package com.cloudera.cmf.cdhclient.common.security;

import com.cloudera.cmf.cdhclient.util.HttpConnectionConfigurator;
import com.cloudera.cmf.cdhclient.util.SecurityUtil;
import com.cloudera.cmf.cdhclient.util.ThrottlingLogger;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableMap;
import com.yammer.metrics.Metrics;
import com.yammer.metrics.core.Gauge;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.TimeUnit;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/cdhclient/common/security/SecureUrlUtil.class */
public abstract class SecureUrlUtil {
    private static final String CHARSET_UTF_8 = "UTF-8";
    protected static final Logger LOG = LoggerFactory.getLogger(SecureUrlUtil.class);
    private static final ThrottlingLogger THROTTLED_LOG = new ThrottlingLogger(LOG, Duration.standardMinutes(30));
    private static final int CACHE_EXPIRATION_MINUTES = Integer.getInteger("com.cloudera.enterprise.UrlUtil.DEFAULT_CACHE_EXPIRATION_MINUTES", 30).intValue();

    @VisibleForTesting
    protected static final Cache<String, Object> tokenCache;
    public static final HttpConnectionConfigurator NO_CONNECTION_CONFIGURATOR;
    public static final ImmutableMap<String, String> EMPTY_REQUEST_PROPERTIES;

    /* loaded from: input_file:com/cloudera/cmf/cdhclient/common/security/SecureUrlUtil$AuthenticationException.class */
    public static class AuthenticationException extends Exception {
        private static final long serialVersionUID = 8614255581951640691L;

        public AuthenticationException(Throwable th) {
            super(th);
        }
    }

    protected abstract HttpURLConnection openConnection(URL url, Object obj, Duration duration, Duration duration2, HttpConnectionConfigurator httpConnectionConfigurator, ImmutableMap<String, String> immutableMap) throws IOException, AuthenticationException;

    protected abstract Object createNewToken();

    protected abstract Object getUpdatedToken(HttpURLConnection httpURLConnection, Object obj);

    public InputStream readSecureUrlWithTimeouts(String str, Duration duration, Duration duration2, HttpConnectionConfigurator httpConnectionConfigurator, ImmutableMap<String, String> immutableMap) throws IOException {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(duration);
        Preconditions.checkNotNull(duration2);
        Preconditions.checkNotNull(immutableMap);
        URL url = new URL(str);
        return readSecureUrlWithTimeouts(url, String.format("%s:%d", url.getHost(), Integer.valueOf(url.getPort())), duration, duration2, httpConnectionConfigurator, immutableMap);
    }

    public InputStream readSecureUrlWithTimeouts(final URL url, String str, final Duration duration, final Duration duration2, final HttpConnectionConfigurator httpConnectionConfigurator, final ImmutableMap<String, String> immutableMap) throws IOException {
        HttpURLConnection httpURLConnection;
        Preconditions.checkNotNull(url);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(duration);
        Preconditions.checkNotNull(duration2);
        Preconditions.checkNotNull(immutableMap);
        Object ifPresent = tokenCache.getIfPresent(str);
        final Object createNewToken = ifPresent == null ? createNewToken() : ifPresent;
        try {
            httpURLConnection = (HttpURLConnection) SecurityUtil.getUgiFromContext().doAs(new PrivilegedExceptionAction<HttpURLConnection>() { // from class: com.cloudera.cmf.cdhclient.common.security.SecureUrlUtil.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public HttpURLConnection run() throws IOException {
                    try {
                        HttpURLConnection openConnection = SecureUrlUtil.this.openConnection(url, createNewToken, duration, duration2, httpConnectionConfigurator, immutableMap);
                        openConnection.getResponseCode();
                        return openConnection;
                    } catch (SocketTimeoutException e) {
                        throw e;
                    } catch (Exception e2) {
                        throw new IOException("Failed to connect to: " + url, e2);
                    }
                }
            });
        } catch (SocketTimeoutException e) {
            if (THROTTLED_LOG.isDebugEnabled()) {
                THROTTLED_LOG.warn("Timed out connecting to: " + url + ". Error:", (Throwable) e);
            } else {
                THROTTLED_LOG.warn("Timed out connecting to: " + url);
            }
        } catch (Exception e2) {
            THROTTLED_LOG.warn("Failed to connect to: " + url + ". Error: ", (Throwable) e2);
        }
        if (httpURLConnection == null) {
            throw new IOException("Failed to connect to: " + url);
        }
        if (httpURLConnection.getResponseCode() == 200) {
            tokenCache.put(str, getUpdatedToken(httpURLConnection, createNewToken));
            return httpURLConnection.getInputStream();
        }
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), CHARSET_UTF_8));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            THROTTLED_LOG.warn("Cannot retrieve " + url + ". Error: " + sb.toString());
            if (null != bufferedReader) {
                bufferedReader.close();
            }
            tokenCache.invalidate(str);
            throw new IOException("Failed to connect to: " + url);
        } catch (Throwable th) {
            if (null != bufferedReader) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    @VisibleForTesting
    public InputStream readSecureUrlWithTimeouts(String str, Duration duration, Duration duration2) throws IOException {
        return readSecureUrlWithTimeouts(str, duration, duration2, NO_CONNECTION_CONFIGURATOR, EMPTY_REQUEST_PROPERTIES);
    }

    static {
        Metrics.newGauge(SecureUrlUtil.class, "url_token_cache_size", new Gauge<Long>() { // from class: com.cloudera.cmf.cdhclient.common.security.SecureUrlUtil.1
            /* renamed from: value, reason: merged with bridge method [inline-methods] */
            public Long m28value() {
                return Long.valueOf(SecureUrlUtil.tokenCache.size());
            }
        });
        tokenCache = CacheBuilder.newBuilder().expireAfterAccess(CACHE_EXPIRATION_MINUTES, TimeUnit.MINUTES).build();
        NO_CONNECTION_CONFIGURATOR = null;
        EMPTY_REQUEST_PROPERTIES = ImmutableMap.of();
    }
}
