package org.gorpipe.security.cred;

import com.google.api.client.util.Strings;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.util.concurrent.UncheckedExecutionException;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.gorpipe.base.security.BundledCredentials;
import org.gorpipe.base.security.Credentials;
import org.gorpipe.base.security.CredentialsParser;
import org.gorpipe.exceptions.GorSystemException;
import org.gorpipe.gor.auth.AuthConfig;
import org.gorpipe.gor.auth.GorAuthInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gorpipe/security/cred/CsaCredentialService.class */
public class CsaCredentialService extends CsaBaseService {
    private static final Logger log = LoggerFactory.getLogger(CsaCredentialService.class);
    private final AppSessionUtility appSessionUtility;
    private CredentialsParser parser;
    private Cache<String, BundledCredentials> credentialsCache;

    public CsaCredentialService(CsaAuthConfiguration csaAuthConfiguration, AuthConfig authConfig, CredentialsParser credentialsParser, AppSessionUtility appSessionUtility) {
        super(csaAuthConfiguration, authConfig);
        this.parser = credentialsParser;
        this.appSessionUtility = appSessionUtility;
        this.credentialsCache = CacheBuilder.newBuilder().concurrencyLevel(4).expireAfterWrite(1L, TimeUnit.MINUTES).build();
    }

    public BundledCredentials getCredentials(GorAuthInfo gorAuthInfo) {
        return getCredentialsBundleFromCache(gorAuthInfo.getProject(), gorAuthInfo.getUsername(), gorAuthInfo.getUserId());
    }

    public BundledCredentials getCredentials(String str) {
        GorAuthInfo sessionContext = this.appSessionUtility.getSessionContext(str);
        return getCredentialsBundleFromCache(sessionContext.getProject(), sessionContext.getUsername(), sessionContext.getUserId());
    }

    private BundledCredentials getCredentialsBundleFromCache(String str, String str2, String str3) {
        try {
            return (BundledCredentials) this.credentialsCache.get(Strings.isNullOrEmpty(str3) ? str : str + ":" + str2, () -> {
                return getCredentialsBundle(str, str3);
            });
        } catch (UncheckedExecutionException | ExecutionException e) {
            throw new GorSystemException("Error getting credentials for user: " + str2 + " in project: " + str, e.getCause());
        }
    }

    private BundledCredentials getCredentialsBundle(String str, String str2) throws IOException {
        return getCredentialsBundle(str, str2, null, null);
    }

    public BundledCredentials getCredentialsBundle(String str, String str2, String str3, String str4) throws IOException {
        Map<String, Object> initializeAndRetry;
        log.debug("get credentials for project: {}, user {}", str, str2);
        if (!isConfigured()) {
            log.info("No configuration - returning empty credentials list");
            return BundledCredentials.emptyCredentials();
        }
        initAuth();
        String format = String.format("find[project_key]=%s", str);
        if (!Strings.isNullOrEmpty(str2)) {
            format = format + String.format("&find[user_id]=%s", str2);
        }
        if (str3 != null) {
            format = format + String.format("&find[service]=%s", str3);
        }
        if (str4 != null) {
            format = format + String.format("&find[lookup_key]=%s", str4);
        }
        try {
            initializeAndRetry = jsonGet("auth/v1/credentials.json?" + format);
        } catch (IOException e) {
            initializeAndRetry = initializeAndRetry("auth/v1/credentials.json?" + format);
        }
        List<Map<String, Object>> list = (List) initializeAndRetry.get("credentials");
        BundledCredentials.Builder builder = new BundledCredentials.Builder();
        if (list != null) {
            List<Credentials> parseFromJson = this.parser.parseFromJson(list);
            Collections.sort(parseFromJson, (credentials, credentials2) -> {
                return credentials2.getOwnerType().compareTo(credentials.getOwnerType());
            });
            for (Credentials credentials3 : parseFromJson) {
                if (credentials3.getLookupKey() != null) {
                    builder.addCredentials(credentials3);
                } else {
                    builder.addDefaultCredentials(credentials3);
                }
            }
        }
        return builder.build();
    }

    @Override // org.gorpipe.security.cred.CsaBaseService
    public /* bridge */ /* synthetic */ String getSystemAppSession() {
        return super.getSystemAppSession();
    }
}
