package org.artifactory.addon.docker.rest;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
import org.apache.commons.lang.StringUtils;
import org.artifactory.addon.AddonsManager;
import org.artifactory.addon.docker.DockerAddon;
import org.artifactory.api.context.ContextHelper;
import org.artifactory.common.ConstantValues;
import org.jfrog.client.http.auth.TokenProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/artifactory/addon/docker/rest/DockerRemoteTokenProvider.class */
public class DockerRemoteTokenProvider implements TokenProvider {
    private static final Logger log = LoggerFactory.getLogger(DockerRemoteTokenProvider.class);
    private LoadingCache<DockerTokenCacheKey, String> tokens;

    @PostConstruct
    public void initTokensCache() {
        this.tokens = CacheBuilder.newBuilder().initialCapacity(1000).expireAfterWrite(ConstantValues.dockerTokensCacheIdleTimeSecs.getLong(), TimeUnit.SECONDS).build(new CacheLoader<DockerTokenCacheKey, String>() { // from class: org.artifactory.addon.docker.rest.DockerRemoteTokenProvider.1
            public String load(@Nonnull DockerTokenCacheKey dockerTokenCacheKey) throws Exception {
                String fetchNewToken = DockerRemoteTokenProvider.this.fetchNewToken(dockerTokenCacheKey);
                if (StringUtils.isBlank(fetchNewToken)) {
                    throw new IllegalStateException("Can't fetch token for repo: " + dockerTokenCacheKey.getRepoKey() + " realm: " + dockerTokenCacheKey.getRealm() + " scope:" + dockerTokenCacheKey.getScope());
                }
                return fetchNewToken;
            }
        });
    }

    public String getToken(Map<String, String> map, String str, String str2, String str3) {
        try {
            populateParamsIfNeeded(map, str, str2);
            if (log.isDebugEnabled()) {
                log.trace("Getting token for {}", map);
            }
            return (String) this.tokens.get(new DockerTokenCacheKey(map, str3));
        } catch (ExecutionException e) {
            throw new RuntimeException("Could not get token from cache for " + map, e);
        }
    }

    private void populateParamsIfNeeded(Map<String, String> map, String str, String str2) {
        handleNoServiceParamInChallenge(map);
        handleNoScopeParamInChallenge(map, str, str2);
    }

    private void handleNoServiceParamInChallenge(Map<String, String> map) {
        if (map.containsKey("service")) {
            return;
        }
        String str = map.get("realm");
        if (StringUtils.isNotBlank(str) && str.startsWith("http")) {
            try {
                map.put("service", new URL(str).getHost());
            } catch (MalformedURLException e) {
                log.error("Realm of token cannot be parsed due to: " + e.getMessage(), e);
            }
        }
    }

    private void handleNoScopeParamInChallenge(Map<String, String> map, String str, String str2) {
        if (map.containsKey("scope")) {
            return;
        }
        if (str2.startsWith("/v2/")) {
            handleV2(map, str, str2);
        } else if (log.isWarnEnabled()) {
            log.warn("Docker Bearer challenge has no scope and URI does not starts with /v2 but '{}'", str2);
        }
    }

    private void handleV2(Map<String, String> map, String str, String str2) {
        StringBuilder sb = new StringBuilder("repository:");
        String[] split = str2.split("/");
        if (split.length >= 3) {
            sb.append(split[2]);
        }
        if (split.length > 3) {
            sb.append("/");
            sb.append(split[3]);
        }
        sb.append(":");
        String appendActionToScope = appendActionToScope(str, sb);
        if (appendActionToScope != null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Docker Bearer challenge new scope set to '%s'", appendActionToScope));
            }
            map.put("scope", appendActionToScope);
        }
    }

    private String appendActionToScope(String str, StringBuilder sb) {
        String str2 = null;
        if ("GET".equalsIgnoreCase(str)) {
            sb.append("pull");
            str2 = sb.toString();
        } else if ("PUT".equalsIgnoreCase(str)) {
            sb.append("push");
            str2 = sb.toString();
        } else if (log.isWarnEnabled()) {
            log.warn("Docker Bearer challenge has no scope and method is not GET or PUT '{}'", str);
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String fetchNewToken(DockerTokenCacheKey dockerTokenCacheKey) {
        log.trace("Fetching new token for '{}'", dockerTokenCacheKey);
        return ((DockerAddon) ((AddonsManager) ContextHelper.get().beanForType(AddonsManager.class)).addonByType(DockerAddon.class)).fetchDockerAuthToken(dockerTokenCacheKey);
    }
}
