package com.logicalclocks.hsfs.metadata;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Strings;
import com.logicalclocks.hsfs.FeatureStoreException;
import com.logicalclocks.hsfs.SecretStore;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import javax.net.ssl.SSLContext;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.ssm.SsmClient;
import software.amazon.awssdk.services.ssm.SsmClientBuilder;
import software.amazon.awssdk.services.ssm.model.GetParameterRequest;
import software.amazon.awssdk.services.sts.StsClient;

/* loaded from: input_file:com/logicalclocks/hsfs/metadata/HopsworksExternalClient.class */
public class HopsworksExternalClient implements HopsworksHttpClient {
    protected static final Logger LOGGER = LoggerFactory.getLogger(HopsworksExternalClient.class.getName());
    protected static final String PARAM_NAME_SECRET_STORE = "hopsworks/role/";
    protected static final String PARAM_NAME_PARAMETER_STORE = "/hopsworks/role/";
    protected static final String MATERIAL_PASSWD = "material_passwd";
    protected static final String T_CERTIFICATE = "t_certificate";
    protected static final String K_CERTIFICATE = "k_certificate";
    protected PoolingHttpClientConnectionManager connectionPool;
    protected HttpHost httpHost;
    protected CloseableHttpClient httpClient;
    protected String apiKey;
    protected String trustStorePath;
    protected String keyStorePath;
    protected String certKey;

    public HopsworksExternalClient(CloseableHttpClient closeableHttpClient, HttpHost httpHost) {
        this.connectionPool = null;
        this.httpHost = null;
        this.httpClient = null;
        this.apiKey = "";
        this.httpClient = closeableHttpClient;
        this.httpHost = httpHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HopsworksExternalClient(String str, int i, Region region, SecretStore secretStore, boolean z, String str2, String str3, String str4) throws IOException, FeatureStoreException, KeyStoreException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
        this.connectionPool = null;
        this.httpHost = null;
        this.httpClient = null;
        this.apiKey = "";
        this.httpHost = new HttpHost(str, i, "https");
        this.connectionPool = new PoolingHttpClientConnectionManager(createConnectionFactory(this.httpHost, z, str2));
        this.connectionPool.setMaxTotal(10);
        this.connectionPool.setDefaultMaxPerRoute(10);
        this.httpClient = HttpClients.custom().setConnectionManager(this.connectionPool).setKeepAliveStrategy((httpResponse, httpContext) -> {
            return 30000L;
        }).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build()).build();
        if (Strings.isNullOrEmpty(str4)) {
            this.apiKey = readApiKey(secretStore, region, str3);
        } else {
            this.apiKey = str4;
        }
    }

    protected Registry<ConnectionSocketFactory> createConnectionFactory(HttpHost httpHost, boolean z, String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
        return RegistryBuilder.create().register("https", new SSLConnectionSocketFactory(!Strings.isNullOrEmpty(str) ? SSLContexts.custom().loadTrustMaterial(Paths.get(str, new String[0]).toFile(), (char[]) null, new TrustSelfSignedStrategy()).build() : !z ? SSLContexts.custom().loadTrustMaterial(new TrustAllStrategy()).build() : SSLContext.getDefault(), new HopsworksHostnameVerifier(z, httpHost.toHostString()))).register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
    }

    protected static String readCertKey(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    int read = fileInputStream.read();
                    if (read == -1) {
                        break;
                    }
                    sb.append((char) read);
                }
                String sb2 = sb.toString();
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return sb2;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.warn("Failed to get cert password.", e);
            return null;
        }
    }

    public String readApiKey(SecretStore secretStore, Region region, String str) throws IOException, FeatureStoreException {
        if (!Strings.isNullOrEmpty(str)) {
            return FileUtils.readFileToString(Paths.get(str, new String[0]).toFile());
        }
        switch (secretStore) {
            case PARAMETER_STORE:
                return readApiKeyParamStore(region, "api-key");
            case SECRET_MANAGER:
                return readApiKeySecretManager(region, "api-key");
            default:
                throw new FeatureStoreException("ApiKeyFilepath needs to be set for local mode");
        }
    }

    protected String readApiKeyParamStore(Region region, String str) throws FeatureStoreException {
        SsmClient build = ((SsmClientBuilder) SsmClient.builder().region(region)).mo2004build();
        String str2 = PARAM_NAME_PARAMETER_STORE + getAssumedRole() + "/type/" + str;
        String value = build.getParameter((GetParameterRequest) GetParameterRequest.builder().name(str2).withDecryption(true).mo2004build()).parameter().value();
        if (Strings.isNullOrEmpty(value)) {
            throw new FeatureStoreException("Could not find parameter " + str2 + " in parameter store");
        }
        return value;
    }

    protected String readApiKeySecretManager(Region region, String str) throws FeatureStoreException, IOException {
        SecretsManagerClient build = ((SecretsManagerClientBuilder) SecretsManagerClient.builder().region(region)).mo2004build();
        String str2 = PARAM_NAME_SECRET_STORE + getAssumedRole();
        String str3 = (String) ((HashMap) new ObjectMapper().readValue(build.getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str2).mo2004build()).secretString(), HashMap.class)).get("api-key");
        if (Strings.isNullOrEmpty(str3)) {
            throw new FeatureStoreException("Could not find secret " + str2 + " in secret store");
        }
        return str3;
    }

    protected String getAssumedRole() throws FeatureStoreException {
        StsClient create = StsClient.create();
        Throwable th = null;
        try {
            String arn = create.getCallerIdentity().arn();
            String[] split = arn.split("/");
            if (split.length != 3 || !split[0].endsWith("assumed-role")) {
                throw new FeatureStoreException("Failed to extract assumed role from arn: " + arn);
            }
            String str = split[1];
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return str;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    public <T> T handleRequest(HttpRequest httpRequest, ResponseHandler<T> responseHandler) throws IOException {
        LOGGER.info("Handling metadata request: " + httpRequest);
        AuthorizationHandler authorizationHandler = new AuthorizationHandler(responseHandler);
        httpRequest.setHeader("Authorization", "ApiKey " + this.apiKey);
        try {
            return (T) this.httpClient.execute(this.httpHost, httpRequest, authorizationHandler);
        } catch (InternalException e) {
            return (T) this.httpClient.execute(this.httpHost, httpRequest, authorizationHandler);
        }
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public void setTrustStorePath(String str) {
        this.trustStorePath = str;
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public String getCertKey() {
        return this.certKey;
    }

    @Override // com.logicalclocks.hsfs.metadata.HopsworksHttpClient
    @Generated
    public void setCertKey(String str) {
        this.certKey = str;
    }
}
