package co.cask.cdap.security.authentication.client;

import co.cask.common.http.HttpRequest;
import co.cask.common.http.HttpRequestConfig;
import co.cask.common.http.HttpRequests;
import co.cask.common.http.HttpResponse;
import co.cask.common.http.ObjectResponse;
import co.cask.common.http.exception.HttpFailureException;
import com.google.common.base.Throwables;
import com.google.common.collect.Multimap;
import com.google.common.reflect.TypeToken;
import java.io.IOException;
import java.net.URI;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/authentication/client/AbstractAuthenticationClient.class */
public abstract class AbstractAuthenticationClient implements AuthenticationClient {
    private static final String AUTH_URI_KEY = "auth_uri";
    private static final String HTTP_PROTOCOL = "http";
    private static final String HTTPS_PROTOCOL = "https";
    private static final String ACCESS_TOKEN_KEY = "access_token";
    private static final String EXPIRES_IN_KEY = "expires_in";
    private static final String TOKEN_TYPE_KEY = "token_type";
    private static final long SPARE_TIME_IN_MILLIS = 5000;
    private long expirationTime;
    private AccessToken accessToken;
    private URI pingURI;
    private URI authURI;
    private Boolean authEnabled;
    private boolean verifySSLCert;
    private static final Logger LOG = LoggerFactory.getLogger(AbstractAuthenticationClient.class);
    private static final Random RANDOM = new Random();
    private static final TypeToken<Map<String, String>> ACCESS_TOKEN_RESPONSE_TYPE_TOKEN = new TypeToken<Map<String, String>>() { // from class: co.cask.cdap.security.authentication.client.AbstractAuthenticationClient.1
    };
    private static final TypeToken<Map<String, List<String>>> AUTH_URL_RESPONSE_TYPE_TOKEN = new TypeToken<Map<String, List<String>>>() { // from class: co.cask.cdap.security.authentication.client.AbstractAuthenticationClient.2
    };

    protected abstract Multimap<String, String> getAuthenticationHeaders();

    @Override // co.cask.cdap.security.authentication.client.AuthenticationClient
    public void invalidateToken() {
        this.accessToken = null;
    }

    @Override // co.cask.cdap.security.authentication.client.AuthenticationClient
    public boolean isAuthEnabled() throws IOException {
        if (this.authEnabled == null) {
            String fetchAuthURI = fetchAuthURI();
            this.authEnabled = Boolean.valueOf(StringUtils.isNotEmpty(fetchAuthURI));
            if (this.authEnabled.booleanValue()) {
                this.authURI = URI.create(fetchAuthURI);
            }
        }
        return this.authEnabled.booleanValue();
    }

    @Override // co.cask.cdap.security.authentication.client.AuthenticationClient
    public void setConnectionInfo(String str, int i, boolean z) {
        if (this.pingURI != null) {
            throw new IllegalStateException("Connection info is already configured!");
        }
        Object[] objArr = new Object[3];
        objArr[0] = z ? HTTPS_PROTOCOL : HTTP_PROTOCOL;
        objArr[1] = str;
        objArr[2] = Integer.valueOf(i);
        this.pingURI = URI.create(String.format("%s://%s:%d/ping", objArr));
    }

    @Override // co.cask.cdap.security.authentication.client.AuthenticationClient
    public AccessToken getAccessToken() throws IOException {
        if (!isAuthEnabled()) {
            return null;
        }
        if (this.accessToken == null || isTokenExpired()) {
            long currentTimeMillis = System.currentTimeMillis();
            this.accessToken = fetchAccessToken();
            this.expirationTime = (currentTimeMillis + TimeUnit.SECONDS.toMillis(this.accessToken.getExpiresIn().longValue())) - SPARE_TIME_IN_MILLIS;
            LOG.debug("Received the access token successfully. Expiration date is {}.", new Date(this.expirationTime));
        }
        return this.accessToken;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public AccessToken m1get() {
        try {
            return getAccessToken();
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    protected URI getAuthURI() {
        return this.authURI;
    }

    public boolean isVerifySSLCert() {
        return this.verifySSLCert;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setVerifySSLCert(boolean z) {
        this.verifySSLCert = z;
    }

    private boolean isTokenExpired() {
        return this.expirationTime < System.currentTimeMillis();
    }

    private String fetchAuthURI() throws IOException {
        if (this.pingURI == null) {
            throw new IllegalStateException("Connection information not set!");
        }
        LOG.debug("Try to get the authentication URI from the gateway server: {}.", this.pingURI);
        HttpResponse execute = HttpRequests.execute(HttpRequest.get(this.pingURI.toURL()).build(), getHttpRequestConfig());
        LOG.debug("Got response {} - {} from {}", new Object[]{Integer.valueOf(execute.getResponseCode()), execute.getResponseMessage(), this.pingURI});
        if (execute.getResponseCode() != 401) {
            return "";
        }
        Map map = (Map) ObjectResponse.fromJsonBody(execute, AUTH_URL_RESPONSE_TYPE_TOKEN).getResponseObject();
        LOG.debug("Response map from gateway server: {}", map);
        List list = (List) map.get(AUTH_URI_KEY);
        if (list == null || list.isEmpty()) {
            throw new IOException("Authentication servers list is empty.");
        }
        return (String) list.get(RANDOM.nextInt(list.size()));
    }

    private AccessToken execute(HttpRequest httpRequest) throws IOException {
        HttpResponse execute = HttpRequests.execute(httpRequest, getHttpRequestConfig());
        LOG.debug("Got response {} - {} from {}", new Object[]{Integer.valueOf(execute.getResponseCode()), execute.getResponseMessage(), this.pingURI});
        if (execute.getResponseCode() != 200) {
            throw new HttpFailureException(execute.getResponseMessage(), execute.getResponseCode());
        }
        Map map = (Map) ObjectResponse.fromJsonBody(execute, ACCESS_TOKEN_RESPONSE_TYPE_TOKEN).getResponseObject();
        String str = (String) map.get(ACCESS_TOKEN_KEY);
        String str2 = (String) map.get(TOKEN_TYPE_KEY);
        String str3 = (String) map.get(EXPIRES_IN_KEY);
        LOG.debug("Response map from auth server: {}", map);
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || StringUtils.isEmpty(str3)) {
            throw new IOException("Unexpected response was received from the authentication server.");
        }
        return new AccessToken(str, Long.valueOf(str3), str2);
    }

    private AccessToken fetchAccessToken() throws IOException {
        LOG.debug("Authentication is enabled in the gateway server. Authentication URI {}.", getAuthURI());
        return execute(HttpRequest.get(getAuthURI().toURL()).addHeaders(getAuthenticationHeaders()).build());
    }

    private HttpRequestConfig getHttpRequestConfig() {
        return new HttpRequestConfig(0, 0, isVerifySSLCert());
    }
}
