package com.yahoo.athenz.zts;

import athenz.shade.zts.com.fasterxml.jackson.databind.ObjectMapper;
import athenz.shade.zts.javax.ws.rs.core.MediaType;
import com.yahoo.athenz.auth.token.AccessToken;
import com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/zts/ZTSAccessTokenFileLoader.class */
public class ZTSAccessTokenFileLoader {
    private static final Logger LOG = LoggerFactory.getLogger(ZTSAccessTokenFileLoader.class);
    public static final String ACCESS_TOKEN_PATH_PROPERTY = "athenz.zts.client.accesstoken.path";
    private static final String DEFAULT_ACCESS_TOKEN_DIR_PATH = "/var/lib/sia/tokens/";
    private static final String ROLE_NAME_CONNECTOR = ",";
    private static final String DOMAIN_ROLE_CONNECTOR = ":role:";
    private JwtsSigningKeyResolver accessSignKeyResolver;
    private ObjectMapper objectMapper = new ObjectMapper();
    private Map<String, String> roleNameMap = new HashMap();
    private final String path = System.getProperty(ACCESS_TOKEN_PATH_PROPERTY, DEFAULT_ACCESS_TOKEN_DIR_PATH);

    public ZTSAccessTokenFileLoader(JwtsSigningKeyResolver jwtsSigningKeyResolver) {
        this.accessSignKeyResolver = jwtsSigningKeyResolver;
    }

    public void preload() {
        File file = new File(this.path);
        if (file.exists() && file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                if (file2.isDirectory()) {
                    for (File file3 : file2.listFiles()) {
                        if (!file3.isDirectory()) {
                            AccessTokenResponse accessTokenResponse = null;
                            try {
                                accessTokenResponse = (AccessTokenResponse) this.objectMapper.readValue(file3, AccessTokenResponse.class);
                            } catch (IOException e) {
                                LOG.error("Failed to load or parse token file: {}", file3);
                            }
                            if (accessTokenResponse != null && !new AccessTokenResponseCacheEntry(accessTokenResponse).isExpired(-1L)) {
                                addToRoleMap(file2.getName(), file3.getName(), accessTokenResponse);
                            }
                        }
                    }
                }
            }
        }
    }

    public AccessTokenResponse lookupAccessTokenFromDisk(String str, List<String> list) throws IOException {
        String rolesStr = getRolesStr(str, list);
        String str2 = this.roleNameMap.get(rolesStr);
        LOG.debug("Trying to fetch access token from disk for domain: {}, roleNames: {}, roleMap key: {}. file name: {}", new Object[]{str, list, rolesStr, str2});
        if (str2 == null) {
            return null;
        }
        return (AccessTokenResponse) this.objectMapper.readValue(new File(this.path + File.separator + str + File.separator + str2), AccessTokenResponse.class);
    }

    private static String getRolesStr(String str, List<String> list) {
        if (list == null || list.isEmpty()) {
            return str + DOMAIN_ROLE_CONNECTOR + MediaType.MEDIA_TYPE_WILDCARD;
        }
        ArrayList arrayList = new ArrayList(list);
        Collections.sort(arrayList);
        return str + DOMAIN_ROLE_CONNECTOR + String.join(ROLE_NAME_CONNECTOR, arrayList);
    }

    private void addToRoleMap(String str, String str2, AccessTokenResponse accessTokenResponse) {
        try {
            this.roleNameMap.put(getRolesStr(str, new AccessToken(accessTokenResponse.getAccess_token(), this.accessSignKeyResolver).getScope()), str2);
        } catch (Exception e) {
            LOG.error("Got error to parse access token file {}, error: {}", str2, e.getMessage());
        }
    }
}
