package net.snowflake.ingest.connection;

import java.security.KeyPair;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import net.snowflake.ingest.internal.slf4j.Logger;
import net.snowflake.ingest.internal.slf4j.LoggerFactory;
import net.snowflake.ingest.utils.Cryptor;
import net.snowflake.ingest.utils.ThreadFactoryUtil;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/snowflake/ingest/connection/SecurityManager.class */
public final class SecurityManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SecurityManager.class);
    private static final float LIFETIME = 59.0f;
    private static final int RENEWAL_INTERVAL = 54;
    private transient KeyPair keyPair;
    private String account;
    private String publicKeyFingerPrint;
    private String user;
    private AtomicReference<String> token;
    private AtomicBoolean regenFailed;
    final ThreadFactory tf;
    private final ScheduledExecutorService keyRenewer;

    SecurityManager(String str, String str2, KeyPair keyPair, int i, TimeUnit timeUnit) {
        this.tf = ThreadFactoryUtil.poolThreadFactory(getClass().getSimpleName(), true);
        this.keyRenewer = Executors.newScheduledThreadPool(1, this.tf);
        if (str == null || str2 == null || keyPair == null) {
            throw new IllegalArgumentException();
        }
        this.account = str.toUpperCase();
        this.user = str2.toUpperCase();
        this.token = new AtomicReference<>();
        this.regenFailed = new AtomicBoolean();
        this.keyPair = keyPair;
        regenerateToken();
        this.keyRenewer.scheduleAtFixedRate(this::regenerateToken, i, i, timeUnit);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityManager(String str, String str2, KeyPair keyPair) {
        this(str, str2, keyPair, RENEWAL_INTERVAL, TimeUnit.MINUTES);
    }

    private void regenerateToken() {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setSubject(this.account + "." + this.user);
        LOGGER.info("Creating Token with subject {}.{}", this.account, this.user);
        String calculatePublicKeyFp = calculatePublicKeyFp(this.keyPair);
        jwtClaims.setIssuer(this.account + "." + this.user + '.' + calculatePublicKeyFp);
        LOGGER.info("Creating Token with issuer {}.{}.{}", this.account, this.user, calculatePublicKeyFp);
        jwtClaims.setExpirationTimeMinutesInTheFuture(LIFETIME);
        jwtClaims.setIssuedAtToNow();
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        LOGGER.info("Claims JSON is {}", jwtClaims.toJson());
        jsonWebSignature.setKey(this.keyPair.getPrivate());
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        try {
            String compactSerialization = jsonWebSignature.getCompactSerialization();
            LOGGER.info("Created new JWT  - {}", compactSerialization);
            this.token.set(compactSerialization);
        } catch (Exception e) {
            this.regenFailed.set(true);
            LOGGER.error("Failed to regenerate token! Exception is as follows : {}", e.getMessage());
            throw new SecurityException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getToken() {
        if (!this.regenFailed.get()) {
            return this.token.get();
        }
        LOGGER.error("getToken request failed due to token regeneration failure");
        throw new SecurityException();
    }

    private String calculatePublicKeyFp(KeyPair keyPair) {
        this.publicKeyFingerPrint = String.format("SHA256:%s", Cryptor.sha256HashBase64(keyPair.getPublic().getEncoded()));
        return this.publicKeyFingerPrint;
    }

    String getPublicKeyFingerPrint() {
        return this.publicKeyFingerPrint;
    }
}
