package com.amazon.dlic.auth.http.jwt.keybyoidc;

import com.amazon.dlic.auth.http.jwt.oidc.json.OpenIdProviderConfiguration;
import com.amazon.dlic.util.SettingsBasedSSLConfigurator;
import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import java.io.IOException;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.http.HttpEntity;
import org.apache.http.StatusLine;
import org.apache.http.client.cache.CacheResponseStatus;
import org.apache.http.client.cache.HttpCacheContext;
import org.apache.http.client.cache.HttpCacheStorage;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.cache.BasicHttpCacheStorage;
import org.apache.http.impl.client.cache.CacheConfig;
import org.apache.http.impl.client.cache.CachingHttpClientBuilder;
import org.apache.http.impl.client.cache.CachingHttpClients;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.class */
public class KeySetRetriever implements KeySetProvider {
    private static final Logger log = LogManager.getLogger(KeySetRetriever.class);
    private static final long CACHE_STATUS_LOG_INTERVAL_MS = 3600000;
    private String openIdConnectEndpoint;
    private SettingsBasedSSLConfigurator.SSLConfig sslConfig;
    private CacheConfig cacheConfig;
    private HttpCacheStorage oidcHttpCacheStorage;
    private int requestTimeoutMs = 10000;
    private int oidcCacheHits = 0;
    private int oidcCacheMisses = 0;
    private int oidcCacheHitsValidated = 0;
    private int oidcCacheModuleResponses = 0;
    private long oidcRequests = 0;
    private long lastCacheStatusLog = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.amazon.dlic.auth.http.jwt.keybyoidc.KeySetRetriever$1, reason: invalid class name */
    /* loaded from: input_file:com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$http$client$cache$CacheResponseStatus = new int[CacheResponseStatus.values().length];

        static {
            try {
                $SwitchMap$org$apache$http$client$cache$CacheResponseStatus[CacheResponseStatus.CACHE_HIT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$http$client$cache$CacheResponseStatus[CacheResponseStatus.CACHE_MODULE_RESPONSE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$http$client$cache$CacheResponseStatus[CacheResponseStatus.CACHE_MISS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$http$client$cache$CacheResponseStatus[CacheResponseStatus.VALIDATED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeySetRetriever(String str, SettingsBasedSSLConfigurator.SSLConfig sSLConfig, boolean z) {
        this.openIdConnectEndpoint = str;
        this.sslConfig = sSLConfig;
        if (z) {
            this.cacheConfig = CacheConfig.custom().setMaxCacheEntries(10).setMaxObjectSize(1048576L).build();
            this.oidcHttpCacheStorage = new BasicHttpCacheStorage(this.cacheConfig);
        }
    }

    @Override // com.amazon.dlic.auth.http.jwt.keybyoidc.KeySetProvider
    public JsonWebKeys get() throws AuthenticatorUnavailableException {
        String jwksUri = getJwksUri();
        try {
            CloseableHttpClient createHttpClient = createHttpClient(null);
            try {
                HttpGet httpGet = new HttpGet(jwksUri);
                httpGet.setConfig(RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()).setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build());
                CloseableHttpResponse execute = createHttpClient.execute(httpGet);
                try {
                    StatusLine statusLine = execute.getStatusLine();
                    if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) {
                        throw new AuthenticatorUnavailableException("Error while getting " + jwksUri + ": " + statusLine);
                    }
                    HttpEntity entity = execute.getEntity();
                    if (entity == null) {
                        throw new AuthenticatorUnavailableException("Error while getting " + jwksUri + ": Empty response entity");
                    }
                    JsonWebKeys readJwkSet = JwkUtils.readJwkSet(entity.getContent());
                    if (execute != null) {
                        execute.close();
                    }
                    if (createHttpClient != null) {
                        createHttpClient.close();
                    }
                    return readJwkSet;
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticatorUnavailableException("Error while getting " + jwksUri + ": " + e, e);
        }
    }

    String getJwksUri() throws AuthenticatorUnavailableException {
        try {
            CloseableHttpClient createHttpClient = createHttpClient(this.oidcHttpCacheStorage);
            try {
                HttpGet httpGet = new HttpGet(this.openIdConnectEndpoint);
                httpGet.setConfig(RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()).setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build());
                HttpCacheContext httpCacheContext = null;
                if (this.oidcHttpCacheStorage != null) {
                    httpCacheContext = new HttpCacheContext();
                }
                CloseableHttpResponse execute = createHttpClient.execute(httpGet, httpCacheContext);
                if (httpCacheContext != null) {
                    try {
                        logCacheResponseStatus(httpCacheContext);
                    } catch (Throwable th) {
                        if (execute != null) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                StatusLine statusLine = execute.getStatusLine();
                if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) {
                    throw new AuthenticatorUnavailableException("Error while getting " + this.openIdConnectEndpoint + ": " + statusLine);
                }
                HttpEntity entity = execute.getEntity();
                if (entity == null) {
                    throw new AuthenticatorUnavailableException("Error while getting " + this.openIdConnectEndpoint + ": Empty response entity");
                }
                String jwksUri = ((OpenIdProviderConfiguration) DefaultObjectMapper.objectMapper.readValue(entity.getContent(), OpenIdProviderConfiguration.class)).getJwksUri();
                if (execute != null) {
                    execute.close();
                }
                if (createHttpClient != null) {
                    createHttpClient.close();
                }
                return jwksUri;
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticatorUnavailableException("Error while getting " + this.openIdConnectEndpoint + ": " + e, e);
        }
    }

    public int getRequestTimeoutMs() {
        return this.requestTimeoutMs;
    }

    public void setRequestTimeoutMs(int i) {
        this.requestTimeoutMs = i;
    }

    private void logCacheResponseStatus(HttpCacheContext httpCacheContext) {
        this.oidcRequests++;
        switch (AnonymousClass1.$SwitchMap$org$apache$http$client$cache$CacheResponseStatus[httpCacheContext.getCacheResponseStatus().ordinal()]) {
            case 1:
                this.oidcCacheHits++;
                break;
            case 2:
                this.oidcCacheModuleResponses++;
                break;
            case 3:
                this.oidcCacheMisses++;
                break;
            case 4:
                this.oidcCacheHitsValidated++;
                break;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (this.oidcRequests < 2 || currentTimeMillis - this.lastCacheStatusLog <= CACHE_STATUS_LOG_INTERVAL_MS) {
            return;
        }
        log.info("Cache status for KeySetRetriever:\noidcCacheHits: " + this.oidcCacheHits + "\noidcCacheHitsValidated: " + this.oidcCacheHitsValidated + "\noidcCacheModuleResponses: " + this.oidcCacheModuleResponses + "\noidcCacheMisses: " + this.oidcCacheMisses);
        this.lastCacheStatusLog = currentTimeMillis;
    }

    private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage) {
        CachingHttpClientBuilder httpCacheStorage2 = httpCacheStorage != null ? CachingHttpClients.custom().setCacheConfig(this.cacheConfig).setHttpCacheStorage(httpCacheStorage) : HttpClients.custom();
        httpCacheStorage2.useSystemProperties();
        if (this.sslConfig != null) {
            httpCacheStorage2.setSSLSocketFactory(this.sslConfig.toSSLConnectionSocketFactory());
        }
        return httpCacheStorage2.build();
    }

    public int getOidcCacheHits() {
        return this.oidcCacheHits;
    }

    public int getOidcCacheMisses() {
        return this.oidcCacheMisses;
    }

    public int getOidcCacheHitsValidated() {
        return this.oidcCacheHitsValidated;
    }

    public int getOidcCacheModuleResponses() {
        return this.oidcCacheModuleResponses;
    }
}
