package com.adobe.cq.cdn.rewriter.impl;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.oauth.jwt.JwsBuilderFactory;
import com.day.cq.rewriter.linkchecker.Link;
import com.day.cq.rewriter.linkchecker.LinkCheckerSettings;
import com.day.cq.rewriter.pipeline.OptingRequestRewriter;
import java.net.URI;
import java.net.URISyntaxException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceMetadata;
import org.apache.sling.api.resource.ResourceUtil;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.Attributes;

@Service({OptingRequestRewriter.class})
@Component(metatype = true, immediate = true, label = "CDNRewriter", description = "Rewriter for asset and clientlib URLS")
/* loaded from: input_file:com/adobe/cq/cdn/rewriter/impl/CDNRewriter.class */
public class CDNRewriter extends AbstractCDNRewriter implements OptingRequestRewriter {
    static final String CDN_SIGN_PARAM = "cdn_sign";
    static final String JWS_SUBJECT = "url";
    static final String PATH_CLAIM = "path";
    static final String LAST_MODIFIED_CLAIM = "lastModified";
    private static final Logger log = LoggerFactory.getLogger(CDNRewriter.class);
    private static final int configSaveRetryCount = 5;
    private static final String CONFIG_ROOT = "/var/cdn/config/";

    @Reference
    private JwsBuilderFactory jwsBuilderFactory;
    private SeedTimeGenerator seedTimeGenerator = new SeedTimeGenerator();

    /* loaded from: input_file:com/adobe/cq/cdn/rewriter/impl/CDNRewriter$SeedTimeGenerator.class */
    private class SeedTimeGenerator {
        private static final String PROP_SEED_TIME = "seedTime";
        private long seedTime;

        private SeedTimeGenerator() {
            this.seedTime = -1L;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public long getOrGenerateSeedTime(int i) throws RepositoryException {
            Session loginService = CDNRewriter.this.repository.loginService("cdn-service", (String) null);
            try {
                long j = this.seedTime + CDNRewriter.this.cdnTTL;
                int i2 = 0;
                while (true) {
                    if (i != -1 && i2 >= i) {
                        break;
                    }
                    boolean z = false;
                    Node orCreateByPath = JcrUtils.getOrCreateByPath(loginService.getNode(CDNRewriter.CONFIG_ROOT), CDNRewriter.class.getCanonicalName(), false, "nt:unstructured", "nt:unstructured", false);
                    long j2 = -1;
                    if (j < CDNRewriter.this.getCurrentTime() + (CDNRewriter.this.cdnTTL / 2)) {
                        if (orCreateByPath.hasProperty(PROP_SEED_TIME)) {
                            j2 = orCreateByPath.getProperty(PROP_SEED_TIME).getLong();
                            this.seedTime = j2;
                            j = this.seedTime + CDNRewriter.this.cdnTTL;
                        }
                        if (j < CDNRewriter.this.getCurrentTime() + (CDNRewriter.this.cdnTTL / 2)) {
                            this.seedTime = CDNRewriter.this.getCurrentTime();
                        }
                    }
                    if (j2 != this.seedTime) {
                        z = true;
                        try {
                            orCreateByPath.setProperty(PROP_SEED_TIME, this.seedTime);
                            loginService.save();
                            z = false;
                        } catch (RepositoryException e) {
                            loginService.refresh(false);
                            CDNRewriter.log.debug("Could not save generated key. Will retry for {} times. ", i == -1 ? "infinite" : "" + (i - 1));
                            if (i2 == i - 1) {
                                throw new RepositoryException("Could not save generated key", e);
                            }
                        }
                    }
                    if (!z) {
                        break;
                    }
                    i2++;
                }
                long j3 = this.seedTime;
                loginService.logout();
                return j3;
            } catch (Throwable th) {
                loginService.logout();
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    @Activate
    public void activate(ComponentContext componentContext) throws RepositoryException {
        super.activate(componentContext);
        this.seedTimeGenerator.getOrGenerateSeedTime(configSaveRetryCount);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public long getCurrentTime() {
        return System.currentTimeMillis() / 1000;
    }

    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    public boolean acceptsInternal(String str, Attributes attributes, LinkCheckerSettings linkCheckerSettings) {
        return checkImageURL(str, attributes) || checkClientlibURL(str, attributes);
    }

    @Override // com.adobe.cq.cdn.rewriter.impl.AbstractCDNRewriter
    public String rewriteLinkInternal(Link link, LinkCheckerSettings linkCheckerSettings) {
        try {
            URI uri = link.getUri();
            String replace = uri.getPath().replace(linkCheckerSettings.getContextPath(), "");
            Resource resolve = linkCheckerSettings.getResourceResolver().resolve(replace);
            if (resolve == null || ResourceUtil.isNonExistingResource(resolve)) {
                return null;
            }
            log.debug("Rewriting URL");
            ResourceMetadata resourceMetadata = resolve.getResourceMetadata();
            long modificationTime = resourceMetadata.getModificationTime();
            if (modificationTime == -1) {
                modificationTime = resourceMetadata.getCreationTime();
            }
            long orGenerateSeedTime = this.seedTimeGenerator.getOrGenerateSeedTime(configSaveRetryCount);
            String aSCIIString = new URI(this.protocol, this.distributionDomain, replace, (uri.getQuery() == null ? "" : uri.getQuery() + "&") + CDN_SIGN_PARAM + "=" + this.jwsBuilderFactory.getInstance("HS256").setSubject(JWS_SUBJECT).setCustomClaimsSetField(PATH_CLAIM, replace).setCustomClaimsSetField(LAST_MODIFIED_CLAIM, Long.valueOf(modificationTime)).setExpiresIn(this.cdnTTL).setIssuedAt(orGenerateSeedTime).build(), null).toASCIIString();
            log.debug("Rewritten URL:" + aSCIIString);
            log.debug("Rewritten URL valid till" + orGenerateSeedTime + this.cdnTTL);
            return aSCIIString;
        } catch (RepositoryException e) {
            log.error("Could not create signature ", e);
            return null;
        } catch (CryptoException e2) {
            log.error("Could not create signature ", e2);
            return null;
        } catch (URISyntaxException e3) {
            log.error("Invalid syntax of url {} ", link.getHref(), e3);
            return null;
        }
    }

    protected void bindJwsBuilderFactory(JwsBuilderFactory jwsBuilderFactory) {
        this.jwsBuilderFactory = jwsBuilderFactory;
    }

    protected void unbindJwsBuilderFactory(JwsBuilderFactory jwsBuilderFactory) {
        if (this.jwsBuilderFactory == jwsBuilderFactory) {
            this.jwsBuilderFactory = null;
        }
    }
}
