package org.eclipse.jkube.kit.build.service.docker.auth.ecr;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.eclipse.jkube.kit.build.api.auth.AuthConfig;
import org.eclipse.jkube.kit.common.KitLogger;

/* loaded from: input_file:org/eclipse/jkube/kit/build/service/docker/auth/ecr/EcrExtendedAuth.class */
public class EcrExtendedAuth {
    private static final Pattern AWS_REGISTRY = Pattern.compile("^(\\d{12})\\.dkr\\.ecr\\.([a-z\\-0-9]+)\\.amazonaws\\.com$");
    private final KitLogger logger;
    private final boolean isAwsRegistry;
    private final String accountId;
    private final String region;

    public static boolean isAwsRegistry(String str) {
        return str != null && AWS_REGISTRY.matcher(str).matches();
    }

    public EcrExtendedAuth(KitLogger kitLogger, String str) {
        this.logger = kitLogger;
        Matcher matcher = AWS_REGISTRY.matcher(str);
        this.isAwsRegistry = matcher.matches();
        if (this.isAwsRegistry) {
            this.accountId = matcher.group(1);
            this.region = matcher.group(2);
        } else {
            this.accountId = null;
            this.region = null;
        }
        kitLogger.debug("registry = %s, isValid= %b", new Object[]{str, Boolean.valueOf(this.isAwsRegistry)});
    }

    public boolean isAwsRegistry() {
        return this.isAwsRegistry;
    }

    public AuthConfig extendedAuth(AuthConfig authConfig) throws IOException {
        return AuthConfig.fromCredentialsEncoded(getAuthorizationToken(authConfig).getAsJsonArray("authorizationData").get(0).getAsJsonObject().get("authorizationToken").getAsString(), "none");
    }

    private JsonObject getAuthorizationToken(AuthConfig authConfig) throws IOException {
        return executeRequest(createClient(), createSignedRequest(authConfig, new Date()));
    }

    CloseableHttpClient createClient() {
        return HttpClients.custom().useSystemProperties().build();
    }

    private JsonObject executeRequest(CloseableHttpClient closeableHttpClient, HttpPost httpPost) throws IOException {
        try {
            CloseableHttpResponse execute = closeableHttpClient.execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            this.logger.debug("Response status %d", new Object[]{Integer.valueOf(statusCode)});
            if (statusCode != 200) {
                throw new IOException("AWS authentication failure");
            }
            JsonObject jsonObject = (JsonObject) new Gson().fromJson(new InputStreamReader(execute.getEntity().getContent(), StandardCharsets.UTF_8), JsonObject.class);
            closeableHttpClient.close();
            return jsonObject;
        } catch (Throwable th) {
            closeableHttpClient.close();
            throw th;
        }
    }

    HttpPost createSignedRequest(AuthConfig authConfig, Date date) {
        String str = "api.ecr." + this.region + ".amazonaws.com";
        this.logger.debug("Get ECR AuthorizationToken from %s", new Object[]{str});
        HttpPost httpPost = new HttpPost("https://" + str + '/');
        httpPost.setHeader("host", str);
        httpPost.setHeader("Content-Type", "application/x-amz-json-1.1");
        httpPost.setHeader("X-Amz-Target", "AmazonEC2ContainerRegistry_V20150921.GetAuthorizationToken");
        httpPost.setEntity(new StringEntity("{\"registryIds\":[\"" + this.accountId + "\"]}", StandardCharsets.UTF_8));
        new AwsSigner4(this.region, "ecr").sign(httpPost, authConfig, date);
        return httpPost;
    }
}
