package com.adobe.cq.assetcompute.impl.bulkimport.gcp;

import com.adobe.cq.assetcompute.api.bulkimport.AbstractImportService;
import com.adobe.cq.assetcompute.api.bulkimport.ImportAsset;
import com.adobe.cq.assetcompute.api.bulkimport.ImportConfig;
import com.adobe.cq.assetcompute.api.bulkimport.ImportService;
import com.adobe.cq.assetcompute.api.bulkimport.PagedImportResult;
import com.adobe.cq.assetcompute.impl.bulkimport.gcp.auth.GenerateV4GetObjectSignedUrl;
import com.adobe.cq.assetcompute.impl.bulkimport.gcp.auth.ServiceAccountCredential;
import com.adobe.cq.assetcompute.impl.bulkimport.gcp.auth.SignHelper;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.commons.json.JSONArray;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.mime.MimeTypeService;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ImportService.class}, immediate = true)
/* loaded from: input_file:com/adobe/cq/assetcompute/impl/bulkimport/gcp/GcpImportService.class */
public class GcpImportService extends AbstractImportService {
    private static final Logger LOG = LoggerFactory.getLogger(GcpImportService.class);
    public static final String SOURCE_TYPE = "GcpStorage";
    public static final String SOURCE_TYPE_DESCRIPTION = "Google Cloud Storage";
    public static final String GCP_TOKEN_NODE = "gcp-token";
    private static final int DEFAULT_MAX_LIMIT = 1000;
    private static final int CONNECT_TIMEOUT = 30000;
    private static final int SOCKET_TIMEOUT = 30000;
    private static final String CONFIG_PROPERTY_GCP_BUCKET = "gcpBucket";
    private static final String CONFIG_PROPERTY_GCP_CLIENT_EMAIL = "gcpClientEmail";
    private static final String CONFIG_PROPERTY_GCP_PRIVATE_KEY = "gcpPrivateKey";
    private CloseableHttpClient httpClient;
    private RequestConfig config;

    @Reference
    private CryptoSupport cryptoSupport;

    @Reference
    private MimeTypeService mimeTypeService;

    @Activate
    protected void activate() {
        LOG.info("Activating {}", getClass().getName());
        this.httpClient = getHttpClient();
        this.config = RequestConfig.custom().setConnectTimeout(30000).setConnectionRequestTimeout(30000).setSocketTimeout(30000).build();
    }

    @Deactivate
    protected void deactivate() {
        LOG.info("Deactivating {}", getClass().getName());
        try {
            this.httpClient.close();
        } catch (IOException e) {
            LOG.warn("Error closing HTTPClient", e);
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public String getSourceType() {
        return SOURCE_TYPE;
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public PagedImportResult getPagedImportAssetsResult(ResourceResolver resourceResolver, String str, String str2, int i) {
        PagedImportResult pagedImportResult = new PagedImportResult();
        if (i <= 0 || i > 1000) {
            i = 1000;
        }
        GcpImportConfig gcpImportConfig = (GcpImportConfig) resolveImportConfig(resourceResolver, str);
        if (StringUtils.isEmpty(str2)) {
            cleanupToken(resourceResolver, gcpImportConfig);
        }
        try {
            try {
                pagedImportResult = resolveListObjectResult(getObjectList(gcpImportConfig, str2, i, getAccessToken(resourceResolver, gcpImportConfig)), gcpImportConfig, resourceResolver);
                pagedImportResult.setCurrentPosition(str2);
                if (!pagedImportResult.isFailed()) {
                    LOG.info("Resolved {} assets for importing", Integer.valueOf(pagedImportResult.getImportSourceAssetList().size()));
                }
            } catch (Exception e) {
                pagedImportResult.setFailed(true);
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_GENERIC);
                LOG.error("Failure to get blob list for import asset", e);
            }
            return pagedImportResult;
        } catch (IOException | JSONException | GeneralSecurityException e2) {
            LOG.error("Failed to get gcp access token while list object", e2);
            pagedImportResult.setFailed(true);
            pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_GCP_CREDENTIAL);
            return pagedImportResult;
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public ImportConfig resolveImportConfig(ResourceResolver resourceResolver, String str) {
        GcpImportConfig gcpImportConfig = new GcpImportConfig(resolveBaseImportConfig(resourceResolver, str));
        Resource resource = resourceResolver.getResource(str + "/jcr:content");
        if (resource == null) {
            return null;
        }
        ValueMap valueMap = resource.getValueMap();
        if (!valueMap.containsKey(CONFIG_PROPERTY_GCP_BUCKET) || !valueMap.containsKey(CONFIG_PROPERTY_GCP_CLIENT_EMAIL) || !valueMap.containsKey(CONFIG_PROPERTY_GCP_PRIVATE_KEY)) {
            LOG.error("The gcpBucket, gcpClientEmail and gcpPrivateKey are required");
            return null;
        }
        gcpImportConfig.setBucket((String) valueMap.get(CONFIG_PROPERTY_GCP_BUCKET));
        gcpImportConfig.setClientEmail((String) valueMap.get(CONFIG_PROPERTY_GCP_CLIENT_EMAIL));
        try {
            gcpImportConfig.setPrivateKey(this.cryptoSupport.unprotect((String) valueMap.get(CONFIG_PROPERTY_GCP_PRIVATE_KEY)));
            return gcpImportConfig;
        } catch (Exception e) {
            LOG.error("Failure to resolve gcp bulk import config", e);
            return null;
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public void saveImportConfig(ResourceResolver resourceResolver, String str, Map<String, Object> map) {
        try {
            sanitizeInputFormData(map);
            updateGcpSecrets(map);
            ResourceUtil.getOrCreateResource(resourceResolver, str + "/jcr:content", map, "nt:unstructured", false);
            resourceResolver.commit();
        } catch (CryptoException | PersistenceException e) {
            LOG.error("Failed to persist gcp bulImportConfig {} : {}", str, e);
            throw new RuntimeException("Failed to persist gcp bulkImportConfig ", e);
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public void updateImportConfig(ResourceResolver resourceResolver, String str, Map<String, Object> map) throws CryptoException, PersistenceException {
        ModifiableValueMap existingImportConfig = getExistingImportConfig(resourceResolver, str, map);
        if (existingImportConfig == null) {
            throw new IllegalArgumentException("No properties found for configPath: " + str);
        }
        updateGcpSecrets(existingImportConfig);
        resourceResolver.commit();
    }

    private void updateGcpSecrets(Map<String, Object> map) throws CryptoException {
        String str = (String) map.get(CONFIG_PROPERTY_GCP_PRIVATE_KEY);
        String str2 = str;
        if (!this.cryptoSupport.isProtected(str)) {
            str2 = this.cryptoSupport.protect(str);
        }
        map.put(CONFIG_PROPERTY_GCP_PRIVATE_KEY, str2);
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public String getDownloadUrl(ImportConfig importConfig, ImportAsset importAsset) {
        GcpImportConfig gcpImportConfig = (GcpImportConfig) importConfig;
        return new GenerateV4GetObjectSignedUrl().signUrl(gcpImportConfig.getBucket(), importAsset.getObjectId(), gcpImportConfig.getClientEmail(), gcpImportConfig.getPrivateKey()).toString();
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public boolean deleteSource(ResourceResolver resourceResolver, ImportConfig importConfig, ImportAsset importAsset) {
        GcpImportConfig gcpImportConfig = (GcpImportConfig) importConfig;
        String Rfc3986UriEncode = SignHelper.Rfc3986UriEncode(gcpImportConfig.getBucket(), true);
        String Rfc3986UriEncode2 = SignHelper.Rfc3986UriEncode(importAsset.getObjectId(), true);
        LOG.debug("Start to delete object '{}' from GCP bucket '{}'", Rfc3986UriEncode2, Rfc3986UriEncode);
        String str = "https://storage.googleapis.com/storage/v1/b/" + Rfc3986UriEncode + "/o/" + Rfc3986UriEncode2;
        HttpDelete httpDelete = new HttpDelete(str);
        httpDelete.setConfig(this.config);
        try {
            httpDelete.setHeader("Authorization", "Bearer " + getAccessToken(resourceResolver, gcpImportConfig));
            try {
                CloseableHttpResponse execute = this.httpClient.execute(httpDelete);
                try {
                    int statusCode = execute.getStatusLine().getStatusCode();
                    EntityUtils.consumeQuietly(execute.getEntity());
                    if (statusCode == 204) {
                        LOG.info("Succeeded to delete object '{}' from GCP bucket '{}', url '{}'", new Object[]{Rfc3986UriEncode2, Rfc3986UriEncode, str});
                        if (execute != null) {
                            execute.close();
                        }
                        return true;
                    }
                    LOG.error("Failed to delete object '{}' from GCP bucket '{}', code '{}', url '{}'", new Object[]{Rfc3986UriEncode2, Rfc3986UriEncode, Integer.valueOf(statusCode), str});
                    if (execute != null) {
                        execute.close();
                    }
                    return false;
                } finally {
                }
            } catch (Exception e) {
                LOG.error("Failed to make request for delete object '{}'", Rfc3986UriEncode2, e);
                return false;
            }
        } catch (IOException | GeneralSecurityException | JSONException e2) {
            LOG.error("Failed to generate gcp access token while delete '{}'", importAsset.getObjectId(), e2);
            return false;
        }
    }

    private PagedImportResult resolveListObjectResult(String str, GcpImportConfig gcpImportConfig, ResourceResolver resourceResolver) throws Exception {
        PagedImportResult pagedImportResult = new PagedImportResult();
        JSONObject jSONObject = new JSONObject(str);
        if (jSONObject.has("error")) {
            LOG.error("Error response from GCP get blob list request: '{}'", str);
            pagedImportResult.setFailed(true);
            if (jSONObject.getJSONObject("error").getInt("code") == 404) {
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_GCP_BUCKET);
            } else {
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_GENERIC);
            }
            return pagedImportResult;
        }
        ArrayList arrayList = new ArrayList();
        if (jSONObject.has("items")) {
            JSONArray jSONArray = jSONObject.getJSONArray("items");
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                String string = jSONObject2.getString("name");
                long parseLong = Long.parseLong(jSONObject2.getString("size"));
                if (parseLong == 0) {
                    LOG.debug("Could not resolve asset for object '{}' as size is 0, it's maybe a folder", string);
                } else {
                    arrayList.add(new ImportAsset(string, parseLong, "", String.join("/", gcpImportConfig.getTargetFolder(), getSanitizedAssetPath(gcpImportConfig.getSourceFolder(), string, gcpImportConfig.getTargetFolder(), gcpImportConfig.getUseLowerCaseFolder(), gcpImportConfig.getFolderNameRegex(), resourceResolver)), this.mimeTypeService.getMimeType(string)));
                }
            }
        }
        pagedImportResult.setImportSourceAssetList(arrayList);
        if (jSONObject.has("nextPageToken")) {
            pagedImportResult.setNextPosition(jSONObject.getString("nextPageToken"));
        }
        return pagedImportResult;
    }

    private String getObjectList(GcpImportConfig gcpImportConfig, String str, int i, String str2) throws IOException {
        String str3 = (("https://storage.googleapis.com/storage/v1/b/" + SignHelper.Rfc3986UriEncode(gcpImportConfig.getBucket(), true) + "/o?") + "maxResults=" + i) + "&pageToken=" + str;
        if (StringUtils.isNotEmpty(gcpImportConfig.getSourceFolder())) {
            str3 = str3 + "&prefix=" + SignHelper.Rfc3986UriEncode(gcpImportConfig.getSourceFolder(), true);
        }
        HttpGet httpGet = new HttpGet(str3);
        httpGet.setConfig(this.config);
        httpGet.setHeader("Authorization", "Bearer " + str2);
        try {
            CloseableHttpResponse execute = this.httpClient.execute(httpGet);
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
                EntityUtils.consumeQuietly(execute.getEntity());
                LOG.debug("GCP get object list response: {} from url '{}'", entityUtils, str3);
                if (execute != null) {
                    execute.close();
                }
                return entityUtils;
            } finally {
            }
        } catch (IOException e) {
            LOG.error("Failed to make rest API call for getting object list", e);
            throw e;
        }
    }

    @NotNull
    private String getAccessToken(ResourceResolver resourceResolver, GcpImportConfig gcpImportConfig) throws IOException, GeneralSecurityException, JSONException {
        Resource resource = resourceResolver.getResource(gcpImportConfig.getPath() + "/jcr:content/gcp-token");
        ValueMap valueMap = resource == null ? null : resource.getValueMap();
        if (valueMap != null) {
            try {
                String unprotect = this.cryptoSupport.unprotect((String) valueMap.get("token", ""));
                long longValue = ((Long) valueMap.get("expiresAt")).longValue();
                long epochSecond = Instant.now().getEpochSecond();
                if (StringUtils.isNotEmpty(unprotect) && epochSecond < longValue) {
                    LOG.debug("Found a valid token that isn't expired yet, use it");
                    return unprotect;
                }
                LOG.debug("No valid cached token, token: {}, expiresAt: {}, now: {}", new Object[]{unprotect, Long.valueOf(longValue), Long.valueOf(epochSecond)});
            } catch (CryptoException e) {
                LOG.warn("Failed to decrypt stored token", e);
            }
        }
        LOG.info("No valid cached token found, start to trade access token");
        return tradeStoreAccessToken(resourceResolver, gcpImportConfig);
    }

    @NotNull
    private String tradeStoreAccessToken(ResourceResolver resourceResolver, GcpImportConfig gcpImportConfig) throws GeneralSecurityException, JSONException, IOException {
        String generateAssertion = new ServiceAccountCredential(gcpImportConfig.getClientEmail(), gcpImportConfig.getPrivateKey()).generateAssertion();
        HttpPost httpPost = new HttpPost(ServiceAccountCredential.TOKEN_SERVER_URI);
        httpPost.setConfig(this.config);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", ServiceAccountCredential.GRANT_TYPE));
        arrayList.add(new BasicNameValuePair("assertion", generateAssertion));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
        CloseableHttpResponse execute = this.httpClient.execute(httpPost);
        try {
            String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
            int statusCode = execute.getStatusLine().getStatusCode();
            EntityUtils.consumeQuietly(execute.getEntity());
            LOG.debug("Trade GCP access token response: '{}' with status '{}'", entityUtils, Integer.valueOf(statusCode));
            if (statusCode == 200) {
                JSONObject jSONObject = new JSONObject(entityUtils);
                if (jSONObject.has("access_token")) {
                    String string = jSONObject.getString("access_token");
                    long j = jSONObject.getLong("expires_in");
                    long epochSecond = Instant.now().getEpochSecond();
                    long j2 = (epochSecond + j) - 60;
                    LOG.info("Persist gcp access token, expiresInSeconds: {}, expiresAt: {}, now: {}", new Object[]{Long.valueOf(j), Long.valueOf(j2), Long.valueOf(epochSecond)});
                    persistToken(resourceResolver, gcpImportConfig, string, j2);
                    if (execute != null) {
                        execute.close();
                    }
                    return string;
                }
            }
            LOG.error("Failed to trade access token with status '{}' and response: '{}'", Integer.valueOf(statusCode), entityUtils);
            throw new LoginException("Failed to trade access token with response");
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void persistToken(ResourceResolver resourceResolver, GcpImportConfig gcpImportConfig, String str, long j) {
        Resource resource = resourceResolver.getResource(gcpImportConfig.getPath() + "/jcr:content");
        if (resource != null) {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("token", this.cryptoSupport.protect(str));
                hashMap.put("expiresAt", Long.valueOf(j));
                resourceResolver.create(resource, GCP_TOKEN_NODE, hashMap);
                resourceResolver.commit();
            } catch (CryptoException | PersistenceException e) {
                LOG.warn("Failed to persist gcp access token", e);
            }
        }
    }

    private void cleanupToken(ResourceResolver resourceResolver, GcpImportConfig gcpImportConfig) {
        Resource resource = resourceResolver.getResource(gcpImportConfig.getPath() + "/jcr:content/gcp-token");
        if (resource != null) {
            LOG.info("Clean up gcp token '{}'", resource.getPath());
            try {
                resourceResolver.delete(resource);
                resourceResolver.commit();
            } catch (PersistenceException e) {
                LOG.warn("Failed to clean up gcp access token", e);
            }
        }
    }
}
