package org.apache.knox.gateway.services.token.impl;

import java.time.Instant;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.factory.AliasServiceFactory;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.impl.ZookeeperRemoteAliasService;
import org.apache.knox.gateway.services.security.token.TokenMetadata;
import org.apache.knox.gateway.services.token.RemoteTokenStateChangeListener;
import org.apache.knox.gateway.util.Tokens;

/* loaded from: input_file:org/apache/knox/gateway/services/token/impl/ZookeeperTokenStateService.class */
public class ZookeeperTokenStateService extends AliasBasedTokenStateService implements RemoteTokenStateChangeListener {
    private final GatewayServices gatewayServices;
    private final AliasServiceFactory aliasServiceFactory;

    public ZookeeperTokenStateService(GatewayServices gatewayServices) {
        this(gatewayServices, new AliasServiceFactory());
    }

    public ZookeeperTokenStateService(GatewayServices gatewayServices, AliasServiceFactory aliasServiceFactory) {
        this.gatewayServices = gatewayServices;
        this.aliasServiceFactory = aliasServiceFactory;
    }

    @Override // org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService, org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        ZookeeperRemoteAliasService create = this.aliasServiceFactory.create(this.gatewayServices, ServiceType.ALIAS_SERVICE, gatewayConfig, map, ZookeeperRemoteAliasService.class.getName());
        map.put(ZookeeperRemoteAliasService.OPTION_NAME_SHOULD_CREATE_TOKENS_SUB_NODE, "true");
        map.put(ZookeeperRemoteAliasService.OPTION_NAME_SHOULD_USE_LOCAL_ALIAS, "false");
        create.registerRemoteTokenStateChangeListener(this);
        create.init(gatewayConfig, map);
        super.setAliasService(create);
        super.init(gatewayConfig, map);
        map.remove(ZookeeperRemoteAliasService.OPTION_NAME_SHOULD_CREATE_TOKENS_SUB_NODE);
        map.remove(ZookeeperRemoteAliasService.OPTION_NAME_SHOULD_USE_LOCAL_ALIAS);
    }

    @Override // org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService
    protected void loadTokenAliasesFromPersistenceStore() {
    }

    @Override // org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService, org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    protected boolean readyForEviction() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService
    public char[] getPasswordUsingAliasService(String str) throws AliasServiceException {
        char[] passwordUsingAliasService = super.getPasswordUsingAliasService(str);
        if (passwordUsingAliasService == null) {
            passwordUsingAliasService = retry(str);
        }
        return passwordUsingAliasService;
    }

    private char[] retry(String str) throws AliasServiceException {
        char[] cArr = null;
        Instant plusSeconds = Instant.now().plusSeconds(this.statePersistenceInterval).plusSeconds(1L);
        while (cArr == null && plusSeconds.isAfter(Instant.now())) {
            try {
                TimeUnit.SECONDS.sleep(1L);
                log.retryZkFetchAlias(getDisplayableAliasText(str));
                cArr = super.getPasswordUsingAliasService(str);
            } catch (InterruptedException e) {
                log.failedRetryZkFetchAlias(getDisplayableAliasText(str), e.getMessage(), e);
            }
        }
        return cArr;
    }

    @Override // org.apache.knox.gateway.services.token.RemoteTokenStateChangeListener
    public void onChanged(String str, String str2) {
        processAlias(str, str2);
        log.onRemoteTokenStateChanged(getDisplayableAliasText(str));
    }

    @Override // org.apache.knox.gateway.services.token.RemoteTokenStateChangeListener
    public void onRemoved(String str) {
        removeTokensFromMemory(Collections.singleton(getTokenIdFromAlias(str)));
        log.onRemoteTokenStateRemoval(getDisplayableAliasText(str));
    }

    private void processAlias(String str, String str2) {
        if (ZookeeperRemoteAliasService.TOKENS_SUB_NODE_NAME.equals(str)) {
            return;
        }
        try {
            String tokenIdFromAlias = getTokenIdFromAlias(str);
            if (str.endsWith("--max")) {
                setMaxLifetime(tokenIdFromAlias, Long.parseLong(str2));
            } else if (str.endsWith("--meta")) {
                addMetadataInMemory(tokenIdFromAlias, TokenMetadata.fromJSON(str2));
            } else if (str.endsWith("--iss")) {
                setIssueTimeInMemory(tokenIdFromAlias, Long.parseLong(str2));
            } else {
                updateExpirationInMemory(tokenIdFromAlias, Long.parseLong(str2));
            }
        } catch (Throwable th) {
            log.errorWhileProcessingTokenAlias(getDisplayableAliasText(str), th.getMessage(), th);
        }
    }

    private String getTokenIdFromAlias(String str) {
        return str.contains("--") ? str.substring(0, str.indexOf("--")) : str;
    }

    private String getDisplayableAliasText(String str) {
        String tokenIdFromAlias = getTokenIdFromAlias(str);
        return Tokens.getTokenIDDisplayText(tokenIdFromAlias) + (str.length() > tokenIdFromAlias.length() ? str.substring(tokenIdFromAlias.length()) : "");
    }
}
