package org.opensearch.cloud.gce;

import com.google.api.client.googleapis.compute.ComputeCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.compute.Compute;
import com.google.api.services.compute.model.Instance;
import com.google.api.services.compute.model.InstanceList;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.opensearch.cloud.gce.util.Access;
import org.opensearch.common.settings.Setting;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.unit.TimeValue;
import org.opensearch.discovery.gce.RetryHttpInitializerWrapper;

/* loaded from: input_file:org/opensearch/cloud/gce/GceInstancesServiceImpl.class */
public class GceInstancesServiceImpl implements GceInstancesService {
    private static final Logger logger = LogManager.getLogger(GceInstancesServiceImpl.class);
    public static final Setting<Boolean> GCE_VALIDATE_CERTIFICATES = Setting.boolSetting("cloud.gce.validate_certificates", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> GCE_ROOT_URL = new Setting<>("cloud.gce.root_url", "https://www.googleapis.com", Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    private final Settings settings;
    private Compute client;
    private long lastRefresh;
    private HttpTransport gceHttpTransport;
    private JsonFactory gceJsonFactory;
    private final boolean validateCerts;
    private TimeValue refreshInterval = null;
    private final String project = resolveProject();
    private final List<String> zones = resolveZones();

    @Override // org.opensearch.cloud.gce.GceInstancesService
    public Collection<Instance> instances() {
        logger.debug("get instances for project [{}], zones [{}]", this.project, this.zones);
        List list = (List) this.zones.stream().map(str -> {
            try {
                InstanceList instanceList = (InstanceList) Access.doPrivilegedIOException(() -> {
                    return (InstanceList) client().instances().list(this.project, str).execute();
                });
                return (instanceList.isEmpty() || instanceList.getItems() == null) ? Collections.emptyList() : instanceList.getItems();
            } catch (IOException e) {
                logger.warn(() -> {
                    return new ParameterizedMessage("Problem fetching instance list for zone {}", str);
                }, e);
                logger.debug("Full exception:", e);
                return Collections.emptyList();
            }
        }).reduce(new ArrayList(), (list2, list3) -> {
            list2.addAll(list3);
            return list2;
        });
        if (list.isEmpty()) {
            logger.warn("disabling GCE discovery. Can not get list of nodes");
        }
        return list;
    }

    public GceInstancesServiceImpl(Settings settings) {
        this.settings = settings;
        this.validateCerts = ((Boolean) GCE_VALIDATE_CERTIFICATES.get(settings)).booleanValue();
    }

    private String resolveProject() {
        if (PROJECT_SETTING.exists(this.settings)) {
            return (String) PROJECT_SETTING.get(this.settings);
        }
        try {
            return getAppEngineValueFromMetadataServer("/computeMetadata/v1/project/project-id");
        } catch (Exception e) {
            logger.warn("unable to resolve project from metadata server for GCE discovery service", e);
            return null;
        }
    }

    private List<String> resolveZones() {
        if (ZONE_SETTING.exists(this.settings)) {
            return (List) ZONE_SETTING.get(this.settings);
        }
        try {
            return Collections.singletonList(getAppEngineValueFromMetadataServer("/computeMetadata/v1/project/attributes/google-compute-default-zone"));
        } catch (Exception e) {
            logger.warn("unable to resolve default zone from metadata server for GCE discovery service", e);
            return null;
        }
    }

    String getAppEngineValueFromMetadataServer(String str) throws GeneralSecurityException, IOException {
        String str2 = (String) GceMetadataService.GCE_HOST.get(this.settings);
        HttpRequest headers = getGceHttpTransport().createRequestFactory().buildGetRequest((GenericUrl) Access.doPrivileged(() -> {
            return new GenericUrl(str2 + str);
        })).setConnectTimeout(500).setReadTimeout(500).setHeaders(new HttpHeaders().set("Metadata-Flavor", "Google"));
        HttpResponse httpResponse = (HttpResponse) Access.doPrivilegedIOException(() -> {
            return headers.execute();
        });
        if (headerContainsMetadataFlavor(httpResponse)) {
            return httpResponse.parseAsString();
        }
        return null;
    }

    private static boolean headerContainsMetadataFlavor(HttpResponse httpResponse) {
        return "Google".equals(httpResponse.getHeaders().getFirstHeaderStringValue("Metadata-Flavor"));
    }

    protected synchronized HttpTransport getGceHttpTransport() throws GeneralSecurityException, IOException {
        if (this.gceHttpTransport == null) {
            if (this.validateCerts) {
                this.gceHttpTransport = GoogleNetHttpTransport.newTrustedTransport();
            } else {
                this.gceHttpTransport = new NetHttpTransport.Builder().doNotValidateCertificate().build();
            }
        }
        return this.gceHttpTransport;
    }

    public synchronized Compute client() {
        if (this.refreshInterval != null && this.refreshInterval.millis() != 0) {
            if (this.client != null && (this.refreshInterval.millis() < 0 || System.currentTimeMillis() - this.lastRefresh < this.refreshInterval.millis())) {
                if (logger.isTraceEnabled()) {
                    logger.trace("using cache to retrieve client");
                }
                return this.client;
            }
            this.lastRefresh = System.currentTimeMillis();
        }
        try {
            this.gceJsonFactory = new JacksonFactory();
            logger.info("starting GCE discovery service");
            ComputeCredential build = new ComputeCredential.Builder(getGceHttpTransport(), this.gceJsonFactory).setTokenServerEncodedUrl(((String) GceMetadataService.GCE_HOST.get(this.settings)) + "/computeMetadata/v1/instance/service-accounts/default/token").build();
            Objects.requireNonNull(build);
            Access.doPrivilegedIOException(build::refreshToken);
            logger.debug("token [{}] will expire in [{}] s", build.getAccessToken(), build.getExpiresInSeconds());
            if (build.getExpiresInSeconds() != null) {
                this.refreshInterval = TimeValue.timeValueSeconds(build.getExpiresInSeconds().longValue() - 1);
            }
            Compute.Builder rootUrl = new Compute.Builder(getGceHttpTransport(), this.gceJsonFactory, (HttpRequestInitializer) null).setApplicationName(GceInstancesService.VERSION).setRootUrl((String) GCE_ROOT_URL.get(this.settings));
            if (RETRY_SETTING.exists(this.settings)) {
                TimeValue timeValue = (TimeValue) MAX_WAIT_SETTING.get(this.settings);
                rootUrl.setHttpRequestInitializer(timeValue.getMillis() > 0 ? new RetryHttpInitializerWrapper(build, timeValue) : new RetryHttpInitializerWrapper(build));
            } else {
                rootUrl.setHttpRequestInitializer(build);
            }
            this.client = rootUrl.build();
            return this.client;
        } catch (Exception e) {
            logger.warn("unable to start GCE discovery service", e);
            throw new IllegalArgumentException("unable to start GCE discovery service", e);
        }
    }

    @Override // org.opensearch.cloud.gce.GceInstancesService
    public String projectId() {
        return this.project;
    }

    @Override // org.opensearch.cloud.gce.GceInstancesService
    public List<String> zones() {
        return this.zones;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.gceHttpTransport != null) {
            this.gceHttpTransport.shutdown();
        }
    }
}
