package org.apache.knox.gateway.cloud.idbroker.google;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.cloud.hadoop.util.AccessTokenProvider;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;
import org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient;
import org.apache.knox.gateway.cloud.idbroker.IDBConstants;
import org.apache.knox.gateway.cloud.idbroker.common.RequestErrorHandlingAttributes;
import org.apache.knox.gateway.shell.BasicResponse;

/* loaded from: input_file:org/apache/knox/gateway/cloud/idbroker/google/GoogleIDBClient.class */
public class GoogleIDBClient extends AbstractIDBClient<AccessTokenProvider.AccessToken> {
    public GoogleIDBClient(Configuration configuration, UserGroupInformation userGroupInformation) throws IOException {
        super(configuration, userGroupInformation);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected boolean getOnlyUser(Configuration configuration) {
        return getPropertyValueAsBoolean(configuration, GoogleIDBProperty.IDBROKER_ONLY_USER_METHOD).booleanValue();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected boolean getOnlyGroups(Configuration configuration) {
        return getPropertyValueAsBoolean(configuration, GoogleIDBProperty.IDBROKER_ONLY_GROUPS_METHOD).booleanValue();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getSpecificRole(Configuration configuration) {
        return getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_SPECIFIC_ROLE_METHOD);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getSpecificGroup(Configuration configuration) {
        return getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_SPECIFIC_GROUP_METHOD);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getTruststorePath(Configuration configuration) {
        return getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_TRUSTSTORE_LOCATION);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected char[] getTruststorePassword(Configuration configuration) throws IOException {
        char[] password = configuration.getPassword(GoogleIDBProperty.IDBROKER_TRUSTSTORE_PASS.getPropertyName());
        if (password == null) {
            password = configuration.getPassword(GoogleIDBProperty.IDBROKER_TRUSTSTORE_PASSWORD.getPropertyName());
        }
        return password;
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected boolean getUseCertificateFromDT(Configuration configuration) {
        return getPropertyValueAsBoolean(configuration, GoogleIDBProperty.IDBROKER_USE_DT_CERT).booleanValue();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getDelegationTokensURL(Configuration configuration) {
        return buildUrl(getGatewayAddress(), getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_DT_PATH));
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getCredentialsURL(Configuration configuration) {
        return buildUrl(getGatewayAddress(), getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_PATH));
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getCredentialsType(Configuration configuration) {
        return getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_CREDENTIALS_TYPE);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String[] getGatewayAddress(Configuration configuration) {
        return configuration.getStrings(GoogleIDBProperty.IDBROKER_GATEWAY.getPropertyName(), new String[]{GoogleIDBProperty.IDBROKER_GATEWAY.getDefaultValue()});
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getUsername(Configuration configuration) {
        return getPropertyValue(configuration, GoogleIDBProperty.IDBROKER_USERNAME);
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getUsernamePropertyName() {
        return GoogleIDBProperty.IDBROKER_USERNAME.getPropertyName();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getPassword(Configuration configuration) {
        return CABUtils.getConfigSecret(configuration, getPasswordPropertyName(), "CLOUD_ACCESS_BROKER_PASS");
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected String getPasswordPropertyName() {
        return GoogleIDBProperty.IDBROKER_PASSWORD.getPropertyName();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected boolean preferKnoxTokenOverKerberos(Configuration configuration) {
        return getPropertyValueAsBoolean(configuration, GoogleIDBProperty.IDBROKER_PREFER_KNOX_TOKEN_OVER_KERBEROS).booleanValue();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected Collection<String> getTokenClientExclusions(Configuration configuration) {
        Collection<String> trimmedStringCollection = configuration.getTrimmedStringCollection(GoogleIDBProperty.IDBROKER_TOKEN_CLIENT_EXCLUSIONS.getPropertyName());
        return trimmedStringCollection.isEmpty() ? StringUtils.getTrimmedStringCollection(GoogleIDBProperty.IDBROKER_TOKEN_CLIENT_EXCLUSIONS.getDefaultValue()) : trimmedStringCollection;
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected boolean isTokenMonitorConfigured(Configuration configuration) {
        return getPropertyValueAsBoolean(configuration, GoogleIDBProperty.IDBROKER_ENABLE_TOKEN_MONITOR).booleanValue();
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.AbstractIDBClient
    protected RequestErrorHandlingAttributes getRequestErrorHandlingAttributes(Configuration configuration) {
        return new RequestErrorHandlingAttributes(getPropertyValueAsInteger(GoogleIDBProperty.IDBROKER_MAX_FAILOVER_ATTEMPTS).intValue(), getPropertyValueAsInteger(GoogleIDBProperty.IDBROKER_FAILOVER_SLEEP).intValue(), getPropertyValueAsInteger(GoogleIDBProperty.IDBROKER_MAX_RETRY_ATTEMPTS).intValue(), getPropertyValueAsInteger(GoogleIDBProperty.IDBROKER_RETRY_SLEEP).intValue());
    }

    @Override // org.apache.knox.gateway.cloud.idbroker.IDBClient
    public AccessTokenProvider.AccessToken extractCloudCredentialsFromResponse(BasicResponse basicResponse) throws IOException {
        AccessTokenProvider.AccessToken accessToken = null;
        if (basicResponse.getStatusCode() == 200 && basicResponse.getContentLength() > 0 && IDBConstants.MIME_TYPE_JSON.equals(basicResponse.getContentType())) {
            Map<String, Object> parseJSONResponse = parseJSONResponse(basicResponse.getString());
            accessToken = new AccessTokenProvider.AccessToken((String) parseJSONResponse.get("accessToken"), Long.valueOf(DateTime.parseRfc3339((String) parseJSONResponse.get("expireTime")).getValue()));
        }
        return accessToken;
    }

    Map<String, Object> parseJSONResponse(String str) throws IOException {
        return (Map) new ObjectMapper().readValue(str, new TypeReference<Map<String, Object>>() { // from class: org.apache.knox.gateway.cloud.idbroker.google.GoogleIDBClient.1
        });
    }
}
