package com.amazonaws.xray.utils;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

@Deprecated
/* loaded from: input_file:com/amazonaws/xray/utils/ContainerInsightsUtil.class */
public class ContainerInsightsUtil {
    private static final String K8S_CRED_FOLDER = "/var/run/secrets/kubernetes.io/serviceaccount";
    private static final String K8S_CRED_TOKEN_SUFFIX = "token";
    private static final String K8S_CRED_CERT_SUFFIX = "ca.crt";
    private static final String K8S_URL = "https://kubernetes.default.svc";
    private static final String CI_CONFIGMAP_PATH = "/api/v1/namespaces/amazon-cloudwatch/configmaps/cluster-info";
    private static final String AUTH_HEADER_NAME = "Authorization";
    private static final int HTTP_TIMEOUT = 5;
    private static final Log logger = LogFactory.getLog(ContainerInsightsUtil.class);

    public static String getClusterName() {
        if (!isK8s()) {
            return null;
        }
        CloseableHttpClient httpClient = getHttpClient();
        HttpGet httpGet = new HttpGet("https://kubernetes.default.svc/api/v1/namespaces/amazon-cloudwatch/configmaps/cluster-info");
        if (getK8sCredentialHeader() != null) {
            httpGet.setHeader(AUTH_HEADER_NAME, getK8sCredentialHeader());
        }
        try {
            CloseableHttpResponse execute = httpClient.execute(httpGet);
            try {
                try {
                    String asText = new ObjectMapper().readTree(EntityUtils.toString(execute.getEntity())).at("/data/cluster.name").asText();
                    if (logger.isDebugEnabled()) {
                        logger.debug("Container Insights Cluster Name: " + asText);
                    }
                    return asText;
                } catch (IOException e) {
                    logger.error("Error parsing response from Kubernetes", e);
                    execute.close();
                    httpClient.close();
                    return null;
                }
            } finally {
                execute.close();
            }
        } catch (IOException e2) {
            logger.error("Error querying for Container Insights ConfigMap", e2);
            return null;
        }
    }

    private static CloseableHttpClient getHttpClient() {
        KeyStore k8sKeystore = getK8sKeystore();
        if (k8sKeystore != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(k8sKeystore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers != null) {
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagers, new SecureRandom());
                    return HttpClients.custom().setSSLContext(sSLContext).build();
                }
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                logger.debug("Unable to create HTTP client with K8s CA certs, using default trust store.", e);
            }
        }
        return HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(5000).setConnectionRequestTimeout(5000).setSocketTimeout(5000).build()).build();
    }

    private static KeyStore getK8sKeystore() {
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = null;
                File file = Paths.get(K8S_CRED_FOLDER, K8S_CRED_CERT_SUFFIX).toFile();
                if (file.exists()) {
                    keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    fileInputStream = new FileInputStream(file);
                    Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
                    if (generateCertificates.isEmpty()) {
                        throw new IllegalArgumentException("K8s cert file contained no certificates.");
                    }
                    Iterator<? extends Certificate> it = generateCertificates.iterator();
                    while (it.hasNext()) {
                        keyStore.setCertificateEntry("k8sca", it.next());
                    }
                } else {
                    logger.debug("K8s CA Cert file does not exists.");
                }
                KeyStore keyStore2 = keyStore;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        logger.error("Can't close K8s CA certificate file.", e);
                    }
                }
                return keyStore2;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                logger.warn("Unable to load K8s CA certificate.", e2);
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        logger.error("Can't close K8s CA certificate file.", e3);
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    logger.error("Can't close K8s CA certificate file.", e4);
                }
            }
            throw th;
        }
    }

    private static String getK8sCredentialHeader() {
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(Paths.get(K8S_CRED_FOLDER, K8S_CRED_TOKEN_SUFFIX).toFile()), StandardCharsets.UTF_8));
                String format = String.format("Bearer %s", bufferedReader.readLine());
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        logger.error("Can't close K8s credential file.", e);
                    }
                }
                return format;
            } catch (IOException e2) {
                logger.warn("Unable to read K8s credential file.", e2);
                if (bufferedReader == null) {
                    return null;
                }
                try {
                    bufferedReader.close();
                    return null;
                } catch (IOException e3) {
                    logger.error("Can't close K8s credential file.", e3);
                    return null;
                }
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                    logger.error("Can't close K8s credential file.", e4);
                }
            }
            throw th;
        }
    }

    public static boolean isK8s() {
        return Paths.get(K8S_CRED_FOLDER, K8S_CRED_TOKEN_SUFFIX).toFile().exists();
    }
}
