package org.apache.knox.gateway.service.idbroker.azure;

import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.PathNotFoundException;
import com.jayway.jsonpath.Predicate;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.AzureTokenCredentials;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.stream.Collectors;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;

/* loaded from: input_file:org/apache/knox/gateway/service/idbroker/azure/KnoxMSICredentials.class */
public class KnoxMSICredentials extends AzureTokenCredentials {
    private static final String API_VERSION_2018_02 = "2018-02-01";
    private static final String API_VERSION_2018_06 = "2018-06-01";
    private static final String IMDS_ENDPOINT = "169.254.169.254";
    private static final String AZURE_MANAGEMENT_ENDPOINT = "management.azure.com";
    private static final int imdsUpgradeTimeInMs = 70000;
    private static final AzureClientMessages LOG = (AzureClientMessages) MessagesFactory.get(AzureClientMessages.class);
    private static final Random RANDOM = new Random();
    private static final List<Integer> retrySlots = Arrays.asList(1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987, 1597, 2584, 4181, 6765);
    private static final int maxRetry = retrySlots.size();
    private final String resource;
    private String objectId;
    private String clientId;
    private String identityId;
    private final ReadWriteLock readWriteLock;
    private final Lock readLock;
    private final Lock writeLock;

    public KnoxMSICredentials() {
        this(AzureEnvironment.AZURE);
    }

    public KnoxMSICredentials(AzureEnvironment azureEnvironment) {
        super(azureEnvironment, (String) null);
        this.readWriteLock = new ReentrantReadWriteLock();
        this.readLock = this.readWriteLock.readLock();
        this.writeLock = this.readWriteLock.writeLock();
        this.resource = azureEnvironment.managementEndpoint();
    }

    public KnoxMSICredentials withObjectId(String str) {
        this.objectId = str;
        this.clientId = null;
        this.identityId = null;
        return this;
    }

    public KnoxMSICredentials withClientId(String str) {
        this.clientId = str;
        this.objectId = null;
        this.identityId = null;
        return this;
    }

    public KnoxMSICredentials withIdentityId(String str) {
        this.identityId = str;
        this.clientId = null;
        this.objectId = null;
        return this;
    }

    public String getToken(String str) throws IOException {
        String str2;
        if (str == null) {
            try {
                str2 = this.resource;
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            }
        } else {
            str2 = str;
        }
        return getTokenFromIMDSEndpoint(str2);
    }

    public String getComputeInstanceMetadata(String str) throws InterruptedException {
        try {
            String str2 = "api-version=" + URLEncoder.encode(API_VERSION_2018_02, StandardCharsets.UTF_8.name());
            HashMap hashMap = new HashMap();
            hashMap.put("Metadata", "true");
            return StringUtils.isBlank(str) ? httpRequest("GET", String.format(Locale.ROOT, "http://169.254.169.254/metadata/instance/compute?%s", str2), hashMap, null) : httpRequest("GET", String.format(Locale.ROOT, "http://169.254.169.254/metadata/instance/compute/%s?%s", str, str2), hashMap, null);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public String attachIdentities(String str, String str2, String str3) {
        this.writeLock.lock();
        try {
            try {
                String str4 = "api-version=" + URLEncoder.encode(API_VERSION_2018_06, StandardCharsets.UTF_8.name());
                HashMap hashMap = new HashMap();
                hashMap.put("Content-Type", "application/json");
                hashMap.put("Authorization", "Bearer " + str3);
                String httpPatchRequest = httpPatchRequest(String.format(Locale.ROOT, "https://management.azure.com%s?%s", str, str4), hashMap, str2);
                this.writeLock.unlock();
                return httpPatchRequest;
            } catch (IOException | PathNotFoundException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23, types: [java.util.Map] */
    public Set<String> getAssignedUserIdentityList(String str, String str2) throws InterruptedException {
        this.readLock.lock();
        try {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("Authorization", "Bearer " + str2);
                String httpRequest = httpRequest("GET", String.format(Locale.ROOT, "https://management.azure.com/%s?%s", str, "api-version=" + URLEncoder.encode(API_VERSION_2018_06, StandardCharsets.UTF_8.name())), hashMap, null);
                HashMap hashMap2 = new HashMap();
                try {
                    hashMap2 = (Map) JsonPath.read(httpRequest, "$.identity.userAssignedIdentities", new Predicate[0]);
                } catch (PathNotFoundException e) {
                }
                Set<String> keySet = hashMap2.keySet();
                this.readLock.unlock();
                return keySet;
            } catch (Throwable th) {
                this.readLock.unlock();
                throw th;
            }
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String getTokenFromIMDSEndpoint(String str) throws InterruptedException {
        try {
            StringBuilder append = new StringBuilder().append("api-version=").append(URLEncoder.encode(API_VERSION_2018_02, StandardCharsets.UTF_8.name())).append("&resource=").append(URLEncoder.encode(str, StandardCharsets.UTF_8.name()));
            if (this.objectId != null) {
                append.append("&object_id=").append(URLEncoder.encode(this.objectId, StandardCharsets.UTF_8.name()));
            } else if (this.clientId != null) {
                append.append("&client_id=").append(URLEncoder.encode(this.clientId, StandardCharsets.UTF_8.name()));
            } else if (this.identityId != null) {
                append.append("&msi_res_id=").append(URLEncoder.encode(this.identityId, StandardCharsets.UTF_8.name()));
            }
            HashMap hashMap = new HashMap();
            hashMap.put("Metadata", "true");
            return httpRequest("GET", String.format(Locale.ROOT, "http://169.254.169.254/metadata/identity/oauth2/token?%s", append.toString()), hashMap, null);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String httpRequest(String str, String str2, Map<String, String> map, String str3) throws IOException, InterruptedException {
        int i = 1;
        int i2 = 0;
        String str4 = "";
        while (true) {
            if (i > maxRetry) {
                break;
            }
            URL url = new URL(str2);
            HttpURLConnection httpURLConnection = null;
            LOG.printRequestURL(str, str2);
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) url.openConnection();
                if (map != null && !map.isEmpty()) {
                    for (Map.Entry<String, String> entry : map.entrySet()) {
                        httpURLConnection2.setRequestProperty(entry.getKey(), entry.getValue());
                    }
                }
                if (str.equals("POST")) {
                    httpURLConnection2.setDoOutput(true);
                    OutputStream outputStream = httpURLConnection2.getOutputStream();
                    Throwable th = null;
                    try {
                        try {
                            byte[] bytes = str3.getBytes(StandardCharsets.UTF_8);
                            outputStream.write(bytes, 0, bytes.length);
                            if (outputStream != null) {
                                if (0 != 0) {
                                    try {
                                        outputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    outputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (outputStream != null) {
                            if (th != null) {
                                try {
                                    outputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                outputStream.close();
                            }
                        }
                        throw th3;
                    }
                }
                httpURLConnection2.connect();
                String str5 = (String) new BufferedReader(new InputStreamReader(httpURLConnection2.getInputStream(), StandardCharsets.UTF_8), 100).lines().collect(Collectors.joining());
                LOG.printHttpResponse(str5);
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
                return str5;
            } catch (Exception e) {
                try {
                    i2 = httpURLConnection.getResponseCode();
                    str4 = e.getMessage() != null ? e.getMessage() : e.toString();
                    if (!isIntermittentFailure(i2)) {
                        LOG.printStackTrace(ExceptionUtils.getStackTrace(e));
                        throw new WebApplicationException(errorResponseWrapper(Response.Status.fromStatusCode(i2) != null ? Response.Status.fromStatusCode(i2) : Response.Status.FORBIDDEN, String.format(Locale.ROOT, "{ \"error\": \"Couldn't acquire access token from IMDS, cause: %s ,Azure response code: %s\" }", str4, Integer.valueOf(i2))));
                    }
                    int intValue = retrySlots.get(RANDOM.nextInt(i)).intValue() * 1000;
                    int i3 = (i2 != 410 || intValue >= imdsUpgradeTimeInMs) ? intValue : imdsUpgradeTimeInMs;
                    i++;
                    if (i > maxRetry) {
                        if (0 != 0) {
                            httpURLConnection.disconnect();
                        }
                        if (400 > i2 || 499 < i2) {
                            throw new WebApplicationException(errorResponseWrapper(Response.Status.fromStatusCode(i2) != null ? Response.Status.fromStatusCode(i2) : Response.Status.FORBIDDEN, String.format(Locale.ROOT, "{ \"error\": \"MSI: Failed to acquire tokens after retrying %s times. Azure response code: %s\" }", Integer.valueOf(maxRetry), Integer.valueOf(i2))));
                        }
                        throw new WebApplicationException(errorResponseWrapper(Response.Status.FORBIDDEN, String.format(Locale.ROOT, "{ \"error\": \"Couldn't acquire access token from IMDS, cause: %s ,Azure response code: %s\" }", str4, Integer.valueOf(i2))));
                    }
                    Thread.sleep(i3);
                    if (0 != 0) {
                        httpURLConnection.disconnect();
                    }
                } catch (Throwable th5) {
                    if (0 != 0) {
                        httpURLConnection.disconnect();
                    }
                    throw th5;
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Response errorResponseWrapper(Response.Status status, String str) {
        return Response.serverError().status(status).entity(str).build();
    }

    /* JADX WARN: Code restructure failed: missing block: B:112:0x00e4, code lost:
    
        r0 = r0.toString();
     */
    /* JADX WARN: Code restructure failed: missing block: B:113:0x00ed, code lost:
    
        if (r0 == null) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:115:0x00f2, code lost:
    
        if (0 == 0) goto L29;
     */
    /* JADX WARN: Code restructure failed: missing block: B:116:0x0109, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:118:0x00f5, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:120:0x00fd, code lost:
    
        r25 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:121:0x00ff, code lost:
    
        r0.addSuppressed(r25);
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x01ac, code lost:
    
        if (r0 == null) goto L66;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x01b1, code lost:
    
        if (0 == 0) goto L65;
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x01c8, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x01b4, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x01bc, code lost:
    
        r25 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x01be, code lost:
    
        r0.addSuppressed(r25);
     */
    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:134:0x013a  */
    /* JADX WARN: Removed duplicated region for block: B:95:0x01f9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String httpPatchRequest(java.lang.String r8, java.util.Map<java.lang.String, java.lang.String> r9, java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 1008
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.knox.gateway.service.idbroker.azure.KnoxMSICredentials.httpPatchRequest(java.lang.String, java.util.Map, java.lang.String):java.lang.String");
    }

    private Response prepareErrorResponse(int i, String str) {
        return errorResponseWrapper(Response.Status.fromStatusCode(i) != null ? Response.Status.fromStatusCode(i) : Response.Status.FORBIDDEN, str);
    }

    private boolean isIntermittentFailure(int i) {
        return i == 410 || i == 429 || i == 404 || (i >= 500 && i <= 599);
    }
}
