package org.apache.knox.gateway.cloud.idbroker.s3a;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.s3a.AWSCredentialProviderList;
import org.apache.hadoop.fs.s3a.auth.MarshalledCredentials;
import org.apache.hadoop.fs.s3a.auth.delegation.AbstractS3ATokenIdentifier;
import org.apache.hadoop.io.Text;
import org.apache.knox.gateway.shell.CloudAccessBrokerSession;

/* loaded from: input_file:org/apache/knox/gateway/cloud/idbroker/s3a/TestIDBDelegationTokenBinding.class */
public class TestIDBDelegationTokenBinding extends IDBDelegationTokenBinding {
    private Path testTokenPath;
    private boolean getTestToken;

    public TestIDBDelegationTokenBinding() {
    }

    public TestIDBDelegationTokenBinding(String str, Text text) {
        super(str, text);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.s3a.IDBDelegationTokenBinding
    public AWSCredentialProviderList deployUnbonded() throws IOException {
        loadTestToken();
        return super.deployUnbonded();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.s3a.IDBDelegationTokenBinding
    public AWSCredentialProviderList bindToTokenIdentifier(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier) throws IOException {
        loadTestToken();
        return super.bindToTokenIdentifier(abstractS3ATokenIdentifier);
    }

    private void loadTestToken() {
        LOG.warn("This implementation of the IDBDelegationTokenBinding is for testing purposes only");
        String trimmed = getConfig().getTrimmed(S3AIDBProperty.IDBROKER_TEST_TOKEN_PATH.getPropertyName());
        if (StringUtils.isNotEmpty(trimmed)) {
            Path path = Paths.get(trimmed, new String[0]);
            if (!Files.exists(path, new LinkOption[0])) {
                LOG.warn("The specified path does not exist, a test token will not be used: {}", path.toAbsolutePath());
                this.testTokenPath = null;
            } else if (!Files.isRegularFile(path, new LinkOption[0])) {
                LOG.warn("The specified path is not a file, a test token will not be used: {}", path.toAbsolutePath());
                this.testTokenPath = null;
            } else if (Files.isReadable(path)) {
                this.testTokenPath = path;
                LOG.warn("Using test access token from {}", this.testTokenPath.toAbsolutePath());
            } else {
                LOG.warn("The specified file is not readable, a test token will not be used: {}", path.toAbsolutePath());
                this.testTokenPath = null;
            }
        } else {
            LOG.warn("A file for a test token was not specified, a test token will not be used");
            this.testTokenPath = null;
        }
        this.getTestToken = this.testTokenPath != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.knox.gateway.cloud.idbroker.s3a.IDBDelegationTokenBinding
    public MarshalledCredentials fetchMarshalledAWSCredentials(S3AIDBClient s3AIDBClient, CloudAccessBrokerSession cloudAccessBrokerSession) throws IOException {
        MarshalledCredentials marshalledCredentials;
        if (this.getTestToken) {
            marshalledCredentials = readTestToken(s3AIDBClient);
            this.getTestToken = false;
        } else {
            marshalledCredentials = null;
        }
        if (marshalledCredentials == null) {
            LOG.warn("This implementation of the AbfsIDBIntegration is for testing purposes only - using REAL access token");
            return super.fetchMarshalledAWSCredentials(s3AIDBClient, cloudAccessBrokerSession);
        }
        LOG.warn("This implementation of the AbfsIDBIntegration is for testing purposes only - using TEST access token");
        return marshalledCredentials;
    }

    private MarshalledCredentials readTestToken(S3AIDBClient s3AIDBClient) throws IOException {
        AuthResponseAWSMessage authResponseAWSMessage;
        if (this.testTokenPath != null) {
            InputStream newInputStream = Files.newInputStream(this.testTokenPath, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    authResponseAWSMessage = (AuthResponseAWSMessage) AuthResponseAWSMessage.serializer().fromJsonStream(newInputStream);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    if (th != null) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            authResponseAWSMessage = null;
        }
        if (authResponseAWSMessage != null) {
            return s3AIDBClient.responseToMarshalledCredentials(authResponseAWSMessage);
        }
        return null;
    }
}
