package com.tencentcloud.dbauth.internal;

import com.tencentcloud.dbauth.model.GenerateAuthenticationTokenRequest;
import com.tencentcloudapi.cam.v20190116.CamClient;
import com.tencentcloudapi.cam.v20190116.CamErrorCode;
import com.tencentcloudapi.cam.v20190116.models.AuthToken;
import com.tencentcloudapi.cam.v20190116.models.BuildDataFlowAuthTokenRequest;
import com.tencentcloudapi.cam.v20190116.models.BuildDataFlowAuthTokenResponse;
import com.tencentcloudapi.common.exception.TencentCloudSDKException;
import com.tencentcloudapi.common.profile.HttpProfile;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Base64;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/tencentcloud/dbauth/internal/Signer.class */
public final class Signer {
    private static final Logger log = LoggerFactory.getLogger(Signer.class);
    private static final TokenCache TOKEN_CACHE = new TokenCache();
    private static final TimerManager TIMER_MANAGER = new TimerManager();
    private static final long TOKEN_UPDATE_INTERVAL = 5000;
    private final GenerateAuthenticationTokenRequest request;
    private final String authKey;
    private boolean isUseInternalEndpoint;

    public Signer(GenerateAuthenticationTokenRequest generateAuthenticationTokenRequest) throws TencentCloudSDKException {
        this.request = generateAuthenticationTokenRequest;
        this.authKey = Base64.getEncoder().encodeToString((generateAuthenticationTokenRequest.region() + Constants.DELIMITER + generateAuthenticationTokenRequest.instanceId() + Constants.DELIMITER + generateAuthenticationTokenRequest.userName() + Constants.DELIMITER + generateAuthenticationTokenRequest.credential().getSecretId()).getBytes());
        if (isEndpointReachable(Constants.CAM_EXTERNAL_ENDPOINT)) {
            return;
        }
        if (!isEndpointReachable(Constants.CAM_INTERNAL_ENDPOINT)) {
            log.error("CAM external and internal endpoints are not reachable");
            throw new TencentCloudSDKException("Failed to request AuthToken, CAM external and internal endpoints are not reachable", "", CamErrorCode.INTERNALERROR.getValue());
        }
        this.isUseInternalEndpoint = true;
        log.info("CAM external endpoint is not reachable, using the internal endpoint");
    }

    private boolean isEndpointReachable(String str) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("https://" + str).openConnection();
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setConnectTimeout(5000);
            httpURLConnection.connect();
            return httpURLConnection.getResponseCode() == 200;
        } catch (IOException e) {
            log.info("Failed to connect to endpoint {} reachability: {}", str, e.getMessage());
            return false;
        } catch (Exception e2) {
            log.info("An unexpected error occurred while checking endpoint {} reachability: {}", str, e2.getMessage());
            return false;
        }
    }

    private static long getDelayForNextTokenUpdate(long j) {
        return Math.min(j, TOKEN_UPDATE_INTERVAL);
    }

    public Token getAuthTokenFromCache() {
        return TOKEN_CACHE.getAuthToken(this.authKey);
    }

    public void buildAuthToken() throws TencentCloudSDKException {
        log.debug("Building authentication token for key");
        try {
            setTokenAndUpdateTask(getAuthToken());
        } catch (TencentCloudSDKException e) {
            if (ErrorCodeMatcher.isUserNotificationRequired(e.getErrorCode())) {
                throw e;
            }
            Token fallback = TOKEN_CACHE.fallback(this.authKey);
            if (fallback == null) {
                throw e;
            }
            log.info("Using the fallback token");
            setTokenAndUpdateTask(fallback);
        }
    }

    private void setTokenAndUpdateTask(Token token) {
        TOKEN_CACHE.setAuthToken(this.authKey, token);
        updateAuthTokenTask(token.getExpires().longValue());
    }

    public Token getAuthToken() throws TencentCloudSDKException {
        BuildDataFlowAuthTokenResponse requestAuthToken = requestAuthToken();
        if (requestAuthToken == null) {
            log.error("Failed to request AuthToken, response is null");
            throw new TencentCloudSDKException("Failed to request AuthToken, response is null", "", CamErrorCode.INTERNALERROR.getValue());
        }
        String requestId = requestAuthToken.getRequestId();
        if (requestAuthToken.getCredentials() == null) {
            log.error("Failed to request AuthToken, tokenResponse is null, requestId: {}", requestId);
            throw new TencentCloudSDKException("Failed to request AuthToken, tokenResponse is null", requestId, CamErrorCode.INTERNALERROR.getValue());
        }
        AuthToken credentials = requestAuthToken.getCredentials();
        try {
            String decryptAuthToken = decryptAuthToken(credentials.getToken());
            if (!StringUtils.isEmpty(decryptAuthToken)) {
                return new Token(decryptAuthToken, Long.valueOf(expiry(credentials.getCurrentTime().longValue(), credentials.getNextRotationTime().longValue())));
            }
            log.error("Failed to decrypt AuthToken, authToken is empty, requestId: {}", requestId);
            throw new TencentCloudSDKException("Failed to decrypt AuthToken, authToken is empty", requestId, CamErrorCode.INTERNALERROR.getValue());
        } catch (Exception e) {
            String str = "Failed to decrypt AuthToken, requestId: " + requestId + ", error: " + e.getMessage();
            log.error(str);
            throw new TencentCloudSDKException(str, requestId, CamErrorCode.INTERNALERROR.getValue());
        }
    }

    private String decryptAuthToken(String str) throws Exception {
        return AuthTokenParser.parseAuthToken(this.request.instanceId(), this.request.region(), this.request.userName(), str).getPassword();
    }

    private long expiry(long j, long j2) {
        return j2 < j ? System.currentTimeMillis() + TOKEN_UPDATE_INTERVAL : System.currentTimeMillis() + (j2 - j);
    }

    private BuildDataFlowAuthTokenResponse requestAuthToken() throws TencentCloudSDKException {
        BuildDataFlowAuthTokenRequest buildDataFlowAuthTokenRequest = new BuildDataFlowAuthTokenRequest();
        buildDataFlowAuthTokenRequest.setResourceId(this.request.instanceId());
        buildDataFlowAuthTokenRequest.setResourceRegion(this.request.region());
        buildDataFlowAuthTokenRequest.setResourceAccount(this.request.userName());
        CamClient camClient = new CamClient(this.request.credential(), this.request.region());
        HttpProfile httpProfile = camClient.getClientProfile().getHttpProfile();
        if (this.isUseInternalEndpoint) {
            httpProfile.setEndpoint(Constants.CAM_INTERNAL_ENDPOINT);
        }
        httpProfile.setWriteTimeout(30);
        httpProfile.setReadTimeout(30);
        TencentCloudSDKException tencentCloudSDKException = null;
        int i = 0;
        while (true) {
            if (i >= 3) {
                break;
            }
            try {
                return camClient.BuildDataFlowAuthToken(buildDataFlowAuthTokenRequest);
            } catch (TencentCloudSDKException e) {
                tencentCloudSDKException = e;
                if (ErrorCodeMatcher.isUserNotificationRequired(e.getErrorCode())) {
                    log.error("Failed to request AuthToken, error: {}", e.toString());
                    throw tencentCloudSDKException;
                }
                log.error("Failed to request AuthToken, Retry to request the token, error: {}", e.toString());
            } catch (Exception e2) {
                log.error("Failed to request AuthToken , error: {}", e2.getMessage());
                tencentCloudSDKException = new TencentCloudSDKException("Failed to request AuthToken, error: " + e2.getMessage(), "", CamErrorCode.INTERNALERROR.getValue());
            }
            i++;
        }
    }

    private void updateAuthTokenTask(long j) {
        long currentTimeMillis = j - System.currentTimeMillis();
        long delayForNextTokenUpdate = getDelayForNextTokenUpdate(currentTimeMillis);
        log.debug("Scheduling next token key update in {} ms, token remaining time: {} ms", Long.valueOf(delayForNextTokenUpdate), Long.valueOf(currentTimeMillis));
        TIMER_MANAGER.saveTimer(this.authKey, delayForNextTokenUpdate, () -> {
            try {
                buildAuthToken();
            } catch (TencentCloudSDKException e) {
                if (ErrorCodeMatcher.isUserNotificationRequired(e.getErrorCode())) {
                    log.error("Failed to update the authentication token", e);
                    TOKEN_CACHE.removeAuthToken(this.authKey);
                } else {
                    log.error("Failed to update the authentication token, Retry to update the token", e);
                    updateAuthTokenTask(System.currentTimeMillis() + TOKEN_UPDATE_INTERVAL);
                }
            }
        });
    }
}
