package software.amazon.dax.channel;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufOutputStream;
import io.netty.channel.Channel;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import java.io.IOException;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.dax.DaxMethodIds;
import software.amazon.dax.com.amazon.cbor.CborOutputStream;
import software.amazon.dax.com.amazon.cbor.Encoder;
import software.amazon.dax.exceptions.DaxServiceException;
import software.amazon.dax.utils.LazyClock;
import software.amazon.dax.utils.SigV4Gen;
import software.amazon.dax.utils.Validate;

@ChannelHandler.Sharable
/* loaded from: input_file:software/amazon/dax/channel/AuthHandler.class */
public class AuthHandler extends ChannelDuplexHandler {
    private String accessKeyId;
    private final AwsCredentialsProvider credentialsProvider;
    private final String region;
    private final String userAgent;
    private final LazyClock clock;
    private volatile long poolWindow;
    private volatile long channelWindow;
    private volatile long lastPoolAuth;
    private static final String DAX_ADDR = "https://dax.amazonaws.com";
    private static final int AUTH_TTL_MS = 300000;
    protected static final double WINDOW_SCALAR = 0.1d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthHandler(AwsCredentialsProvider awsCredentialsProvider, String str, String str2) {
        this(awsCredentialsProvider, str, str2, LazyClock.instance());
    }

    AuthHandler(AwsCredentialsProvider awsCredentialsProvider, String str, String str2, LazyClock lazyClock) {
        this.poolWindow = 150000L;
        this.channelWindow = 30000L;
        this.credentialsProvider = awsCredentialsProvider;
        this.region = str;
        this.userAgent = str2;
        this.clock = lazyClock;
    }

    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        long currentTime = this.clock.getCurrentTime();
        AwsCredentials resolveCredentials = this.credentialsProvider.resolveCredentials();
        if (!checkAndUpdateAccessKeyId(resolveCredentials.accessKeyId()) || getChannelAuthExpiry(channelHandlerContext.channel()) - currentTime <= this.channelWindow || currentTime - this.lastPoolAuth >= this.poolWindow) {
            SigV4Gen.SigAndStringToSign generateSigAndStringToSign = SigV4Gen.generateSigAndStringToSign(resolveCredentials, DAX_ADDR, this.region, "");
            ByteBuf buffer = channelHandlerContext.alloc().buffer();
            prepareAuthRequest(buffer, this.accessKeyId, generateSigAndStringToSign.mSignature, Encoder.encodeUtf8(generateSigAndStringToSign.mStringToSign), generateSigAndStringToSign.mSessionToken, this.userAgent);
            channelHandlerContext.write(buffer);
            this.lastPoolAuth = currentTime;
            setChannelAuthExpiry(channelHandlerContext.channel(), currentTime + 300000);
        }
        super.write(channelHandlerContext, obj, channelPromise);
    }

    private void prepareAuthRequest(ByteBuf byteBuf, String str, String str2, byte[] bArr, String str3, String str4) throws IOException {
        Validate.notNull(str, "accessKeyId");
        Validate.notNull(str2, "signature");
        Validate.notNull(bArr, "stringToSign");
        CborOutputStream cborOutputStream = new CborOutputStream(new ByteBufOutputStream(byteBuf), 0);
        try {
            cborOutputStream.writeInt(1);
            cborOutputStream.writeInt(DaxMethodIds.AUTHORIZECONNECTION_ID);
            cborOutputStream.writeString(str);
            cborOutputStream.writeString(str2);
            cborOutputStream.writeBytes(bArr);
            if (str3 == null) {
                cborOutputStream.writeNull();
            } else {
                cborOutputStream.writeString(str3);
            }
            if (str4 == null) {
                cborOutputStream.writeNull();
            } else {
                cborOutputStream.writeString(str4);
            }
            cborOutputStream.flush();
            cborOutputStream.close();
        } catch (Throwable th) {
            try {
                cborOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
        if ((th instanceof DaxServiceException) && ((DaxServiceException) th).isAuthenticationException()) {
            setChannelAuthExpiry(channelHandlerContext.channel(), 0L);
        }
        super.exceptionCaught(channelHandlerContext, th);
    }

    long getChannelAuthExpiry(Channel channel) {
        Long l = (Long) channel.attr(ChannelAttributeKey.AUTH_EXPIRY).get();
        if (l == null) {
            return 0L;
        }
        return l.longValue();
    }

    private void setChannelAuthExpiry(Channel channel, long j) {
        channel.attr(ChannelAttributeKey.AUTH_EXPIRY).set(Long.valueOf(j));
    }

    private boolean checkAndUpdateAccessKeyId(String str) throws IllegalArgumentException {
        if (str == null) {
            throw new IllegalArgumentException("AWSCredentialsProvider provided null AWSAccessKeyId");
        }
        boolean equals = str.equals(this.accessKeyId);
        if (!equals) {
            this.accessKeyId = str;
        }
        return equals;
    }
}
