package com.ibm.cloud.sdk.core.security;

import com.ibm.cloud.sdk.core.http.HttpMediaType;
import com.ibm.cloud.sdk.core.http.RequestBuilder;
import com.ibm.cloud.sdk.core.util.RequestUtils;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/ibm/cloud/sdk/core/security/VpcInstanceAuthenticator.class */
public class VpcInstanceAuthenticator extends TokenRequestBasedAuthenticator<IamToken, VpcTokenResponse> implements Authenticator {
    private static final Logger LOG = Logger.getLogger(VpcInstanceAuthenticator.class.getName());
    private static final String defaultIMSEndpoint = "http://169.254.169.254";
    private static final String operationPathCreateAccessToken = "/instance_identity/v1/token";
    private static final String operationPathCreateIamToken = "/instance_identity/v1/iam_token";
    private static final String metadataFlavor = "ibm";
    private static final String metadataServiceVersion = "2022-03-01";
    private static final int instanceIdentityTokenLifetime = 300;
    private String iamProfileCrn;
    private String iamProfileId;
    private String url;

    /* loaded from: input_file:com/ibm/cloud/sdk/core/security/VpcInstanceAuthenticator$Builder.class */
    public static class Builder {
        private String iamProfileCrn;
        private String iamProfileId;
        private String url;

        public Builder() {
        }

        private Builder(VpcInstanceAuthenticator vpcInstanceAuthenticator) {
            this.iamProfileCrn = vpcInstanceAuthenticator.iamProfileCrn;
            this.iamProfileId = vpcInstanceAuthenticator.iamProfileId;
            this.url = vpcInstanceAuthenticator.url;
        }

        public VpcInstanceAuthenticator build() {
            return new VpcInstanceAuthenticator(this);
        }

        public Builder iamProfileCrn(String str) {
            this.iamProfileCrn = str;
            return this;
        }

        public Builder iamProfileId(String str) {
            this.iamProfileId = str;
            return this;
        }

        public Builder url(String str) {
            this.url = str;
            return this;
        }
    }

    protected VpcInstanceAuthenticator() {
        setUserAgent(RequestUtils.buildUserAgent("vpc-instance-authenticator"));
    }

    protected VpcInstanceAuthenticator(Builder builder) {
        this();
        this.iamProfileCrn = builder.iamProfileCrn;
        this.iamProfileId = builder.iamProfileId;
        this.url = builder.url;
        validate();
    }

    public Builder newBuilder() {
        return new Builder();
    }

    public static VpcInstanceAuthenticator fromConfiguration(Map<String, String> map) {
        return new Builder().iamProfileCrn(map.get(Authenticator.PROPNAME_IAM_PROFILE_CRN)).iamProfileId(map.get(Authenticator.PROPNAME_IAM_PROFILE_ID)).url(map.get(Authenticator.PROPNAME_URL)).build();
    }

    @Override // com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticatorImmutable, com.ibm.cloud.sdk.core.security.Authenticator
    public void validate() {
        if (StringUtils.isNotEmpty(getIamProfileCrn()) && StringUtils.isNotEmpty(getIamProfileId())) {
            throw new IllegalArgumentException(String.format(AuthenticatorBase.ERRORMSG_ATMOST_ONE_PROP_ERROR, "iamProfileCrn", "iamProfileId"));
        }
    }

    @Override // com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticatorImmutable, com.ibm.cloud.sdk.core.security.Authenticator
    public String authenticationType() {
        return Authenticator.AUTHTYPE_VPC;
    }

    public String getIamProfileCrn() {
        return this.iamProfileCrn;
    }

    protected void setIamProfileCrn(String str) {
        this.iamProfileCrn = str;
    }

    public String getIamProfileId() {
        return this.iamProfileId;
    }

    protected void setIamProfileId(String str) {
        this.iamProfileId = str;
    }

    public String getURL() {
        return this.url;
    }

    protected void setURL(String str) {
        if (StringUtils.isEmpty(str)) {
            str = defaultIMSEndpoint;
        }
        this.url = str;
    }

    private String getImsEndpoint() {
        return StringUtils.isEmpty(this.url) ? defaultIMSEndpoint : this.url;
    }

    @Override // com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticatorImmutable
    public IamToken requestToken() {
        IamToken iamToken;
        try {
            iamToken = retrieveIamAccessToken(retrieveInstanceIdentityToken());
        } catch (Throwable th) {
            iamToken = new IamToken(th);
        }
        return iamToken;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String retrieveInstanceIdentityToken() throws Throwable {
        try {
            RequestBuilder put = RequestBuilder.put(RequestBuilder.resolveRequestUrl(getImsEndpoint(), operationPathCreateAccessToken));
            put.query("version", metadataServiceVersion);
            put.header("Accept", HttpMediaType.APPLICATION_JSON);
            put.header("Content-Type", HttpMediaType.APPLICATION_JSON);
            put.header("Metadata-Flavor", metadataFlavor);
            put.bodyContent(String.format("{\"expires_in\": %d}", Integer.valueOf(instanceIdentityTokenLifetime)), HttpMediaType.APPLICATION_JSON);
            LOG.log(Level.FINE, "Invoking VPC create_access_token operation: PUT {0}", put.toUrl());
            VpcTokenResponse vpcTokenResponse = (VpcTokenResponse) invokeRequest(put, VpcTokenResponse.class);
            LOG.log(Level.FINE, "Returned from VPC create_access_token operation.");
            return vpcTokenResponse.getAccessToken();
        } catch (Throwable th) {
            LOG.log(Level.FINE, "Exception from VPC create_access_token operation: ", th);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public IamToken retrieveIamAccessToken(String str) {
        IamToken iamToken;
        try {
            RequestBuilder post = RequestBuilder.post(RequestBuilder.resolveRequestUrl(getImsEndpoint(), operationPathCreateIamToken));
            post.query("version", metadataServiceVersion);
            post.header("Accept", HttpMediaType.APPLICATION_JSON);
            post.header("Content-Type", HttpMediaType.APPLICATION_JSON);
            post.header("Authorization", "Bearer " + str);
            post.header("User-Agent", getUserAgent());
            String str2 = null;
            if (!StringUtils.isEmpty(getIamProfileCrn())) {
                str2 = String.format("{\"trusted_profile\": {\"crn\": \"%s\"}}", getIamProfileCrn());
            }
            if (!StringUtils.isEmpty(getIamProfileId())) {
                str2 = String.format("{\"trusted_profile\": {\"id\": \"%s\"}}", getIamProfileId());
            }
            if (!StringUtils.isEmpty(str2)) {
                post.bodyContent(str2, HttpMediaType.APPLICATION_JSON);
            }
            LOG.log(Level.FINE, "Invoking VPC create_iam_token operation: POST {0}", post.toUrl());
            VpcTokenResponse vpcTokenResponse = (VpcTokenResponse) invokeRequest(post, VpcTokenResponse.class);
            LOG.log(Level.FINE, "Returned from VPC create_iam_token operation.");
            iamToken = new IamToken(vpcTokenResponse);
        } catch (Throwable th) {
            LOG.log(Level.FINE, "Exception from VPC create_iam_token operation: {0}", th);
            iamToken = new IamToken(th);
        }
        return iamToken;
    }
}
