package io.micronaut.kubernetes.client.openapi.credential;

import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.context.annotation.Requirements;
import io.micronaut.context.annotation.Requires;
import io.micronaut.context.exceptions.ConfigurationException;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.kubernetes.client.openapi.config.KubernetesClientConfiguration;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import java.io.IOException;
import java.io.InputStream;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.Optional;
import java.util.concurrent.ExecutorService;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Scheduler;
import reactor.core.scheduler.Schedulers;

@Singleton
@Requirements({@Requires(env = {"k8s"}), @Requires(property = "kubernetes.client.service-account.enabled", value = "true", defaultValue = "true")})
@Internal
@BootstrapContextCompatible
/* loaded from: input_file:io/micronaut/kubernetes/client/openapi/credential/ServiceAccountTokenLoader.class */
final class ServiceAccountTokenLoader implements ReactiveKubernetesTokenLoader {
    private static final Logger LOG = LoggerFactory.getLogger(ServiceAccountTokenLoader.class);
    private static final int ORDER = 30;
    private final ResourceResolver resourceResolver;
    private final KubernetesClientConfiguration.ServiceAccount serviceAccount;
    private final Scheduler scheduler;
    private volatile String token;
    private volatile LocalDateTime expirationTime;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceAccountTokenLoader(ResourceResolver resourceResolver, KubernetesClientConfiguration kubernetesClientConfiguration, @Named("blocking") @Nullable ExecutorService executorService) {
        this.resourceResolver = resourceResolver;
        this.serviceAccount = kubernetesClientConfiguration.getServiceAccount();
        this.scheduler = executorService == null ? null : Schedulers.fromExecutorService(executorService);
    }

    public int getOrder() {
        return ORDER;
    }

    @Override // io.micronaut.kubernetes.client.openapi.credential.ReactiveKubernetesTokenLoader
    public Publisher<String> getToken() {
        if (!shouldLoadToken()) {
            return Mono.just(this.token).doOnNext(str -> {
                LOG.trace("Token loaded");
            });
        }
        Mono fromCallable = Mono.fromCallable(this::reloadedToken);
        if (this.scheduler != null) {
            fromCallable = fromCallable.subscribeOn(this.scheduler);
        }
        return fromCallable.doOnNext(str2 -> {
            LOG.trace("Token loaded");
        });
    }

    private String reloadedToken() {
        if (shouldLoadToken()) {
            synchronized (this) {
                if (shouldLoadToken()) {
                    String tokenPath = this.serviceAccount.getTokenPath();
                    Duration tokenReloadInterval = this.serviceAccount.getTokenReloadInterval();
                    try {
                        this.token = loadToken(tokenPath);
                        this.expirationTime = LocalDateTime.now().plusSeconds(tokenReloadInterval.toSeconds());
                    } catch (Exception e) {
                        LOG.error("Failed to load token from file: {}", tokenPath, e);
                    }
                }
            }
        }
        return this.token;
    }

    private boolean shouldLoadToken() {
        if (this.token == null || this.expirationTime == null) {
            return true;
        }
        LocalDateTime now = LocalDateTime.now();
        LOG.debug("Check whether token reloading needed, now={}, expiration={}", now, this.expirationTime);
        return this.expirationTime.isBefore(now);
    }

    private String loadToken(String str) throws IOException {
        LOG.debug("Loading token from file: {}", str);
        Optional resourceAsStream = this.resourceResolver.getResourceAsStream(str);
        if (resourceAsStream.isEmpty()) {
            throw new ConfigurationException("Token file not found: " + str);
        }
        return new String(((InputStream) resourceAsStream.get()).readAllBytes());
    }
}
