package monasca.common.middleware;

import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.ConnectException;
import java.net.URI;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
import javax.ws.rs.core.MediaType;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.ClientCookie;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:monasca/common/middleware/HttpAuthClient.class */
public class HttpAuthClient implements AuthClient {
    private static final String PASSWORD = "password";
    private static final String SERVICE_IDS_PARAM = "serviceIds";
    private static final String ENDPOINT_IDS_PARAM = "endpointIds";
    private static final int DELTA_TIME_IN_SEC = 30;
    private final Config appConfig = Config.getInstance();
    private HttpClient client;
    private String adminToken;
    private String adminTokenExpiry;
    private URI uri;
    private static final Logger logger = LoggerFactory.getLogger(HttpAuthClient.class);
    private static SimpleDateFormat expiryFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");

    public HttpAuthClient(HttpClient httpClient, URI uri) {
        this.client = httpClient;
        this.uri = uri;
    }

    @Override // monasca.common.middleware.AuthClient
    public Object validateTokenForServiceEndpointV2(String str, String str2, String str3, boolean z) throws ClientProtocolException {
        return verifyUUIDToken(str, this.uri.toString() + "/v2.0/tokens/" + str, null, str2, str3);
    }

    @Override // monasca.common.middleware.AuthClient
    public Object validateTokenForServiceEndpointV3(String str, Map<String, String> map) throws ClientProtocolException {
        String str2 = this.uri.toString() + "/v3/auth/tokens/";
        Header[] headerArr = {new BasicHeader(AuthConstants.AUTH_SUBJECT_TOKEN, str)};
        String str3 = null;
        String str4 = null;
        if (map.containsKey(SERVICE_IDS_PARAM)) {
            str3 = map.get(SERVICE_IDS_PARAM);
        }
        if (map.containsKey(ENDPOINT_IDS_PARAM)) {
            str4 = map.get(ENDPOINT_IDS_PARAM);
        }
        return verifyUUIDToken(str, str2, headerArr, str3, str4);
    }

    private Object verifyUUIDToken(String str, String str2, Header[] headerArr, String str3, String str4) throws ClientProtocolException {
        HttpResponse sendGet = sendGet(str2, headerArr, str3, str4);
        HttpEntity entity = sendGet.getEntity();
        int statusCode = sendGet.getStatusLine().getStatusCode();
        try {
            if (statusCode == 404) {
                entity.getContent().close();
                throw new AuthException("Authorization failed for user token: " + str);
            }
            if (statusCode == 200) {
                return parseResponse(sendGet);
            }
            this.adminToken = null;
            entity.getContent().close();
            throw new AuthException("Failed to validate via HTTP " + statusCode + " " + sendGet.getStatusLine().getReasonPhrase());
        } catch (IOException e) {
            throw new ClientProtocolException("IO Exception: problem closing stream ", e);
        }
    }

    private HttpResponse sendPost(String str, StringEntity stringEntity) throws ClientProtocolException {
        HttpPost httpPost = new HttpPost(str);
        httpPost.setHeader("Accept", MediaType.APPLICATION_JSON);
        httpPost.setHeader("Content-Type", MediaType.APPLICATION_JSON);
        try {
            httpPost.setEntity(stringEntity);
            HttpResponse execute = this.client.execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode == 201 || statusCode == 200 || statusCode == 203) {
                return execute;
            }
            this.adminToken = null;
            throw new AdminAuthException("Failed to authenticate admin credentials " + statusCode + execute.getStatusLine().getReasonPhrase());
        } catch (IOException e) {
            String message = (e.getMessage() != null || e.getCause() == null) ? e.getMessage() : e.getCause().getMessage();
            logger.error("Failure authenticating adminUser: {}", message);
            httpPost.abort();
            throw new AdminAuthException("Failure authenticating adminUser :" + message, e);
        }
    }

    private HttpResponse sendGet(String str, Header[] headerArr, String str2, String str3) throws ClientProtocolException {
        boolean z = false;
        if (str2 != null && !str2.isEmpty()) {
            str = str + "?HP-IDM-serviceId=" + str2;
            z = true;
        }
        if (str3 != null && !str3.isEmpty()) {
            str = str + (z ? "&HP-IDM-endpointTemplateId=" + str3 : "?HP-IDM-endpointTemplateId=" + str3);
        }
        HttpGet httpGet = new HttpGet(str);
        httpGet.setHeader("Accept", MediaType.APPLICATION_JSON);
        httpGet.setHeader("Content-Type", MediaType.APPLICATION_JSON);
        if (headerArr != null) {
            for (Header header : headerArr) {
                httpGet.setHeader(header);
            }
        }
        if (!this.appConfig.getAdminToken().isEmpty()) {
            httpGet.setHeader(new BasicHeader(AuthConstants.TOKEN, this.appConfig.getAdminToken()));
        } else if (!this.appConfig.getAdminAuthMethod().isEmpty()) {
            httpGet.setHeader(new BasicHeader(AuthConstants.TOKEN, getAdminToken()));
        }
        try {
            return this.client.execute(httpGet);
        } catch (ConnectException e) {
            httpGet.abort();
            throw new ServiceUnavailableException(e.getMessage());
        } catch (IOException e2) {
            httpGet.abort();
            throw new ClientProtocolException("IO Exception during GET request ", e2);
        }
    }

    private String parseResponse(HttpResponse httpResponse) {
        StringBuffer stringBuffer = new StringBuffer();
        HttpEntity entity = httpResponse.getEntity();
        if (entity != null) {
            try {
                InputStream content = entity.getContent();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(content));
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    stringBuffer.append(readLine);
                }
                content.close();
                bufferedReader.close();
            } catch (Exception e) {
                throw new AuthException("Failed to parse Http Response ", e);
            }
        }
        return stringBuffer.toString();
    }

    private String getAdminToken() throws ClientProtocolException {
        JsonParser jsonParser = new JsonParser();
        if (this.adminTokenExpiry != null && isExpired(this.adminTokenExpiry)) {
            this.adminToken = null;
        }
        if (this.adminToken == null) {
            if (this.appConfig.getAuthVersion().equalsIgnoreCase("v2.0")) {
                JsonObject asJsonObject = jsonParser.parse(parseResponse(sendPost(this.uri + "/v2.0/tokens", getUnscopedV2AdminTokenRequest()))).getAsJsonObject().get("access").getAsJsonObject().get("token").getAsJsonObject();
                this.adminToken = asJsonObject.get("id").getAsString();
                this.adminTokenExpiry = asJsonObject.get(ClientCookie.EXPIRES_ATTR).getAsString();
            } else {
                HttpResponse sendPost = sendPost(this.uri + "/v3/auth/tokens", getUnscopedV3AdminTokenRequest());
                this.adminToken = sendPost.getFirstHeader(AuthConstants.AUTH_SUBJECT_TOKEN).getValue();
                this.adminTokenExpiry = jsonParser.parse(parseResponse(sendPost)).getAsJsonObject().get("token").getAsJsonObject().get("expires_at").getAsString();
            }
        }
        return this.adminToken;
    }

    private StringEntity getUnscopedV2AdminTokenRequest() {
        StringBuffer stringBuffer = new StringBuffer();
        if (!this.appConfig.getAdminAuthMethod().equalsIgnoreCase("password")) {
            throw new AdminAuthException(String.format("Admin auth method %s not supported", this.appConfig.getAdminAuthMethod()));
        }
        stringBuffer.append("{\"auth\": {\"passwordCredentials\": {\"username\": \"");
        stringBuffer.append(this.appConfig.getAdminUser());
        stringBuffer.append("\",\"password\": \"");
        stringBuffer.append(this.appConfig.getAdminPassword());
        if (this.appConfig.getAdminProject() == null || this.appConfig.getAdminProject().isEmpty()) {
            stringBuffer.append("\"}}}");
        } else {
            stringBuffer.append("\"}, \"tenantId\": \"");
            stringBuffer.append(this.appConfig.getAdminProject());
            stringBuffer.append("\"}}");
        }
        try {
            return new StringEntity(stringBuffer.toString());
        } catch (UnsupportedEncodingException e) {
            throw new AdminAuthException("Invalid V2 authentication request " + e);
        }
    }

    private String buildAuth(String str, String str2) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("id", "default");
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.addProperty("name", str);
        jsonObject2.addProperty("password", str2);
        jsonObject2.add(ClientCookie.DOMAIN_ATTR, jsonObject);
        JsonArray jsonArray = new JsonArray();
        JsonObject jsonObject3 = new JsonObject();
        jsonObject3.add("user", jsonObject2);
        jsonArray.add(new JsonPrimitive("password"));
        JsonObject jsonObject4 = new JsonObject();
        jsonObject4.add("methods", jsonArray);
        jsonObject4.add("password", jsonObject3);
        JsonObject jsonObject5 = new JsonObject();
        jsonObject5.add("identity", jsonObject4);
        JsonObject jsonObject6 = new JsonObject();
        jsonObject6.add("auth", jsonObject5);
        return jsonObject6.toString();
    }

    private StringEntity getUnscopedV3AdminTokenRequest() {
        if (!this.appConfig.getAdminAuthMethod().equalsIgnoreCase("password")) {
            throw new AdminAuthException(String.format("Admin auth method %s not supported", this.appConfig.getAdminAuthMethod()));
        }
        try {
            return new StringEntity(buildAuth(this.appConfig.getAdminUser(), this.appConfig.getAdminPassword()));
        } catch (UnsupportedEncodingException e) {
            throw new AdminAuthException("Invalid V3 authentication request " + e);
        }
    }

    private boolean isExpired(String str) {
        try {
            return expiryFormat.parse(str.replaceAll("\\.[\\d]+Z", "Z")).getTime() < new Date().getTime() + 30000;
        } catch (ParseException e) {
            logger.warn("Failure parsing Admin Token expiration date: {}", e.getMessage());
            return true;
        }
    }

    public void reset() {
    }

    static {
        expiryFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
    }
}
