package com.hazelcast.gcp;

import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.spi.exception.RestClientException;
import com.hazelcast.spi.utils.RetryUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/hazelcast/gcp/GcpClient.class */
class GcpClient {
    private static final int HTTP_UNAUTHORIZED = 401;
    private static final int HTTP_FORBIDDEN = 403;
    private static final int HTTP_NOT_FOUND = 404;
    private static final int RETRIES = 3;
    private boolean isKnownExceptionAlreadyLogged;
    private final GcpMetadataApi gcpMetadataApi;
    private final GcpComputeApi gcpComputeApi;
    private final GcpAuthenticator gcpAuthenticator;
    private final String privateKeyPath;
    private final List<String> projects;
    private final List<String> zones;
    private final Label label;
    private static final ILogger LOGGER = Logger.getLogger(GcpDiscoveryStrategy.class);
    private static final List<String> NON_RETRYABLE_KEYWORDS = Arrays.asList("Private key json file not found", "Request had insufficient authentication scopes", "Required 'compute.instances.list' permission", "Service account not enabled on this instance");

    /* JADX INFO: Access modifiers changed from: package-private */
    public GcpClient(GcpMetadataApi gcpMetadataApi, GcpComputeApi gcpComputeApi, GcpAuthenticator gcpAuthenticator, GcpConfig gcpConfig) {
        this.gcpMetadataApi = gcpMetadataApi;
        this.gcpComputeApi = gcpComputeApi;
        this.gcpAuthenticator = gcpAuthenticator;
        this.privateKeyPath = gcpConfig.getPrivateKeyPath();
        this.projects = projectFromConfigOrMetadataApi(gcpConfig);
        this.zones = zonesFromConfigOrComputeApi(gcpConfig);
        this.label = gcpConfig.getLabel();
    }

    private List<String> projectFromConfigOrMetadataApi(GcpConfig gcpConfig) {
        if (!gcpConfig.getProjects().isEmpty()) {
            return gcpConfig.getProjects();
        }
        LOGGER.finest("Property 'projects' not configured, fetching the current GCP project");
        GcpMetadataApi gcpMetadataApi = this.gcpMetadataApi;
        gcpMetadataApi.getClass();
        return Collections.singletonList(RetryUtils.retry(gcpMetadataApi::currentProject, 3, NON_RETRYABLE_KEYWORDS));
    }

    private List<String> zonesFromConfigOrComputeApi(GcpConfig gcpConfig) {
        try {
            if (gcpConfig.getRegion() != null) {
                LOGGER.finest("Property 'region' configured, fetching GCP zones of the specified GCP region");
                return (List) RetryUtils.retry(() -> {
                    return fetchZones(gcpConfig.getRegion());
                }, 3, NON_RETRYABLE_KEYWORDS);
            }
            if (!gcpConfig.getZones().isEmpty()) {
                return gcpConfig.getZones();
            }
            LOGGER.finest("Property 'zones' not configured, fetching GCP zones of the current GCP region");
            return (List) RetryUtils.retry(() -> {
                return fetchZones(this.gcpMetadataApi.currentRegion());
            }, 3, NON_RETRYABLE_KEYWORDS);
        } catch (RestClientException e) {
            handleKnownException(e);
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<GcpAddress> getAddresses() {
        try {
            return (List) RetryUtils.retry(this::fetchGcpAddresses, 3, NON_RETRYABLE_KEYWORDS);
        } catch (RestClientException e) {
            handleKnownException(e);
            return Collections.emptyList();
        }
    }

    private List<String> fetchZones(String str) {
        ArrayList arrayList = new ArrayList();
        String fetchAccessToken = fetchAccessToken();
        Iterator<String> it = this.projects.iterator();
        while (it.hasNext()) {
            arrayList.addAll(this.gcpComputeApi.zones(it.next(), str, fetchAccessToken));
        }
        return arrayList;
    }

    private List<GcpAddress> fetchGcpAddresses() {
        LOGGER.finest("Fetching OAuth Access Token");
        String fetchAccessToken = fetchAccessToken();
        ArrayList arrayList = new ArrayList();
        for (String str : this.projects) {
            for (String str2 : this.zones) {
                LOGGER.finest(String.format("Fetching instances for project '%s' and zone '%s'", str, str2));
                List<GcpAddress> instances = this.gcpComputeApi.instances(str, str2, this.label, fetchAccessToken);
                LOGGER.finest(String.format("Found the following instances for project '%s' and zone '%s': %s", str, str2, instances));
                arrayList.addAll(instances);
            }
        }
        return arrayList;
    }

    private String fetchAccessToken() {
        return this.privateKeyPath != null ? this.gcpAuthenticator.refreshAccessToken(this.privateKeyPath) : this.gcpMetadataApi.accessToken();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAvailabilityZone() {
        return this.gcpMetadataApi.currentZone();
    }

    private void handleKnownException(RestClientException restClientException) {
        if (restClientException.getHttpErrorCode() == HTTP_UNAUTHORIZED) {
            if (!this.isKnownExceptionAlreadyLogged) {
                LOGGER.warning("Google Cloud API Authorization failed! Check your credentials. Starting standalone.");
                this.isKnownExceptionAlreadyLogged = true;
            }
        } else if (restClientException.getHttpErrorCode() == HTTP_FORBIDDEN) {
            if (!this.isKnownExceptionAlreadyLogged) {
                LOGGER.warning("Google Cloud API access is forbidden! Starting standalone. To use Hazelcast GCP discovery, make sure that your service account has at minimum \"Read Only\" Access Scope to Compute Engine API.");
                this.isKnownExceptionAlreadyLogged = true;
            }
        } else {
            if (restClientException.getHttpErrorCode() != 404) {
                throw restClientException;
            }
            if (!this.isKnownExceptionAlreadyLogged) {
                LOGGER.warning("Google Cloud API Not Found! Starting standalone. Please check that you have a service account assigned to your VM instance or `private-key-path` property defined.");
                this.isKnownExceptionAlreadyLogged = true;
            }
        }
        LOGGER.finest(restClientException);
    }
}
