package com.ibm.cloud.sdk.core.security;

import com.ibm.cloud.sdk.core.http.HttpMediaType;
import com.ibm.cloud.sdk.core.http.RequestBuilder;
import java.net.Proxy;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import okhttp3.FormBody;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:com/ibm/cloud/sdk/core/security/ContainerAuthenticator.class */
public class ContainerAuthenticator extends IamRequestBasedAuthenticator implements Authenticator {
    private static final Logger LOG = Logger.getLogger(ContainerAuthenticator.class.getName());
    private static final String DEFAULT_IAM_URL = "https://iam.cloud.ibm.com";
    private static final String OPERATION_PATH = "/identity/token";
    private static final String DEFAULT_CR_TOKEN_FILENAME = "/var/run/secrets/tokens/vault-token";
    private static final String ERRORMSG_CR_TOKEN_ERROR = "Error reading CR token file: %s";
    private String crTokenFilename;
    private String iamProfileName;
    private String iamProfileId;

    /* loaded from: input_file:com/ibm/cloud/sdk/core/security/ContainerAuthenticator$Builder.class */
    public static class Builder {
        private String crTokenFilename;
        private String iamProfileName;
        private String iamProfileId;
        private String url;
        private String scope;
        private String clientId;
        private String clientSecret;
        private boolean disableSSLVerification;
        private Map<String, String> headers;
        private Proxy proxy;
        private okhttp3.Authenticator proxyAuthenticator;

        public Builder() {
        }

        private Builder(ContainerAuthenticator containerAuthenticator) {
            this.crTokenFilename = containerAuthenticator.crTokenFilename;
            this.iamProfileName = containerAuthenticator.iamProfileName;
            this.iamProfileId = containerAuthenticator.iamProfileId;
            this.url = containerAuthenticator.getURL();
            this.scope = containerAuthenticator.getScope();
            this.clientId = containerAuthenticator.getClientId();
            this.clientSecret = containerAuthenticator.getClientSecret();
            this.disableSSLVerification = containerAuthenticator.getDisableSSLVerification();
            this.headers = containerAuthenticator.getHeaders();
            this.proxy = containerAuthenticator.getProxy();
            this.proxyAuthenticator = containerAuthenticator.getProxyAuthenticator();
        }

        public ContainerAuthenticator build() {
            return new ContainerAuthenticator(this);
        }

        public Builder crTokenFilename(String str) {
            this.crTokenFilename = str;
            return this;
        }

        public Builder iamProfileName(String str) {
            this.iamProfileName = str;
            return this;
        }

        public Builder iamProfileId(String str) {
            this.iamProfileId = str;
            return this;
        }

        public Builder url(String str) {
            this.url = str;
            return this;
        }

        public Builder clientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder clientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Builder scope(String str) {
            this.scope = str;
            return this;
        }

        public Builder disableSSLVerification(boolean z) {
            this.disableSSLVerification = z;
            return this;
        }

        public Builder headers(Map<String, String> map) {
            this.headers = map;
            return this;
        }

        public Builder proxy(Proxy proxy) {
            this.proxy = proxy;
            return this;
        }

        public Builder proxyAuthenticator(okhttp3.Authenticator authenticator) {
            this.proxyAuthenticator = authenticator;
            return this;
        }
    }

    protected ContainerAuthenticator() {
    }

    protected ContainerAuthenticator(Builder builder) {
        this.crTokenFilename = builder.crTokenFilename;
        this.iamProfileName = builder.iamProfileName;
        this.iamProfileId = builder.iamProfileId;
        setURL(builder.url);
        setScope(builder.scope);
        setClientIdAndSecret(builder.clientId, builder.clientSecret);
        setDisableSSLVerification(builder.disableSSLVerification);
        setHeaders(builder.headers);
        setProxy(builder.proxy);
        setProxyAuthenticator(builder.proxyAuthenticator);
        validate();
    }

    public Builder newBuilder() {
        return new Builder();
    }

    public static ContainerAuthenticator fromConfiguration(Map<String, String> map) {
        return new Builder().crTokenFilename(map.get(Authenticator.PROPNAME_CR_TOKEN_FILENAME)).iamProfileName(map.get(Authenticator.PROPNAME_IAM_PROFILE_NAME)).iamProfileId(map.get(Authenticator.PROPNAME_IAM_PROFILE_ID)).url(map.get(Authenticator.PROPNAME_URL)).scope(map.get(Authenticator.PROPNAME_SCOPE)).clientId(map.get(Authenticator.PROPNAME_CLIENT_ID)).clientSecret(map.get(Authenticator.PROPNAME_CLIENT_SECRET)).disableSSLVerification(Boolean.valueOf(map.get(Authenticator.PROPNAME_DISABLE_SSL)).booleanValue()).build();
    }

    @Override // com.ibm.cloud.sdk.core.security.IamRequestBasedAuthenticator, com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticator, com.ibm.cloud.sdk.core.security.Authenticator
    public void validate() {
        super.validate();
        if (StringUtils.isEmpty(getURL())) {
            setURL(DEFAULT_IAM_URL);
        } else {
            setURL(StringUtils.removeEnd(getURL(), OPERATION_PATH));
        }
        if (StringUtils.isEmpty(getIamProfileName()) && StringUtils.isEmpty(getIamProfileId())) {
            throw new IllegalArgumentException(String.format(AuthenticatorBase.ERRORMSG_ATLEAST_ONE_PROP_ERROR, "iamProfileName", "iamProfileId"));
        }
    }

    @Override // com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticator, com.ibm.cloud.sdk.core.security.Authenticator
    public String authenticationType() {
        return Authenticator.AUTHTYPE_CONTAINER;
    }

    public String getCrTokenFilename() {
        return this.crTokenFilename;
    }

    public String getIamProfileName() {
        return this.iamProfileName;
    }

    public String getIamProfileId() {
        return this.iamProfileId;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticator
    public IamToken requestToken() {
        IamToken iamToken;
        try {
            String retrieveCRToken = retrieveCRToken();
            RequestBuilder post = RequestBuilder.post(RequestBuilder.resolveRequestUrl(getURL(), OPERATION_PATH));
            post.header("Accept", "application/json");
            post.header("Content-Type", HttpMediaType.APPLICATION_FORM_URLENCODED);
            addAuthorizationHeader(post);
            FormBody.Builder add = new FormBody.Builder().add("grant_type", "urn:ibm:params:oauth:grant-type:cr-token").add("cr_token", retrieveCRToken);
            if (!StringUtils.isEmpty(getIamProfileId())) {
                add.add("profile_id", getIamProfileId());
            }
            if (!StringUtils.isEmpty(getIamProfileName())) {
                add.add("profile_name", getIamProfileName());
            }
            if (!StringUtils.isEmpty(getScope())) {
                add.add(BeanDefinitionParserDelegate.SCOPE_ATTRIBUTE, getScope());
            }
            post.body(add.build());
            iamToken = invokeRequest(post, IamToken.class);
        } catch (Throwable th) {
            iamToken = new IamToken(th);
        }
        return iamToken;
    }

    protected String retrieveCRToken() throws IllegalStateException {
        try {
            String crTokenFilename = getCrTokenFilename();
            if (StringUtils.isEmpty(crTokenFilename)) {
                crTokenFilename = DEFAULT_CR_TOKEN_FILENAME;
            }
            LOG.log(Level.FINE, "Attempting to read CR token from file: ", crTokenFilename);
            String str = new String(Files.readAllBytes(Paths.get(crTokenFilename, new String[0])), StandardCharsets.UTF_8);
            LOG.log(Level.FINE, "Successfully read CR token from file: ", crTokenFilename);
            return str;
        } catch (Throwable th) {
            throw new RuntimeException(String.format(ERRORMSG_CR_TOKEN_ERROR, th.getMessage() != null ? th.getMessage() : th.getClass().getName()), th);
        }
    }
}
