package org.embulk.output;

import com.google.api.client.auth.oauth2.TokenResponseException;
import com.google.api.client.googleapis.json.GoogleJsonResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.apache.ApacheHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.SecurityUtils;
import com.google.auth.oauth2.ComputeEngineCredentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.cloud.http.HttpTransportOptions;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageException;
import com.google.cloud.storage.StorageOptions;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.Optional;
import java.util.function.Function;
import org.embulk.config.ConfigException;
import org.embulk.util.config.units.LocalFile;
import org.embulk.util.retryhelper.RetryExecutor;
import org.embulk.util.retryhelper.RetryGiveupException;
import org.embulk.util.retryhelper.Retryable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/embulk/output/GcsAuthentication.class */
public class GcsAuthentication {
    private final Optional<String> serviceAccountEmail;
    private final Optional<String> p12KeyFilePath;
    private final Optional<String> jsonKeyFilePath;
    private final String applicationName;
    private final GoogleCredentials credentials;
    private PluginTask task;
    private final Logger log = LoggerFactory.getLogger(GcsAuthentication.class);
    private final HttpTransport httpTransport = new ApacheHttpTransport.Builder().build();
    private final JacksonFactory jsonFactory = new JacksonFactory();

    public GcsAuthentication(PluginTask pluginTask) throws IOException, GeneralSecurityException {
        this.task = pluginTask;
        this.serviceAccountEmail = pluginTask.getServiceAccountEmail();
        this.p12KeyFilePath = pluginTask.getP12Keyfile().map(localFileToPathString());
        this.jsonKeyFilePath = pluginTask.getJsonKeyfile().map(localFileToPathString());
        this.applicationName = pluginTask.getApplicationName();
        if (pluginTask.getAuthMethod() == AuthMethod.compute_engine) {
            this.credentials = getComputeCredential();
        } else if (pluginTask.getAuthMethod() == AuthMethod.json_key) {
            this.credentials = getServiceAccountCredentialFromJsonFile();
        } else {
            this.credentials = getServiceAccountCredential();
        }
    }

    private GoogleCredentials getServiceAccountCredential() throws IOException, GeneralSecurityException {
        return new ServiceAccountCredentials((String) null, this.serviceAccountEmail.get(), SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(), new FileInputStream(new File(this.p12KeyFilePath.get())), this.task.getStorePass(), "privatekey", this.task.getKeyPass()), (String) null, Collections.singleton("https://www.googleapis.com/auth/devstorage.read_write"), () -> {
            return this.httpTransport;
        }, (URI) null);
    }

    private GoogleCredentials getServiceAccountCredentialFromJsonFile() throws IOException {
        return GoogleCredentials.fromStream(new FileInputStream(this.jsonKeyFilePath.get())).createScoped(Collections.singleton("https://www.googleapis.com/auth/devstorage.read_write"));
    }

    private GoogleCredentials getComputeCredential() throws IOException {
        ComputeEngineCredentials computeEngineCredentials = new ComputeEngineCredentials(() -> {
            return this.httpTransport;
        });
        computeEngineCredentials.refreshAccessToken();
        return computeEngineCredentials;
    }

    public Storage getGcsClient() throws ConfigException, IOException {
        try {
            return (Storage) RetryExecutor.builder().withRetryLimit(this.task.getMaxConnectionRetry()).withInitialRetryWaitMillis(this.task.getInitialRetryIntervalMillis()).withMaxRetryWaitMillis(this.task.getMaximumRetryIntervalMillis()).build().runInterruptible(new Retryable<Storage>() { // from class: org.embulk.output.GcsAuthentication.1
                /* renamed from: call, reason: merged with bridge method [inline-methods] */
                public Storage m1call() throws IOException, RetryGiveupException {
                    Storage service = StorageOptions.newBuilder().setCredentials(GcsAuthentication.this.credentials).setTransportOptions(HttpTransportOptions.newBuilder().setConnectTimeout(30000).setReadTimeout(30000).build()).build().getService();
                    service.list(GcsAuthentication.this.task.getBucket(), new Storage.BlobListOption[]{Storage.BlobListOption.pageSize(1L)}).hasNextPage();
                    return service;
                }

                public boolean isRetryableException(Exception exc) {
                    int statusCode;
                    if (!(exc instanceof GoogleJsonResponseException) && !(exc instanceof TokenResponseException) && !(exc instanceof StorageException)) {
                        return true;
                    }
                    if (!(exc instanceof GoogleJsonResponseException)) {
                        statusCode = exc instanceof TokenResponseException ? ((TokenResponseException) exc).getStatusCode() : ((StorageException) exc).getCode();
                    } else {
                        if (((GoogleJsonResponseException) exc).getDetails() == null) {
                            GcsAuthentication.this.log.warn("Invalid response was returned : {}", ((GoogleJsonResponseException) exc).getContent() != null ? ((GoogleJsonResponseException) exc).getContent() : "");
                            return true;
                        }
                        statusCode = ((GoogleJsonResponseException) exc).getDetails().getCode();
                    }
                    return statusCode / 100 != 4;
                }

                public void onRetry(Exception exc, int i, int i2, int i3) throws RetryGiveupException {
                    String format = String.format("GCS GET request failed. Retrying %d/%d after %d seconds. Message: %s: %s", Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(i3 / 1000), exc.getClass(), exc.getMessage());
                    if (i % 3 == 0) {
                        GcsAuthentication.this.log.warn(format, exc);
                    } else {
                        GcsAuthentication.this.log.warn(format);
                    }
                }

                public void onGiveup(Exception exc, Exception exc2) throws RetryGiveupException {
                }
            });
        } catch (RetryGiveupException e) {
            if ((e.getCause() instanceof GoogleJsonResponseException) || (e.getCause() instanceof TokenResponseException) || (e.getCause() instanceof StorageException)) {
                int i = 0;
                if (!(e.getCause() instanceof GoogleJsonResponseException)) {
                    i = e.getCause() instanceof TokenResponseException ? e.getCause().getStatusCode() : e.getCause().getCode();
                } else if (e.getCause().getDetails() != null) {
                    i = e.getCause().getDetails().getCode();
                }
                if (i / 100 == 4) {
                    throw new ConfigException(e);
                }
            }
            throw new RuntimeException((Throwable) e);
        } catch (InterruptedException e2) {
            throw new InterruptedIOException();
        }
    }

    private Function<LocalFile, String> localFileToPathString() {
        return localFile -> {
            return localFile.getPath().toString();
        };
    }
}
