package com.marklogic.client.impl.okhttp;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.marklogic.client.DatabaseClientFactory;
import com.marklogic.client.impl.RESTServices;
import java.io.IOException;
import okhttp3.FormBody;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer.class */
public class MarkLogicCloudAuthenticationConfigurer implements AuthenticationConfigurer<DatabaseClientFactory.MarkLogicCloudAuthContext> {
    private String host;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer$DefaultTokenGenerator.class */
    public static class DefaultTokenGenerator implements TokenGenerator {
        private static final Logger logger = LoggerFactory.getLogger(DefaultTokenGenerator.class);
        private String host;
        private DatabaseClientFactory.MarkLogicCloudAuthContext securityContext;

        public DefaultTokenGenerator(String str, DatabaseClientFactory.MarkLogicCloudAuthContext markLogicCloudAuthContext) {
            this.host = str;
            this.securityContext = markLogicCloudAuthContext;
        }

        @Override // com.marklogic.client.impl.okhttp.MarkLogicCloudAuthenticationConfigurer.TokenGenerator
        public String generateToken() {
            String accessTokenFromResponse = getAccessTokenFromResponse(callTokenEndpoint());
            if (logger.isInfoEnabled()) {
                logger.info("Successfully obtained authentication token");
            }
            return accessTokenFromResponse;
        }

        private Response callTokenEndpoint() {
            HttpUrl buildTokenUrl = buildTokenUrl();
            OkHttpClient.Builder newClientBuilder = OkHttpUtil.newClientBuilder();
            OkHttpUtil.configureSocketFactory(newClientBuilder, this.securityContext.getSSLContext(), this.securityContext.getTrustManager());
            OkHttpUtil.configureHostnameVerifier(newClientBuilder, this.securityContext.getSSLHostnameVerifier());
            if (logger.isInfoEnabled()) {
                logger.info("Calling token endpoint at: " + buildTokenUrl);
            }
            try {
                return newClientBuilder.build().newCall(new Request.Builder().url(buildTokenUrl).post(newFormBody()).build()).execute();
            } catch (IOException e) {
                throw new RuntimeException(String.format("Unable to call token endpoint at %s; cause: %s", buildTokenUrl, e.getMessage(), e));
            }
        }

        protected HttpUrl buildTokenUrl() {
            HttpUrl.Builder newBuilder = new HttpUrl.Builder().scheme("https").host(this.host).port(443).build().resolve(this.securityContext.getTokenEndpoint()).newBuilder();
            Integer tokenDuration = this.securityContext.getTokenDuration();
            return tokenDuration != null ? newBuilder.addQueryParameter("duration", tokenDuration.toString()).build() : newBuilder.build();
        }

        protected FormBody newFormBody() {
            return new FormBody.Builder().add("grant_type", this.securityContext.getGrantType()).add("key", this.securityContext.getApiKey()).build();
        }

        private String getAccessTokenFromResponse(Response response) {
            String str = null;
            try {
                str = response.body().string();
                JsonNode readTree = new ObjectMapper().readTree(str);
                if (readTree.has("access_token")) {
                    return readTree.get("access_token").asText();
                }
                throw new RuntimeException("Unable to get access token; unexpected JSON response: " + readTree);
            } catch (IOException e) {
                throw new RuntimeException("Unable to get access token; response: " + str, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer$TokenAuthenticationInterceptor.class */
    public static class TokenAuthenticationInterceptor implements Interceptor {
        private static final Logger logger = LoggerFactory.getLogger(TokenAuthenticationInterceptor.class);
        private TokenGenerator tokenGenerator;
        private String token;

        public TokenAuthenticationInterceptor(TokenGenerator tokenGenerator) {
            this.tokenGenerator = tokenGenerator;
            this.token = tokenGenerator.generateToken();
        }

        public Response intercept(Interceptor.Chain chain) throws IOException {
            Response proceed = chain.proceed(addTokenToRequest(chain));
            if (proceed.code() == 401) {
                logger.info("Received 401; will generate new token if necessary and retry request");
                proceed.close();
                generateNewTokenIfNecessary(this.token);
                proceed = chain.proceed(addTokenToRequest(chain));
            }
            return proceed;
        }

        private synchronized void generateNewTokenIfNecessary(String str) {
            if (str.equals(this.token)) {
                logger.info("Generating new token based on receiving 401");
                this.token = this.tokenGenerator.generateToken();
            } else if (logger.isDebugEnabled()) {
                logger.debug("This instance's token has already been updated, presumably by another thread");
            }
        }

        private Request addTokenToRequest(Interceptor.Chain chain) {
            return chain.request().newBuilder().header(RESTServices.HEADER_AUTHORIZATION, "Bearer " + this.token).build();
        }
    }

    /* loaded from: input_file:com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer$TokenGenerator.class */
    public interface TokenGenerator {
        String generateToken();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MarkLogicCloudAuthenticationConfigurer(String str) {
        this.host = str;
    }

    @Override // com.marklogic.client.impl.okhttp.AuthenticationConfigurer
    public void configureAuthentication(OkHttpClient.Builder builder, DatabaseClientFactory.MarkLogicCloudAuthContext markLogicCloudAuthContext) {
        String apiKey = markLogicCloudAuthContext.getApiKey();
        if (apiKey == null || apiKey.trim().length() < 1) {
            throw new IllegalArgumentException("No API key provided");
        }
        builder.addInterceptor(new TokenAuthenticationInterceptor(new DefaultTokenGenerator(this.host, markLogicCloudAuthContext)));
    }
}
