_token().isEmpty()) ? (this.token.getIms_token() == null || this.token.getIms_token().isEmpty()) ? this.token.getUaa_token() : this.token.getIms_token() : this.token.getDelegated_refresh_token() : this.token.getAccess_token();
    }

    protected boolean checkCache() {
        log.debug("OAuthTokenManager.checkCache()");
        return getCachedToken() != null;
    }

    protected synchronized void cacheToken(Token token) {
        int i;
        long j;
        log.debug("OAuthTokenManager.cacheToken");
        try {
            i = Integer.parseInt(token.getExpires_in());
        } catch (NumberFormatException e) {
            i = 0;
        }
        try {
            j = Long.parseLong(token.getExpiration());
        } catch (NumberFormatException e2) {
            j = 0;
        }
        token.setRefreshTime(j - ((long) (i * this.iamRefreshOffset)));
        token.setExpirationTime(j);
        setTokenCache(token);
    }

    protected Token retrieveTokenFromCache() {
        log.debug("OAuthTokenManager.retrieveTokenFromCache");
        return getCachedToken();
    }

    protected boolean hasTokenExpired(Token token) {
        log.debug("OAuthTokenManager.hasTokenExpired");
        if (Long.valueOf(token.getExpiration()).longValue() >= System.currentTimeMillis() / 1000) {
            return false;
        }
        retrieveToken();
        return true;
    }

    protected boolean isTokenExpiring(Token token) {
        log.debug("OAuthTokenManager.isTokenExpiring");
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis > token.getRefreshTime()) {
            log.debug("Token is expiring");
            return true;
        }
        log.debug("Token is not expiring." + token.getRefreshTime() + " > " + currentTimeMillis);
        return false;
    }

    protected Token getCachedToken() {
        return this.token;
    }

    protected void setTokenCache(Token token) {
        this.token = token;
    }

    protected synchronized void retrieveToken() {
        log.debug("OAuthTokenManager.retrieveToken");
        if (this.token == null || Long.valueOf(this.token.getExpiration()).longValue() < System.currentTimeMillis() / 1000) {
            log.debug("Token is null, retrieving initial token from provider");
            boolean z = true;
            int i = 0;
            while (z && i < this.iamMaxRetry) {
                try {
                    i++;
                    this.token = this.provider.retrieveToken();
                    z = false;
                } catch (OAuthServiceException e) {
                    log.debug("Exception retrieving IAM token. Returned status code " + e.getStatusCode() + "Retry attempt " + i);
                    z = shouldRetry(e.getStatusCode());
                    if (!z || i == this.iamMaxRetry) {
                        throw e;
                    }
                }
            }
            if (null == this.token) {
                throw new OAuthServiceException("Null token returned by the Token Provider");
            }
            cacheToken(this.token);
        }
    }

    protected void submitRefreshTask() {
        this.executor.execute(new TokenRefreshTask(this.iamEndpoint, this));
        log.debug("Submitted token refresh task");
    }

    protected boolean isAsyncInProgress() {
        log.debug("Aysnchrnonous job in progress : " + this.asyncInProgress);
        return this.asyncInProgress;
    }

    public ClientConfiguration getClientConfiguration() {
        return this.clientConfiguration;
    }

    public void setClientConfiguration(ClientConfiguration clientConfiguration) {
        this.clientConfiguration = clientConfiguration;
        if (clientConfiguration != null) {
            this.httpClientSettings = HttpClientSettings.adapt(clientConfiguration);
            if (getProvider() instanceof DefaultTokenProvider) {
                ((DefaultTokenProvider) getProvider()).setHttpClientSettings(this.httpClientSettings);
            }
            if (getProvider() instanceof DelegateTokenProvider) {
                ((DelegateTokenProvider) getProvider()).setHttpClientSettings(this.httpClientSettings);
            }
        }
    }

    private boolean shouldRetry(int i) {
        return !NON_RETRYABLE_STATUS_CODES.contains(Integer.valueOf(i));
    }

    protected void finalize() throws Throwable {
        try {
            this.executor.shutdown();
            super.finalize();
        } catch (Throwable th) {
            super.finalize();
            throw th;
        }
    }

    public static void addProxyConfig(HttpClientBuilder httpClientBuilder, HttpClientSettings httpClientSettings) {
        if (httpClientSettings.isProxyEnabled()) {
            log.info("Configuring Proxy. Proxy Host: " + httpClientSettings.getProxyHost() + " Proxy Port: " + httpClientSettings.getProxyPort());
            httpClientBuilder.setRoutePlanner(new SdkProxyRoutePlanner(httpClientSettings.getProxyHost(), httpClientSettings.getProxyPort(), httpClientSettings.getNonProxyHosts()));
            if (httpClientSettings.isAuthenticatedProxy()) {
                httpClientBuilder.setDefaultCredentialsProvider(ApacheUtils.newProxyCredentialsProvider(httpClientSettings));
            }
        }
    }

    static {
        NON_RETRYABLE_STATUS_CODES.add(400);
        NON_RETRYABLE_STATUS_CODES.add(401);
        NON_RETRYABLE_STATUS_CODES.add(403);
        NON_RETRYABLE_STATUS_CODES.add(404);
    }
}
