package org.jfrog.access.client.confstore.fsconfig;

import com.google.common.io.Files;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.OpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.security.cert.Certificate;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.FileUtils;
import org.jfrog.access.client.AccessAuthToken;
import org.jfrog.access.client.AccessClientBuilder;
import org.jfrog.access.client.RootCertificateHolder;
import org.jfrog.access.client.confstore.AccessClientConfigStore;
import org.jfrog.access.client.confstore.ClientConfigKeys;
import org.jfrog.access.common.ServiceId;
import org.jfrog.access.token.JwtAccessTokenImpl;
import org.jfrog.access.util.AccessCredsFileHelper;
import org.jfrog.access.version.AccessVersion;
import org.jfrog.security.file.PemHelper;
import org.jfrog.security.file.SecurityFolderHelper;

/* loaded from: input_file:org/jfrog/access/client/confstore/fsconfig/FileBasedAccessClientConfigStore.class */
public class FileBasedAccessClientConfigStore implements AccessClientConfigStore {
    private final AccessClientHome clientHome;
    private final AccessClientConfig clientConfig;
    private final ServiceId serviceId;
    private String adminTokenValue;
    private Certificate rootCertificate;
    private final Object adminTokenValueLock = new Object();
    private final Object rootCertificateLock = new Object();

    public FileBasedAccessClientConfigStore(@Nonnull File file, @Nullable Supplier<ServiceId> supplier) {
        this.clientHome = new AccessClientHome(file);
        this.clientConfig = new AccessClientConfig(this.clientHome);
        this.serviceId = bootstrapServiceId(supplier);
    }

    public AccessClientHome getClientHome() {
        return this.clientHome;
    }

    public AccessClientConfig getClientConfig() {
        return this.clientConfig;
    }

    @Nonnull
    private ServiceId bootstrapServiceId(@Nullable Supplier<ServiceId> supplier) {
        File bootstrapServiceIdFile = this.clientHome.getBootstrapServiceIdFile();
        if (!bootstrapServiceIdFile.exists()) {
            if (supplier == null || this.clientHome.getServiceIdFile().exists()) {
                return this.clientHome.getServiceId();
            }
            ServiceId serviceId = supplier.get();
            saveServiceId(serviceId);
            return serviceId;
        }
        if (this.clientHome.getServiceIdFile().exists()) {
            throw new IllegalStateException("The service already has an ID '" + this.clientHome.getServiceId() + "', can't bootstrap a new ID. The bootstrap file needs to be removed: " + bootstrapServiceIdFile.getAbsolutePath());
        }
        try {
            String readFirstLine = Files.readFirstLine(bootstrapServiceIdFile, Charsets.UTF_8);
            ServiceId generateUniqueId = ServiceId.ELEMENT_PATTERN.matcher(readFirstLine).matches() ? ServiceId.generateUniqueId(readFirstLine) : ServiceId.fromFormattedName(readFirstLine);
            try {
                saveServiceId(generateUniqueId);
                FileUtils.forceDelete(bootstrapServiceIdFile);
                return generateUniqueId;
            } catch (Exception e) {
                throw new RuntimeException("Failed to bootstrap service ID.", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Failed to create service ID from bootstrap file: " + bootstrapServiceIdFile.getAbsolutePath(), e2);
        }
    }

    private void saveServiceId(@Nullable ServiceId serviceId) {
        try {
            FileUtils.forceMkdir(this.clientHome.getServiceIdFile().getParentFile());
            java.nio.file.Files.write(this.clientHome.getServiceIdFile().toPath(), serviceId.getFormattedName().getBytes(), new OpenOption[0]);
            setPermissionsOnSecurityFile(this.clientHome.getServiceIdFile(), SecurityFolderHelper.PERMISSIONS_MODE_600);
        } catch (Exception e) {
            throw new RuntimeException("Failed to save service ID to file.", e);
        }
    }

    @Nonnull
    public AccessClientBuilder newClientBuilder() {
        String adminTokenOrNull = getAdminTokenOrNull();
        return AccessClientBuilder.newBuilder().serverUrl(this.clientConfig.getString(ClientConfigKeys.accessServerUrl)).connectionTimeout(this.clientConfig.getInt(ClientConfigKeys.httpClientConnectTimeout)).socketTimeout(this.clientConfig.getInt(ClientConfigKeys.httpClientSocketTimeout)).maxConnections(this.clientConfig.getInt(ClientConfigKeys.httpClientMaxConnectionsTotal)).tokenVerificationResultCacheSize(this.clientConfig.getLong(ClientConfigKeys.tokenVerificationResultCacheSize)).tokenVerificationResultCacheExpiry(this.clientConfig.getLong(ClientConfigKeys.tokenVerificationResultCacheExpiry)).defaultAuth(adminTokenOrNull == null ? null : new AccessAuthToken(adminTokenOrNull)).serviceId(this.serviceId).rootCertificate(newRootCertHolder());
    }

    private RootCertificateHolder newRootCertHolder() {
        return new RootCertificateHolder() { // from class: org.jfrog.access.client.confstore.fsconfig.FileBasedAccessClientConfigStore.1
            @Nullable
            public Certificate get() {
                return FileBasedAccessClientConfigStore.this.getRootCertificate();
            }

            public void set(@Nullable Certificate certificate) {
                FileBasedAccessClientConfigStore.this.storeRootCertificate(certificate);
            }
        };
    }

    @Nonnull
    public ServiceId getServiceId() {
        return this.serviceId;
    }

    public void storeRootCertificate(@Nonnull Certificate certificate) {
        revokeAdminTokenIfNonMatch(certificate);
        saveCertificateToFile(certificate, this.clientHome.getAccessRootCertFile());
        this.rootCertificate = certificate;
    }

    private void revokeAdminTokenIfNonMatch(Certificate certificate) {
        synchronized (this.adminTokenValueLock) {
            String adminTokenOrNull = getAdminTokenOrNull();
            if (adminTokenOrNull != null) {
                if (certificate == null) {
                    revokeAdminToken();
                } else if (!JwtAccessTokenImpl.parseTokenValue(adminTokenOrNull).verify(certificate.getPublicKey())) {
                    revokeAdminToken();
                }
            }
        }
    }

    @Nonnull
    public Certificate getRootCertificate() {
        if (this.rootCertificate == null) {
            synchronized (this.rootCertificateLock) {
                if (this.rootCertificate == null) {
                    this.rootCertificate = readCertificateFromFile(this.clientHome.getAccessRootCertFile(), "root certificate");
                }
            }
        }
        return this.rootCertificate;
    }

    public boolean isRootCertificateExists() {
        return this.clientHome.getAccessRootCertFile().exists();
    }

    public void storeAdminToken(@Nonnull String str) {
        synchronized (this.adminTokenValueLock) {
            SecurityFolderHelper.saveKeyFile(this.clientHome.getServiceAdminTokenFile(), bufferedWriter -> {
                bufferedWriter.write(str);
            });
            this.adminTokenValue = str;
            setPermissionsOnSecurityFile(this.clientHome.getServiceAdminTokenFile(), SecurityFolderHelper.PERMISSIONS_MODE_600);
        }
    }

    private void setPermissionsOnSecurityFile(File file, Set<PosixFilePermission> set) {
        try {
            SecurityFolderHelper.setPermissionsOnSecurityFile(file.toPath(), set);
        } catch (IOException e) {
            throw new RuntimeException("Failed to set permissions on file: " + file.getAbsolutePath(), e);
        }
    }

    @Nonnull
    public String getAdminToken() {
        String adminTokenOrNull = getAdminTokenOrNull();
        if (adminTokenOrNull == null) {
            throw new NoSuchElementException("admin token does not exist in the config store");
        }
        return adminTokenOrNull;
    }

    @Nullable
    private String getAdminTokenOrNull() {
        if (this.adminTokenValue == null) {
            synchronized (this.adminTokenValueLock) {
                if (this.adminTokenValue == null) {
                    this.adminTokenValue = initAdminAccessToken();
                }
            }
        }
        return this.adminTokenValue;
    }

    private String initAdminAccessToken() {
        File serviceAdminTokenFile = this.clientHome.getServiceAdminTokenFile();
        if (!serviceAdminTokenFile.exists()) {
            return null;
        }
        try {
            return java.nio.file.Files.readAllLines(serviceAdminTokenFile.toPath()).get(0);
        } catch (IOException e) {
            throw new RuntimeException("Failed to read service admin token from file.", e);
        }
    }

    public boolean isAdminTokenExists() {
        return this.clientHome.getServiceAdminTokenFile().exists();
    }

    @Nonnull
    public String[] getBootstrapAdminCredentials() {
        File bootstrapAccessCredsFile = this.clientHome.getBootstrapAccessCredsFile();
        if (!bootstrapAccessCredsFile.exists()) {
            throw new NoSuchElementException("bootstrap admin credentials do not exist in the config store");
        }
        try {
            Map.Entry entry = (Map.Entry) AccessCredsFileHelper.readAccessCreds(bootstrapAccessCredsFile).entrySet().iterator().next();
            return new String[]{(String) entry.getKey(), (String) entry.getValue()};
        } catch (IOException e) {
            throw new RuntimeException("Failed to read access credentials from bootstrap file.", e);
        }
    }

    public boolean isBootstrapAdminCredentialsExist() {
        return this.clientHome.getBootstrapAccessCredsFile().exists();
    }

    public void discardBootstrapAdminCredentials() {
        File bootstrapAccessCredsFile = this.clientHome.getBootstrapAccessCredsFile();
        if (bootstrapAccessCredsFile.exists()) {
            try {
                FileUtils.forceDelete(bootstrapAccessCredsFile);
            } catch (IOException e) {
                throw new RuntimeException("Failed to delete bootstrap access credentials file.", e);
            }
        }
    }

    public AccessVersion getAccessClientVersion() {
        Properties properties = new Properties();
        File accessVersionFile = this.clientHome.getAccessVersionFile();
        try {
            FileInputStream fileInputStream = new FileInputStream(accessVersionFile);
            Throwable th = null;
            try {
                try {
                    properties.load(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return AccessVersion.read(properties);
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            return null;
        } catch (IOException e2) {
            throw new RuntimeException(String.format("Error occurred while reading version file '%s'", accessVersionFile.getAbsolutePath()), e2);
        }
    }

    public void storeAccessClientVersion(@Nonnull AccessVersion accessVersion) {
        Properties properties = new Properties();
        accessVersion.write(properties);
        File accessVersionFile = this.clientHome.getAccessVersionFile();
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(accessVersionFile);
            Throwable th = null;
            try {
                try {
                    properties.store(fileOutputStream, "JFrog Access version properties file.");
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Could not write current version to " + accessVersionFile.getAbsolutePath(), e);
        }
    }

    public boolean isUsingBundledAccessServer() {
        return false;
    }

    public void revokeAdminToken() {
        synchronized (this.adminTokenValueLock) {
            try {
                java.nio.file.Files.deleteIfExists(this.clientHome.getServiceAdminTokenFile().toPath());
                this.adminTokenValue = null;
            } catch (IOException e) {
                throw new RuntimeException("Failed to revoke admin token of service '" + this.serviceId + "'", e);
            }
        }
    }

    private void saveCertificateToFile(@Nonnull Certificate certificate, @Nonnull File file) {
        try {
            PemHelper.saveCertificate(file, certificate);
        } catch (IOException e) {
            throw new RuntimeException("Failed to save certificate to PEM file.", e);
        }
    }

    @Nonnull
    private Certificate readCertificateFromFile(@Nonnull File file, @Nonnull String str) {
        if (!file.exists()) {
            throw new NoSuchElementException(str + " does not exist in the config store");
        }
        try {
            return PemHelper.readCertificate(file);
        } catch (IOException e) {
            throw new RuntimeException("Failed to read certificate from PEM file.", e);
        }
    }

    public void clearCache() {
        this.adminTokenValue = null;
        this.rootCertificate = null;
    }
}
