package design.aem.transport;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.akamai.edgegrid.signer.ClientCredential;
import com.akamai.edgegrid.signer.apachehttpclient.ApacheHttpClientEdgeGridInterceptor;
import com.akamai.edgegrid.signer.apachehttpclient.ApacheHttpClientEdgeGridRoutePlanner;
import com.day.cq.replication.AgentConfig;
import com.day.cq.replication.ReplicationActionType;
import com.day.cq.replication.ReplicationException;
import com.day.cq.replication.ReplicationLog;
import com.day.cq.replication.ReplicationResult;
import com.day.cq.replication.ReplicationTransaction;
import com.day.cq.replication.TransportContext;
import com.day.cq.replication.TransportHandler;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.lang3.StringUtils;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.sling.api.resource.ValueMap;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.propertytypes.ServiceDescription;
import org.osgi.service.component.propertytypes.ServiceRanking;
import org.osgi.service.component.propertytypes.ServiceVendor;

@ServiceRanking(1001)
@Component(immediate = true, service = {TransportHandler.class}, property = {"label=Akamai Replication Agent"})
@Service
@ServiceDescription("Akamai Replication Agent for clearing cache after publish event.")
@ServiceVendor("AEM.Design")
/* loaded from: input_file:design/aem/transport/AkamaiTransportHandler.class */
public class AkamaiTransportHandler implements TransportHandler {
    public static final String AKAMAI_PROTOCOL = "akamai:///";
    public static final String HTTPS = "https";
    public static final String COLON = ":";
    public static final String SEMICOLON = ";";
    public static final String TIME_STAMP_FORMAT = "yyyyMMdd'T'HH:mm:ss+0000";
    public static final String EG_1_HMAC_SHA_256 = "EG1-HMAC-SHA256";
    private static ReplicationLog currentReplicationLog = null;
    private static AgentConfig agentConfig = null;

    @Reference
    private CryptoSupport cryptoSupport;

    public static void logReplicationEventInfoStatement(String str) {
        logReplicationEvent(ReplicationLog.Level.INFO, str);
    }

    public static boolean logReplicationEvent(Enum r3, String str) {
        if (null == currentReplicationLog) {
            return false;
        }
        if (r3 == ReplicationLog.Level.INFO) {
            currentReplicationLog.info(str);
            return true;
        }
        if (r3 == ReplicationLog.Level.ERROR) {
            currentReplicationLog.error(str);
            return true;
        }
        if (r3 != ReplicationLog.Level.WARN) {
            return true;
        }
        currentReplicationLog.warn(str);
        return true;
    }

    private static String read(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Please provide a valid input stream");
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    private static String getTimeStamp(Date date) {
        return new SimpleDateFormat(TIME_STAMP_FORMAT).format(date);
    }

    public boolean canHandle(AgentConfig agentConfig2) {
        if (!agentConfig2.getTransportURI().toLowerCase().startsWith(AKAMAI_PROTOCOL)) {
            return false;
        }
        agentConfig = agentConfig2;
        return true;
    }

    public ReplicationResult deliver(TransportContext transportContext, ReplicationTransaction replicationTransaction) throws ReplicationException {
        currentReplicationLog = replicationTransaction.getLog();
        ReplicationActionType type = replicationTransaction.getAction().getType();
        if (type == ReplicationActionType.TEST || type == ReplicationActionType.ACTIVATE || type == ReplicationActionType.DEACTIVATE) {
            return handleRequest(replicationTransaction);
        }
        throw new ReplicationException("Replication action type " + type + " not supported.");
    }

    private ReplicationResult handleRequest(ReplicationTransaction replicationTransaction) throws ReplicationException {
        if (agentConfig != null) {
            ValueMap properties = agentConfig.getProperties();
            String str = (String) properties.get("domain", "");
            String str2 = (String) properties.get("baseurl", "");
            String str3 = (String) properties.get("purgeurlpath", "");
            String str4 = (String) properties.get("token", "");
            String str5 = (String) properties.get("accesstoken", "");
            String str6 = (String) properties.get("secret", "");
            String str7 = (String) properties.get("protocol", "https");
            String str8 = (String) properties.get("additionaltrimpath", "");
            String[] strArr = (String[]) properties.get("excludepaths", new String[0]);
            if (!StringUtils.isNotEmpty(str7) || !StringUtils.isNotEmpty(str2) || !StringUtils.isNotEmpty(str3)) {
                logReplicationEventInfoStatement("Replication failed, agent config is incomplete.");
                return new ReplicationResult(false, 0, "Replication failed, agent config is incomplete.");
            }
            HttpPost httpPost = new HttpPost(MessageFormat.format("{0}://{1}{2}", str7, str2, str3));
            httpPost.setEntity(createPostBody(replicationTransaction, str, str7, str8, strArr));
            ReplicationActionType type = replicationTransaction.getAction().getType();
            if (type == ReplicationActionType.TEST) {
                logReplicationEventInfoStatement("AKAMAI CACHE PURGE TEST: " + type);
            } else if (type == ReplicationActionType.ACTIVATE || type == ReplicationActionType.DEACTIVATE) {
                logReplicationEventInfoStatement("AKAMAI CACHE PURGE REQUEST: " + type);
            } else {
                logReplicationEventInfoStatement("AKAMAI CACHE REQUEST: " + type);
            }
            HttpResponse sendRequest = sendRequest(httpPost, str2, str3, str4, str5, str6, str7);
            if (sendRequest != null) {
                int statusCode = sendRequest.getStatusLine().getStatusCode();
                logReplicationEventInfoStatement("Response from Akamai " + sendRequest.toString());
                logReplicationEventInfoStatement("StatusCode returned from Akamai " + statusCode);
                if (statusCode == 201) {
                    logReplicationEventInfoStatement("Akamai accepted the purge request");
                    return ReplicationResult.OK;
                }
            }
        }
        return new ReplicationResult(false, 0, "Replication failed, agent does not have any config.");
    }

    private StringEntity createPostBody(ReplicationTransaction replicationTransaction, String str, String str2, String str3, String[] strArr) throws ReplicationException {
        JsonArray pathsList = getPathsList(replicationTransaction, str, str2, str3, strArr);
        JsonObject jsonObject = new JsonObject();
        if (pathsList.size() > 0) {
            jsonObject.add("objects", pathsList);
        } else {
            logReplicationEventInfoStatement("No paths to purge");
        }
        return new StringEntity(jsonObject.toString(), "ISO-8859-1");
    }

    private JsonArray getPathsList(ReplicationTransaction replicationTransaction, String str, String str2, String str3, String[] strArr) throws ReplicationException {
        JsonArray jsonArray = new JsonArray();
        if (!StringUtils.isNotEmpty(str) || !StringUtils.isNotEmpty(str2)) {
            throw new ReplicationException("Could not compile payload need to specify domain and protocol");
        }
        String[] paths = replicationTransaction.getAction().getPaths();
        try {
            List list = (List) Arrays.stream(strArr).collect(Collectors.toList());
            for (String str4 : paths) {
                Stream stream = list.stream();
                str4.getClass();
                if (((List) stream.filter(str4::startsWith).collect(Collectors.toList())).isEmpty()) {
                    jsonArray.add(MessageFormat.format("{0}://{1}{2}", str2, str, str4));
                    if (StringUtils.isNotEmpty(str3) && str4.contains(str3)) {
                        jsonArray.add(MessageFormat.format("{0}://{1}{2}", str2, str, str4.substring(str4.indexOf(str3) + str3.length())));
                    }
                }
                if (jsonArray.size() == 0) {
                    jsonArray.add(MessageFormat.format("{0}://{1}{2}", str2, str, ""));
                }
            }
            logReplicationEventInfoStatement("Requesting Akamai cache purge for the urls: " + jsonArray);
            return jsonArray;
        } catch (Exception e) {
            throw new ReplicationException("Could not retrieve content from content builder", e);
        }
    }

    private HttpResponse sendRequest(HttpPost httpPost, String str, String str2, String str3, String str4, String str5, String str6) throws ReplicationException {
        if (str == null || str2 == null || str3 == null || str4 == null || str5 == null || str6 == null || httpPost == null) {
            return null;
        }
        String str7 = null;
        try {
            str7 = read(httpPost.getEntity().getContent());
        } catch (IOException e) {
            logReplicationEventInfoStatement("IOException occurred while reading the tmp file created bu Akamai Content builder " + e);
        }
        try {
            String unprotect = this.cryptoSupport.isProtected(str3) ? this.cryptoSupport.unprotect(str3) : str3;
            try {
                String unprotect2 = this.cryptoSupport.isProtected(str4) ? this.cryptoSupport.unprotect(str4) : str4;
                try {
                    String unprotect3 = this.cryptoSupport.isProtected(str5) ? this.cryptoSupport.unprotect(str5) : str5;
                    String generateAuthHeader = generateAuthHeader(unprotect, unprotect2);
                    httpPost.setHeader("Authorization", generateAuthHeader + "signature=" + crypto(StringUtils.join(getDataToSign(httpPost, generateAuthHeader, crypto(str7, unprotect3), str, str2, str6), "\t"), unprotect3));
                    httpPost.setHeader("Content-Type", ContentType.APPLICATION_JSON.getMimeType());
                    try {
                        return HttpClientBuilder.create().addInterceptorFirst(new ApacheHttpClientEdgeGridInterceptor(getClientCredential(unprotect2, unprotect, unprotect3, str))).setRoutePlanner(new ApacheHttpClientEdgeGridRoutePlanner(getClientCredential(unprotect2, unprotect, unprotect3, str))).setConnectionTimeToLive(1000L, TimeUnit.MILLISECONDS).build().execute(httpPost);
                    } catch (IOException e2) {
                        throw new ReplicationException("Could not send replication request.", e2);
                    }
                } catch (CryptoException e3) {
                    throw new ReplicationException("Could not unprotect secret.", e3);
                }
            } catch (CryptoException e4) {
                throw new ReplicationException("Could not unprotect accesstoken.", e4);
            }
        } catch (CryptoException e5) {
            throw new ReplicationException("Could not unprotect token.", e5);
        }
    }

    private String generateAuthHeader(String str, String str2) {
        return ((("EG1-HMAC-SHA256 client_token=" + str + SEMICOLON) + "access_token=" + str2 + SEMICOLON) + "timestamp=" + getTimeStamp(new Date()) + SEMICOLON) + "nonce=" + UUID.randomUUID() + SEMICOLON;
    }

    private ClientCredential getClientCredential(String str, String str2, String str3, String str4) {
        return ClientCredential.builder().accessToken(str).clientToken(str2).clientSecret(str3).host(str4).build();
    }

    private String crypto(String str, String str2) {
        String hashHMACSHA256 = hashHMACSHA256(str2, str);
        return StringUtils.isNotBlank(hashHMACSHA256) ? Base64.getEncoder().encodeToString(hashHMACSHA256.getBytes()) : "";
    }

    private String hashHMACSHA256(String str, String str2) {
        try {
            Mac mac = Mac.getInstance(HmacAlgorithms.HMAC_SHA_256.getName());
            mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), HmacAlgorithms.HMAC_SHA_256.getName()));
            return new String(Hex.encodeHex(mac.doFinal(str2.getBytes(StandardCharsets.UTF_8))));
        } catch (InvalidKeyException e) {
            logReplicationEventInfoStatement("InvalidKeyException occurred while encrypting the keys " + e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            logReplicationEventInfoStatement("NoSuchAlgorithmException occurred while encrypting the keys " + e2);
            return "";
        }
    }

    private <T extends HttpRequestBase> List<String> getDataToSign(T t, String str, String str2, String str3, String str4, String str5) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(t.getMethod());
        arrayList.add(str5 + COLON);
        arrayList.add(str3);
        arrayList.add(str4);
        arrayList.add(str2);
        arrayList.add(str);
        return arrayList;
    }
}
