package org.apache.flink.shaded.net.snowflake.ingest.connection;

import java.security.KeyPair;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jose.JOSEException;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jose.JWSAlgorithm;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jose.JWSHeader;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jose.crypto.RSASSASigner;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jwt.JWTClaimsSet;
import org.apache.flink.shaded.net.snowflake.ingest.internal.com.nimbusds.jwt.SignedJWT;
import org.apache.flink.shaded.net.snowflake.ingest.utils.Cryptor;

/* loaded from: input_file:org/apache/flink/shaded/net/snowflake/ingest/connection/JWTManager.class */
public final class JWTManager extends SecurityManager {
    private static final float LIFETIME_IN_MINUTES = 59.0f;
    private static final int RENEWAL_INTERVAL_IN_MINUTES = 54;
    private static final String TOKEN_TYPE = "KEYPAIR_JWT";
    private final transient KeyPair keyPair;
    private final AtomicReference<String> token;

    JWTManager(String str, String str2, KeyPair keyPair, int i, TimeUnit timeUnit, TelemetryService telemetryService) {
        super(str, str2, telemetryService);
        if (keyPair == null) {
            throw new IllegalArgumentException();
        }
        this.token = new AtomicReference<>();
        this.keyPair = keyPair;
        refreshToken();
        this.tokenRefresher.scheduleAtFixedRate(this::refreshToken, i, i, timeUnit);
    }

    public JWTManager(String str, String str2, KeyPair keyPair, TelemetryService telemetryService) {
        this(str, str2, keyPair, 54, TimeUnit.MINUTES, telemetryService);
    }

    @Override // org.apache.flink.shaded.net.snowflake.ingest.connection.SecurityManager
    public String getToken() {
        if (!this.refreshFailed.get()) {
            return this.token.get();
        }
        LOGGER.error("getToken request failed due to token regeneration failure");
        throw new SecurityException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.flink.shaded.net.snowflake.ingest.connection.SecurityManager
    public String getTokenType() {
        return "KEYPAIR_JWT";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.flink.shaded.net.snowflake.ingest.connection.SecurityManager
    public void refreshToken() {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        String format = String.format("%s.%s", this.account, this.user);
        String format2 = String.format("%s.%s.%s", this.account, this.user, calculatePublicKeyFp(this.keyPair));
        Date date = new Date(System.currentTimeMillis());
        JWTClaimsSet build = builder.issuer(format2).subject(format).issueTime(date).expirationTime(new Date(date.getTime() + 3540000)).build();
        LOGGER.debug("Creating new JWT with subject {} and issuer {}...", format, format2);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), build);
        try {
            signedJWT.sign(new RSASSASigner(this.keyPair.getPrivate()));
            String serialize = signedJWT.serialize();
            LOGGER.info("Successfully created new JWT");
            this.token.set(serialize);
            if (this.telemetryService != null) {
                this.telemetryService.refreshToken(serialize);
            }
        } catch (JOSEException e) {
            this.refreshFailed.set(true);
            LOGGER.error("Failed to regenerate token! Exception is as follows : {}", e.getMessage());
            throw new SecurityException();
        }
    }

    private String calculatePublicKeyFp(KeyPair keyPair) {
        this.publicKeyFingerPrint = String.format("SHA256:%s", Cryptor.sha256HashBase64(keyPair.getPublic().getEncoded()));
        return this.publicKeyFingerPrint;
    }

    @Override // org.apache.flink.shaded.net.snowflake.ingest.connection.SecurityManager, java.lang.AutoCloseable
    public void close() {
        this.tokenRefresher.shutdown();
    }
}
