package com.qcloud.cos.auth;

import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.qcloud.cos.exception.CosClientException;
import com.qcloud.cos.utils.DateUtils;
import com.qcloud.cos.utils.Jackson;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/qcloud/cos/auth/CPMCredentialsFetcher.class */
public class CPMCredentialsFetcher {
    private static final Logger LOG = LoggerFactory.getLogger(CPMCredentialsFetcher.class);
    private static final int REFRESH_THRESHOLD = 3600000;
    private static final int EXPIRATION_THRESHOLD = 600000;
    private static final String SECRET_ID = "TmpSecretId";
    private static final String SECRET_KEY = "TmpSecretKey";
    private static final String TOKEN = "Token";
    private static final String EXPIRATION = "Expiration";
    private volatile COSCredentials cosCredentials;
    private volatile Date credentialExpiration;
    private volatile Date lastInstanceProfileCheck;
    private CredentialsEndpointProvider credentialsEndpointProvider;

    public CPMCredentialsFetcher(CredentialsEndpointProvider credentialsEndpointProvider) {
        if (null == credentialsEndpointProvider) {
            handleError("The credentials endpoint provider can not be null.", null);
        }
        this.credentialsEndpointProvider = credentialsEndpointProvider;
    }

    public COSCredentials getCredentials() {
        if (needsToLoadCredentials()) {
            fetchCredentials();
        }
        if (expired()) {
            throw new CosClientException("The credentials received have been expired");
        }
        return this.cosCredentials;
    }

    protected boolean needsToLoadCredentials() {
        if (null == this.cosCredentials) {
            return true;
        }
        if (null != this.credentialExpiration && isWithinExpirationThreshold()) {
            return true;
        }
        if (null != this.lastInstanceProfileCheck) {
            return isPastRefreshThreshold();
        }
        return false;
    }

    private synchronized void fetchCredentials() {
        if (needsToLoadCredentials()) {
            try {
                this.lastInstanceProfileCheck = new Date();
                JsonNode jsonNode = (JsonNode) Jackson.fromSensitiveJsonString(InstanceCredentialsUtils.getInstance().readResource(this.credentialsEndpointProvider.getCredentialsEndpoint(), this.credentialsEndpointProvider.getRetryPolicy(), this.credentialsEndpointProvider.getHeaders()), JsonNode.class);
                JsonNode jsonNode2 = jsonNode.get(SECRET_ID);
                JsonNode jsonNode3 = jsonNode.get(SECRET_KEY);
                JsonNode jsonNode4 = jsonNode.get(TOKEN);
                if (null == jsonNode2 || null == jsonNode3) {
                    throw new CosClientException("Unable to load credentials");
                }
                if (null != jsonNode4) {
                    this.cosCredentials = new BasicSessionCredentials(jsonNode2.asText(), jsonNode3.asText(), jsonNode4.asText());
                } else {
                    this.cosCredentials = new BasicCOSCredentials(jsonNode2.asText(), jsonNode3.asText());
                }
                JsonNode jsonNode5 = jsonNode.get(EXPIRATION);
                if (null != jsonNode5) {
                    String asText = jsonNode5.asText();
                    try {
                        this.credentialExpiration = DateUtils.parseISO8601Date(asText);
                    } catch (Exception e) {
                        handleError(String.format("Unable to parse the credentials expiration date [%s] from CPM instance.", asText), e);
                    }
                }
            } catch (JsonMappingException e2) {
                handleError("Unable to parse the returned from service endpoint.", e2);
            } catch (IOException e3) {
                handleError("Unable to load the credentials from service endpoint.", e3);
            } catch (URISyntaxException e4) {
                handleError("Unable to load the credentials from service endpoint.", e4);
            }
        }
    }

    public void refresh() {
        this.cosCredentials = null;
    }

    private boolean expired() {
        return null != this.credentialExpiration && this.credentialExpiration.getTime() < System.currentTimeMillis();
    }

    private boolean isWithinExpirationThreshold() {
        return this.credentialExpiration.getTime() - System.currentTimeMillis() < 600000;
    }

    private boolean isPastRefreshThreshold() {
        return System.currentTimeMillis() - this.lastInstanceProfileCheck.getTime() > 3600000;
    }

    private void handleError(String str, Exception exc) {
        if (null != this.cosCredentials && !expired()) {
            LOG.warn(str, exc);
            return;
        }
        if (null == str && null == exc) {
            return;
        }
        if (null != str && null == exc) {
            throw new CosClientException(str);
        }
        if (null == str && null != exc) {
            throw new CosClientException(exc);
        }
        throw new CosClientException(str, exc);
    }
}
