package org.jmxtrans.agent.google;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Level;
import javax.xml.bind.DatatypeConverter;
import org.jmxtrans.agent.util.StringUtils2;
import org.jmxtrans.agent.util.json.Json;
import org.jmxtrans.agent.util.json.JsonObject;
import org.jmxtrans.agent.util.json.JsonValue;
import org.jmxtrans.agent.util.logging.Logger;
import org.jmxtrans.agent.zabbix.ZabbixOutputWriterCommonSettings;

/* loaded from: input_file:org/jmxtrans/agent/google/Connection.class */
public class Connection {
    private static final String AUTH_URL = "https://accounts.google.com/o/oauth2/token";
    private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final String SCOPE = "https://www.googleapis.com/auth/monitoring";
    private static final String API_URL = "https://monitoring.googleapis.com/v3";
    private static Logger logger = Logger.getLogger(Connection.class.getName());
    private Boolean useGkeServiceAccount;
    private String token;
    private Date expiry;
    private String serviceAccount;
    private PrivateKey privateKey;
    Object tokenLock = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    public Connection(String str, String str2, String str3) {
        this.useGkeServiceAccount = false;
        this.serviceAccount = null;
        this.privateKey = null;
        this.serviceAccount = str;
        if (!StringUtils2.isNullOrEmpty(str) && !StringUtils2.isNullOrEmpty(str2)) {
            logger.info("Metrics Service Account has been provided : " + str);
            this.serviceAccount = str;
            this.privateKey = getPrivateKeyFromString(str2);
        }
        if (this.privateKey == null && !StringUtils2.isNullOrEmpty(str3)) {
            logger.info("Metrics Credentials File Name has been set explicitly : " + str3);
            setFromFile(str3);
        }
        if (this.privateKey == null && null != getGoogleApiTokenFromMetadataApi()) {
            logger.info("Google Container Engine Metadata API is available. Using 'default' cluster Service Account");
            this.useGkeServiceAccount = true;
            return;
        }
        String str4 = System.getenv("GOOGLE_APPLICATION_CREDENTIALS");
        if (this.privateKey == null && !StringUtils2.isNullOrEmpty(str4)) {
            logger.info("No explicit Metrics connection configuration provided. Checking GOOGLE_APPLICATION_CREDENTIALS.");
            setFromFile(str4);
        }
        if (this.privateKey == null) {
            throw new RuntimeException("Failed to initialise connection to GCP Monitoring");
        }
    }

    public String doGet(String str, String str2) throws Exception {
        return httpCall("https://monitoring.googleapis.com/v3/" + str, "GET", str2, getGoogleApiToken());
    }

    public String doPost(String str, String str2) throws Exception {
        return httpCall("https://monitoring.googleapis.com/v3/" + str, "POST", str2, getGoogleApiToken());
    }

    private void setFromFile(String str) {
        try {
            JsonObject asObject = Json.parse(new InputStreamReader(new FileInputStream(str), "UTF-8")).asObject();
            this.serviceAccount = asObject.get("client_email").asString();
            this.privateKey = getPrivateKeyFromString(asObject.get("private_key").asString());
        } catch (IOException e) {
            logger.log(Level.SEVERE, "Unable to parse '" + str + "' : " + e.getMessage(), e);
        }
    }

    private PrivateKey getPrivateKeyFromString(String str) {
        if (StringUtils2.isNullOrEmpty(str)) {
            return null;
        }
        PrivateKey privateKey = null;
        try {
            privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace("\\r", "").replace("\\n", "").replace("\r", "").replace("\n", ""))));
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Constructing Private Key from PEM string failed: " + e.getMessage(), e);
        }
        return privateKey;
    }

    private String getGoogleApiToken() {
        if (this.useGkeServiceAccount.booleanValue()) {
            return getGoogleApiTokenFromMetadataApi();
        }
        if (StringUtils2.isNullOrEmpty(this.token) || this.expiry == null || System.currentTimeMillis() + 30000 > this.expiry.getTime()) {
            prepareApiToken();
        }
        return this.token;
    }

    private String getGoogleApiTokenFromMetadataApi() {
        BufferedReader bufferedReader = null;
        try {
            try {
                URLConnection openConnection = new URL("http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token").openConnection();
                openConnection.setRequestProperty("Metadata-Flavor", "Google");
                bufferedReader = new BufferedReader(new InputStreamReader(openConnection.getInputStream(), "UTF-8"));
                JsonObject asObject = Json.parse(bufferedReader.readLine()).asObject();
                if (asObject == null || asObject.get("access_token") == null) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                        }
                    }
                    return null;
                }
                String asString = asObject.get("access_token").asString();
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                }
                return asString;
            } catch (Exception e3) {
                logger.log(Level.SEVERE, "Failed to source Access Token from Metadata API : " + e3.getMessage());
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e4) {
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e5) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private void prepareApiToken() {
        synchronized (this.tokenLock) {
            if (StringUtils2.isNullOrEmpty(this.token) || this.expiry == null || System.currentTimeMillis() + 30000 > this.expiry.getTime()) {
                try {
                    JsonObject jsonObject = new JsonObject();
                    jsonObject.add("alg", "RS256");
                    jsonObject.add("typ", "JWT");
                    long currentTimeMillis = System.currentTimeMillis() / 1000;
                    JsonObject jsonObject2 = new JsonObject();
                    jsonObject2.add("aud", AUTH_URL);
                    jsonObject2.add("exp", currentTimeMillis + 3600);
                    jsonObject2.add("iat", currentTimeMillis);
                    jsonObject2.add("iss", this.serviceAccount);
                    jsonObject2.add("scope", SCOPE);
                    String str = encodeBase64Url(jsonObject.toString().getBytes(Charset.forName("UTF-8"))) + "." + encodeBase64Url(jsonObject2.toString().getBytes(Charset.forName("UTF-8")));
                    String str2 = str + "." + encodeBase64Url(signSHA256withRSA(str));
                    LinkedHashMap<String, String> linkedHashMap = new LinkedHashMap<>();
                    linkedHashMap.put("grant_type", GRANT_TYPE);
                    linkedHashMap.put("assertion", str2);
                    String str3 = null;
                    Date date = null;
                    JsonObject asObject = Json.parse(httpCall(AUTH_URL, "GET", convertMapToContent(linkedHashMap), null)).asObject();
                    if (asObject != null && asObject.get("access_token") != null) {
                        str3 = asObject.get("access_token").asString();
                        date = new Date((currentTimeMillis * 1000) + (asObject.get("expires_in").asInt() * ZabbixOutputWriterCommonSettings.SETTING_BATCH_SIZE_DEFAULT_VALUE));
                    }
                    JsonValue jsonValue = asObject.get("error");
                    if (jsonValue != null) {
                        logger.log(Level.SEVERE, jsonValue.toString());
                    }
                    JsonValue jsonValue2 = asObject.get("error_description");
                    if (jsonValue2 != null) {
                        logger.log(Level.SEVERE, jsonValue2.toString());
                    }
                    if (StringUtils2.isNullOrEmpty(str3) || date == null || System.currentTimeMillis() >= date.getTime()) {
                        logger.log(Level.WARNING, "Token refresh failed. Token : " + this.token + " Expiry : " + this.expiry);
                    } else {
                        this.token = str3;
                        this.expiry = date;
                        logger.log(Level.FINE, "Token : " + this.token);
                        logger.fine("Refreshed token. New expiry instant : " + this.expiry);
                    }
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "Token refresh failed " + e.getMessage(), e);
                }
            }
        }
    }

    private byte[] signSHA256withRSA(String str) {
        byte[] bArr = null;
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(this.privateKey);
            signature.update(str.getBytes(Charset.forName("UTF-8")));
            bArr = signature.sign();
        } catch (Exception e) {
            logger.log(Level.SEVERE, e.getMessage(), e);
        }
        return bArr;
    }

    private String encodeBase64Url(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        if (bArr.length == 0) {
            return "";
        }
        try {
            return DatatypeConverter.printBase64Binary(bArr).replace("=", "").replace("+", "-").replace("/", "_");
        } catch (Exception e) {
            logger.log(Level.WARNING, "FAILED URL ENCODING " + e.getMessage(), e);
            return null;
        }
    }

    private String convertMapToContent(LinkedHashMap<String, String> linkedHashMap) throws Exception {
        StringBuilder sb = new StringBuilder("");
        for (Map.Entry<String, String> entry : linkedHashMap.entrySet()) {
            sb.append((sb.length() > 0 ? "&" : "") + URLEncoder.encode(entry.getKey(), "UTF-8") + "=" + (!StringUtils2.isNullOrEmpty(entry.getValue()) ? URLEncoder.encode(entry.getValue(), "UTF-8") : ""));
        }
        if (sb.length() > 0) {
            return sb.toString();
        }
        return null;
    }

    private String httpCall(String str, String str2, String str3, String str4) throws Exception {
        InputStream errorStream;
        StringBuilder sb = new StringBuilder();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("User-Agent", "jmxtrans-agent");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str4);
        httpURLConnection.setRequestMethod(str2.toUpperCase());
        if (str2.equalsIgnoreCase("POST")) {
            httpURLConnection.setRequestProperty("Content-Type", "application/json");
        }
        if (!StringUtils2.isNullOrEmpty(str3)) {
            httpURLConnection.setDoOutput(true);
        }
        httpURLConnection.setDoInput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setAllowUserInteraction(false);
        httpURLConnection.setRequestProperty("Connection", "Keep-Alive");
        httpURLConnection.setRequestProperty("Content-length", StringUtils2.isNullOrEmpty(str3) ? "0" : "" + str3.length());
        httpURLConnection.connect();
        if (!StringUtils2.isNullOrEmpty(str3)) {
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(str3.getBytes(Charset.forName("UTF-8")));
            outputStream.flush();
        }
        boolean z = false;
        if (httpURLConnection.getResponseCode() < 400) {
            errorStream = httpURLConnection.getInputStream();
        } else {
            errorStream = httpURLConnection.getErrorStream();
            z = true;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream, "UTF-8"));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            sb.append(readLine);
        }
        bufferedReader.close();
        if (z) {
            throw new RuntimeException(sb.toString());
        }
        return sb.toString();
    }
}
