package org.apache.jackrabbit.oak.segment.azure;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.azure.storage.StorageCredentials;
import com.microsoft.azure.storage.StorageCredentialsAccountAndKey;
import com.microsoft.azure.storage.StorageCredentialsToken;
import java.io.Closeable;
import java.time.LocalDateTime;
import java.time.OffsetDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Objects;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.oak.commons.concurrent.ExecutorCloser;
import org.apache.jackrabbit.oak.segment.azure.util.Environment;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/segment/azure/AzureStorageCredentialManager.class */
public class AzureStorageCredentialManager implements Closeable {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AzureStorageCredentialManager.class);
    private static final String AZURE_DEFAULT_SCOPE = "https://storage.azure.com/.default";
    private static final long TOKEN_REFRESHER_INITIAL_DELAY = 45;
    private static final long TOKEN_REFRESHER_DELAY = 1;
    private ClientSecretCredential clientSecretCredential;
    private AccessToken accessToken;
    private StorageCredentialsToken storageCredentialsToken;
    private final ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/segment/azure/AzureStorageCredentialManager$TokenRefresher.class */
    public class TokenRefresher implements Runnable {
        private TokenRefresher() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                AzureStorageCredentialManager.log.debug("Checking for azure access token expiry at: {}", LocalDateTime.now());
                OffsetDateTime plusMinutes = OffsetDateTime.now().plusMinutes(5L);
                if (AzureStorageCredentialManager.this.accessToken.getExpiresAt() != null && AzureStorageCredentialManager.this.accessToken.getExpiresAt().isBefore(plusMinutes)) {
                    AzureStorageCredentialManager.log.info("Access token is about to expire (5 minutes or less) at: {}. New access token will be generated", AzureStorageCredentialManager.this.accessToken.getExpiresAt().format(DateTimeFormatter.ISO_LOCAL_DATE_TIME));
                    AccessToken tokenSync = AzureStorageCredentialManager.this.clientSecretCredential.getTokenSync(new TokenRequestContext().addScopes(AzureStorageCredentialManager.AZURE_DEFAULT_SCOPE));
                    AzureStorageCredentialManager.log.info("New azure access token generated at: {}", LocalDateTime.now());
                    if (tokenSync == null || StringUtils.isBlank(tokenSync.getToken())) {
                        AzureStorageCredentialManager.log.error("New access token is null or empty");
                    } else {
                        AzureStorageCredentialManager.this.accessToken = tokenSync;
                        AzureStorageCredentialManager.this.storageCredentialsToken.updateToken(AzureStorageCredentialManager.this.accessToken.getToken());
                    }
                }
            } catch (Exception e) {
                AzureStorageCredentialManager.log.error("Error while acquiring new access token: ", (Throwable) e);
            }
        }
    }

    public StorageCredentials getStorageCredentialsFromEnvironment(@NotNull String str, @NotNull Environment environment) {
        String variable = environment.getVariable("AZURE_CLIENT_ID");
        String variable2 = environment.getVariable("AZURE_CLIENT_SECRET");
        String variable3 = environment.getVariable("AZURE_TENANT_ID");
        if (StringUtils.isNoneBlank(variable, variable2, variable3)) {
            try {
                return getStorageCredentialAccessTokenFromServicePrincipals(str, variable, variable2, variable3);
            } catch (IllegalArgumentException | StringIndexOutOfBoundsException e) {
                log.error("Error occurred while connecting to Azure Storage using service principals: ", e);
                throw new IllegalArgumentException("Could not connect to the Azure Storage. Please verify if AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID environment variables are correctly set!");
            }
        }
        log.warn("AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID environment variables empty or missing. Switching to authentication with AZURE_SECRET_KEY.");
        try {
            return new StorageCredentialsAccountAndKey(str, environment.getVariable(AzureUtilities.AZURE_SECRET_KEY));
        } catch (IllegalArgumentException | StringIndexOutOfBoundsException e2) {
            log.error("Error occurred while connecting to Azure Storage using secret key: ", e2);
            throw new IllegalArgumentException("Could not connect to the Azure Storage. Please verify if AZURE_SECRET_KEY environment variable is correctly set!");
        }
    }

    public StorageCredentials getStorageCredentialAccessTokenFromServicePrincipals(String str, String str2, String str3, String str4) {
        boolean z = false;
        if (this.accessToken == null) {
            this.clientSecretCredential = new ClientSecretCredentialBuilder().clientId(str2).clientSecret(str3).tenantId(str4).build();
            this.accessToken = this.clientSecretCredential.getTokenSync(new TokenRequestContext().addScopes(AZURE_DEFAULT_SCOPE));
            if (this.accessToken == null || StringUtils.isBlank(this.accessToken.getToken())) {
                throw new IllegalArgumentException("Could not connect to azure storage, access token is null or empty");
            }
            this.storageCredentialsToken = new StorageCredentialsToken(str, this.accessToken.getToken());
            z = true;
        }
        Objects.requireNonNull(this.storageCredentialsToken, "storageCredentialsToken cannot be null");
        if (z) {
            log.info("starting refresh token task at: {}", OffsetDateTime.now());
            this.executorService.scheduleWithFixedDelay(new TokenRefresher(), TOKEN_REFRESHER_INITIAL_DELAY, 1L, TimeUnit.MINUTES);
        }
        return this.storageCredentialsToken;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        new ExecutorCloser(this.executorService).close();
        log.info("Access token refresh executor shutdown completed");
    }
}
