package org.apache.hadoop.fs.azurebfs.oauth2;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Hashtable;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.fs.azurebfs.AbfsConfiguration;
import org.apache.hadoop.fs.azurebfs.constants.AbfsHttpConstants;
import org.apache.hadoop.fs.azurebfs.constants.FileSystemConfigurations;
import org.apache.hadoop.fs.azurebfs.constants.HttpHeaderConfigurations;
import org.apache.hadoop.fs.azurebfs.constants.HttpQueryParams;
import org.apache.hadoop.fs.azurebfs.services.AbfsIoUtils;
import org.apache.hadoop.fs.azurebfs.services.ExponentialRetryPolicy;
import org.apache.hadoop.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator.class */
public final class AzureADAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(AzureADAuthenticator.class);
    private static final String RESOURCE_NAME = "https://storage.azure.com/";
    private static final String SCOPE = "https://storage.azure.com/.default";
    private static final String JWT_BEARER_ASSERTION = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private static final String CLIENT_CREDENTIALS = "client_credentials";
    private static final String OAUTH_VERSION_2_0 = "/oauth2/v2.0/";
    private static final int CONNECT_TIMEOUT = 30000;
    private static final int READ_TIMEOUT = 30000;
    private static ExponentialRetryPolicy tokenFetchRetryPolicy;

    @InterfaceAudience.LimitedPrivate({"authorization-subsystems"})
    @InterfaceStability.Unstable
    /* loaded from: input_file:org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator$HttpException.class */
    public static class HttpException extends IOException {
        private final int httpErrorCode;
        private final String requestId;
        private final String url;
        private final String contentType;
        private final String body;

        public int getHttpErrorCode() {
            return this.httpErrorCode;
        }

        public String getRequestId() {
            return this.requestId;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public HttpException(int i, String str, String str2, String str3, String str4, String str5) {
            super(str2);
            this.httpErrorCode = i;
            this.requestId = str;
            this.url = str3;
            this.contentType = str4;
            this.body = str5;
        }

        public String getUrl() {
            return this.url;
        }

        public String getContentType() {
            return this.contentType;
        }

        public String getBody() {
            return this.body;
        }

        @Override // java.lang.Throwable
        public String getMessage() {
            StringBuilder sb = new StringBuilder();
            sb.append("HTTP Error ");
            sb.append(this.httpErrorCode);
            if (!this.url.isEmpty()) {
                sb.append("; url='").append(this.url).append('\'').append(' ');
            }
            sb.append(super.getMessage());
            if (!this.requestId.isEmpty()) {
                sb.append("; requestId='").append(this.requestId).append('\'');
            }
            if (!this.contentType.isEmpty()) {
                sb.append("; contentType='").append(this.contentType).append('\'');
            }
            if (!this.body.isEmpty()) {
                sb.append("; response '").append(this.body).append('\'');
            }
            return sb.toString();
        }
    }

    /* loaded from: input_file:org/apache/hadoop/fs/azurebfs/oauth2/AzureADAuthenticator$UnexpectedResponseException.class */
    public static class UnexpectedResponseException extends HttpException {
        public UnexpectedResponseException(int i, String str, String str2, String str3, String str4, String str5) {
            super(i, str, str2, str3, str4, str5);
        }
    }

    private AzureADAuthenticator() {
    }

    public static void init(AbfsConfiguration abfsConfiguration) {
        tokenFetchRetryPolicy = abfsConfiguration.getOauthTokenFetchRetryPolicy();
    }

    public static AzureADToken getTokenUsingClientCreds(String str, String str2, String str3) throws IOException {
        Preconditions.checkNotNull(str, "authEndpoint");
        Preconditions.checkNotNull(str2, "clientId");
        Preconditions.checkNotNull(str3, "clientSecret");
        QueryParams queryParams = new QueryParams();
        if (isVersion2AuthenticationEndpoint(str)) {
            queryParams.add("scope", SCOPE);
        } else {
            queryParams.add(HttpQueryParams.QUERY_PARAM_RESOURCE, RESOURCE_NAME);
        }
        queryParams.add("grant_type", CLIENT_CREDENTIALS);
        queryParams.add("client_id", str2);
        queryParams.add("client_secret", str3);
        LOG.debug("AADToken: starting to fetch token using client creds for client ID " + str2);
        return getTokenCall(str, queryParams.serialize(), null, null);
    }

    public static AzureADToken getTokenUsingJWTAssertion(String str, String str2, String str3) throws IOException {
        Preconditions.checkNotNull(str, "authEndpoint");
        Preconditions.checkNotNull(str2, "clientId");
        Preconditions.checkNotNull(str3, "clientAssertion");
        QueryParams queryParams = new QueryParams();
        if (isVersion2AuthenticationEndpoint(str)) {
            queryParams.add("scope", SCOPE);
        } else {
            queryParams.add(HttpQueryParams.QUERY_PARAM_RESOURCE, RESOURCE_NAME);
        }
        queryParams.add("grant_type", CLIENT_CREDENTIALS);
        queryParams.add("client_id", str2);
        queryParams.add("client_assertion", str3);
        queryParams.add("client_assertion_type", JWT_BEARER_ASSERTION);
        LOG.debug("AADToken: starting to fetch token using client assertion for client ID " + str2);
        return getTokenCall(str, queryParams.serialize(), null, AbfsHttpConstants.HTTP_METHOD_POST);
    }

    public static AzureADToken getTokenFromMsi(String str, String str2, String str3, String str4, boolean z) throws IOException {
        QueryParams queryParams = new QueryParams();
        queryParams.add("api-version", "2018-02-01");
        queryParams.add(HttpQueryParams.QUERY_PARAM_RESOURCE, RESOURCE_NAME);
        if (str2 != null && str2.length() > 0) {
            String str5 = str4 + str2;
            LOG.debug("MSI authority : {}", str5);
            queryParams.add("authority", str5);
        }
        if (str3 != null && str3.length() > 0) {
            queryParams.add("client_id", str3);
        }
        if (z) {
            queryParams.add("bypass_cache", AbfsHttpConstants.TRUE);
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("Metadata", AbfsHttpConstants.TRUE);
        LOG.debug("AADToken: starting to fetch token using MSI");
        return getTokenCall(str, queryParams.serialize(), hashtable, AbfsHttpConstants.HTTP_METHOD_GET, true);
    }

    public static AzureADToken getTokenUsingRefreshToken(String str, String str2, String str3) throws IOException {
        QueryParams queryParams = new QueryParams();
        queryParams.add("grant_type", "refresh_token");
        queryParams.add("refresh_token", str3);
        if (str2 != null) {
            queryParams.add("client_id", str2);
        }
        LOG.debug("AADToken: starting to fetch token using refresh token for client ID " + str2);
        return getTokenCall(str, queryParams.serialize(), null, null);
    }

    private static AzureADToken getTokenCall(String str, String str2, Hashtable<String, String> hashtable, String str3) throws IOException {
        return getTokenCall(str, str2, hashtable, str3, false);
    }

    private static AzureADToken getTokenCall(String str, String str2, Hashtable<String, String> hashtable, String str3, boolean z) throws IOException {
        HttpException httpException;
        boolean z2;
        boolean z3;
        AzureADToken azureADToken = null;
        boolean z4 = true;
        int i = 0;
        LOG.trace("First execution of REST operation getTokenSingleCall");
        do {
            int i2 = 0;
            httpException = null;
            try {
                azureADToken = getTokenSingleCall(str, str2, hashtable, str3, z);
            } catch (HttpException e) {
                i2 = e.httpErrorCode;
                httpException = e;
            } catch (IOException e2) {
                i2 = -1;
                z4 = isRecoverableFailure(e2);
                httpException = new HttpException(-1, "", String.format("AzureADAuthenticator.getTokenCall threw %s : %s", e2.getClass().getTypeName(), e2.getMessage()), str, "", "");
            }
            z2 = i2 == 0 && httpException == null;
            z3 = !z2 && z4 && tokenFetchRetryPolicy.shouldRetry(i, i2);
            i++;
            if (z3) {
                LOG.debug("Retrying getTokenSingleCall. RetryCount = {}", Integer.valueOf(i));
                try {
                    Thread.sleep(tokenFetchRetryPolicy.getRetryInterval(i));
                } catch (InterruptedException e3) {
                    Thread.currentThread().interrupt();
                }
            }
        } while (z3);
        if (z2) {
            return azureADToken;
        }
        throw httpException;
    }

    private static boolean isRecoverableFailure(IOException iOException) {
        return ((iOException instanceof MalformedURLException) || (iOException instanceof FileNotFoundException)) ? false : true;
    }

    private static AzureADToken getTokenSingleCall(String str, String str2, Hashtable<String, String> hashtable, String str3, boolean z) throws IOException {
        HttpURLConnection httpURLConnection = null;
        String str4 = str;
        String str5 = str3 == null ? AbfsHttpConstants.HTTP_METHOD_POST : str3;
        if (str5.equals(AbfsHttpConstants.HTTP_METHOD_GET)) {
            str4 = str4 + AbfsHttpConstants.QUESTION_MARK + str2;
        }
        try {
            LOG.debug("Requesting an OAuth token by {} to {}", str5, str);
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str4).openConnection();
            httpURLConnection2.setRequestMethod(str5);
            httpURLConnection2.setReadTimeout(30000);
            httpURLConnection2.setConnectTimeout(30000);
            if (hashtable != null && hashtable.size() > 0) {
                for (Map.Entry<String, String> entry : hashtable.entrySet()) {
                    httpURLConnection2.setRequestProperty(entry.getKey(), entry.getValue());
                }
            }
            httpURLConnection2.setRequestProperty("Connection", HttpQueryParams.QUERY_PARAM_CLOSE);
            AbfsIoUtils.dumpHeadersToDebugLog("Request Headers", httpURLConnection2.getRequestProperties());
            if (str5.equals(AbfsHttpConstants.HTTP_METHOD_POST)) {
                httpURLConnection2.setDoOutput(true);
                httpURLConnection2.getOutputStream().write(str2.getBytes(StandardCharsets.UTF_8));
            }
            int responseCode = httpURLConnection2.getResponseCode();
            LOG.debug("Response {}", Integer.valueOf(responseCode));
            AbfsIoUtils.dumpHeadersToDebugLog("Response Headers", httpURLConnection2.getHeaderFields());
            String headerField = httpURLConnection2.getHeaderField(HttpHeaderConfigurations.X_MS_REQUEST_ID);
            String headerField2 = httpURLConnection2.getHeaderField(HttpHeaderConfigurations.CONTENT_TYPE);
            long headerFieldLong = httpURLConnection2.getHeaderFieldLong(HttpHeaderConfigurations.CONTENT_LENGTH, 0L);
            String str6 = headerField == null ? "" : headerField;
            if (responseCode == 200 && headerField2.startsWith(AbfsHttpConstants.APPLICATION_JSON) && headerFieldLong > 0) {
                AzureADToken parseTokenFromStream = parseTokenFromStream(httpURLConnection2.getInputStream(), z);
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
                return parseTokenFromStream;
            }
            InputStream errorStream = httpURLConnection2.getErrorStream();
            if (errorStream == null) {
                errorStream = httpURLConnection2.getInputStream();
            }
            String consumeInputStream = consumeInputStream(errorStream, FileSystemConfigurations.ONE_KB);
            String property = System.getProperty("http.proxy");
            String property2 = System.getProperty("https.proxy");
            String str7 = (property == null && property2 == null) ? "none" : "http:" + property + "; https:" + property2;
            String str8 = "AADToken: HTTP connection to " + str + " failed for getting token from AzureAD.";
            LOG.debug(str8 + " HTTP response: " + responseCode + AbfsHttpConstants.SINGLE_WHITE_SPACE + httpURLConnection2.getResponseMessage() + " Proxies: " + str7 + (consumeInputStream.isEmpty() ? "" : "\nFirst 1K of Body: " + consumeInputStream));
            if (responseCode == 200) {
                throw new UnexpectedResponseException(responseCode, str6, str8 + " Unexpected response. Check configuration, URLs and proxy settings. proxies=" + str7, str, headerField2, consumeInputStream);
            }
            throw new HttpException(responseCode, str6, str8, str, headerField2, consumeInputStream);
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private static AzureADToken parseTokenFromStream(InputStream inputStream, boolean z) throws IOException {
        AzureADToken azureADToken = new AzureADToken();
        try {
            try {
                int i = 0;
                long j = -1;
                JsonParser createParser = new JsonFactory().createParser(inputStream);
                createParser.nextToken();
                while (createParser.hasCurrentToken()) {
                    if (createParser.getCurrentToken() == JsonToken.FIELD_NAME) {
                        String currentName = createParser.getCurrentName();
                        createParser.nextToken();
                        String text = createParser.getText();
                        if (currentName.equals("access_token")) {
                            azureADToken.setAccessToken(text);
                        }
                        if (currentName.equals("expires_in")) {
                            i = Integer.parseInt(text);
                        }
                        if (currentName.equals("expires_on")) {
                            j = Long.parseLong(text);
                        }
                    }
                    createParser.nextToken();
                }
                createParser.close();
                if (j > 0) {
                    LOG.debug("Expiry based on expires_on: {}", Long.valueOf(j));
                    azureADToken.setExpiry(new Date(j * 1000));
                } else {
                    if (z) {
                        throw new UnsupportedOperationException("MSI Responded with invalid expires_on");
                    }
                    LOG.debug("Expiry based on expires_in: {}", Integer.valueOf(i));
                    azureADToken.setExpiry(new Date(System.currentTimeMillis() + (i * 1000)));
                }
                LOG.debug("AADToken: fetched token with expiry {}, expiresOn passed: {}", azureADToken.getExpiry().toString(), Long.valueOf(j));
                inputStream.close();
                return azureADToken;
            } catch (Exception e) {
                LOG.debug("AADToken: got exception when parsing json token " + e.toString());
                throw e;
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private static String consumeInputStream(InputStream inputStream, int i) throws IOException {
        if (inputStream == null) {
            return "";
        }
        byte[] bArr = new byte[i];
        int i2 = 0;
        do {
            int read = inputStream.read(bArr, i2, i - i2);
            if (read > 0) {
                i2 += read;
            }
            if (read < 0) {
                break;
            }
        } while (i2 < i);
        return new String(bArr, 0, i2, StandardCharsets.UTF_8);
    }

    private static boolean isVersion2AuthenticationEndpoint(String str) {
        return str.contains(OAUTH_VERSION_2_0);
    }
}
