package com.cisco.argento.transport;

import com.cisco.argento.core.ArgentoPicoContainer;
import com.cisco.argento.management.AgentPolicy;
import com.cisco.mtagent.tenant.MTAgentTenantAPI;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Date;
import java.util.concurrent.atomic.AtomicBoolean;
import lombok.Generated;

/* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/transport/AuthUtilities.class */
public class AuthUtilities {
    private final MTAgentTenantAPI mtAgentTenantAPI;
    private static final String USERNAME_ARG = "USERNAME";
    private static final String PASSWORD_ARG = "PASSWORD";
    private static final String TOKEN_ARG = "TOKEN";
    private AuthServiceResponse currentAuthServiceResponse;
    private boolean wasRefresh;
    private static final long REFRESH_TIME_PADDING = 120000;
    private static final long MINUTE_MS = 60000;
    public static final long UT_FAILURE_MODE_WAIT_TIME_MS = 3000;
    private long requests;
    private long refreshRequests;
    private long errors;
    private long refreshErrors;
    private String lastError;
    private long tokenExpirationTime;
    private long tokenExpirationTimeInFailureMode;
    private long failureModeFailures;
    private boolean inFailureMode;
    private boolean hadSuccess;
    private boolean forceNetworkForUT;
    static final String AUTH_SERVICE_PURPOSE = "Authentication";
    private final String originalInitialPostParams = "password=PASSWORD&username=USERNAME&grant_type=password";
    private final String refreshPostParams = "refresh_token=TOKEN&grant_type=refresh_token";
    String initialPostParams = null;
    private final AtomicBoolean currentTokenStatus = new AtomicBoolean(true);
    private boolean isEnabledOrDisabledForTesting = true;

    public AuthUtilities(MTAgentTenantAPI mTAgentTenantAPI) {
        this.mtAgentTenantAPI = mTAgentTenantAPI;
    }

    public boolean verifyOrGetAValidToken() {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.requests == 0) {
            initPostParamsLogin();
        } else if (!this.hadSuccess && isFailureModeFailure(currentTimeMillis)) {
            return false;
        }
        if (currentTimeMillis >= this.tokenExpirationTime || !this.currentTokenStatus.get()) {
            _getValidTokenForExpiredOrBadToken();
            this.currentTokenStatus.set(this.currentAuthServiceResponse != null);
            this.tokenExpirationTime = calculateTokenExpiration();
        }
        return this.currentAuthServiceResponse != null;
    }

    private void setFailureModeWaitDuration(long j) {
        if (this.mtAgentTenantAPI.isUnitTesting()) {
            this.tokenExpirationTimeInFailureMode = j + UT_FAILURE_MODE_WAIT_TIME_MS;
        } else {
            this.tokenExpirationTimeInFailureMode = j + (this.errors * MINUTE_MS * AgentPolicy.getPolicy().getAuthServiceFailureModeFactor());
        }
    }

    public String setEnabledForTest(boolean z) {
        this.isEnabledOrDisabledForTesting = z;
        if (!z) {
            clearAuthServiceToken();
        } else if (this.currentAuthServiceResponse == null) {
            _getValidTokenForExpiredOrBadToken();
        }
        return "Auth Service Testing now setting the service to " + z;
    }

    private boolean isFailureModeFailure(long j) {
        if (this.errors < AgentPolicy.getPolicy().getAuthServiceFailureModeCount()) {
            return false;
        }
        if (!this.inFailureMode) {
            this.mtAgentTenantAPI.logWarning("We have now entered failure mode with the Auth Service...");
            setFailureModeWaitDuration(j);
        }
        this.inFailureMode = true;
        if (j < this.tokenExpirationTimeInFailureMode) {
            this.failureModeFailures++;
            return true;
        }
        setFailureModeWaitDuration(j);
        return false;
    }

    public void initPostParamsLogin() {
        if (AgentPolicy.getPolicy().getAuthServiceUser() == null) {
            throw new IllegalArgumentException("The Auth Service username is null...");
        }
        if (AgentPolicy.getPolicy().getAuthServicePassword() == null) {
            throw new IllegalArgumentException("The Auth Service password is null...");
        }
        initPostParamsLogin(AgentPolicy.getPolicy().getAuthServiceUser(), AgentPolicy.getPolicy().getAuthServicePassword());
    }

    private void initPostParamsLogin(String str, String str2) {
        this.initialPostParams = "password=PASSWORD&username=USERNAME&grant_type=password".replace(USERNAME_ARG, str).replace(PASSWORD_ARG, str2);
    }

    private long calculateTokenExpiration() {
        return System.currentTimeMillis() + (this.currentAuthServiceResponse != null ? (this.currentAuthServiceResponse.expires_in * 1000) - REFRESH_TIME_PADDING : 0L);
    }

    private void _getValidTokenForExpiredOrBadToken() {
        StringBuilder sb = new StringBuilder();
        this.currentAuthServiceResponse = sendAuthServiceRequestForToken(sb, this.forceNetworkForUT);
        if (this.requests == 1) {
            if (this.currentAuthServiceResponse == null) {
                this.mtAgentTenantAPI.log("Initial Auth Service Response, error: " + ((Object) sb));
            } else {
                this.mtAgentTenantAPI.log("Initial Auth Service Response, have a valid token: " + (this.mtAgentTenantAPI.isAllowDetailedLogging() ? getCurrentAccessToken() : this.mtAgentTenantAPI.getMaskReplacement(getCurrentAccessToken())));
            }
        }
        if (sb.length() > 0) {
            this.lastError = sb.toString();
            if (this.currentTokenStatus.get()) {
                this.mtAgentTenantAPI.logError("Error with the Auth Service query: " + ((Object) sb));
                return;
            }
            return;
        }
        if (this.currentTokenStatus.get()) {
            return;
        }
        if (isInFailureMode()) {
            this.inFailureMode = false;
        }
        this.mtAgentTenantAPI.log("Auth Service query is now working...");
    }

    public AuthServiceResponse sendAuthServiceRequestForToken(StringBuilder sb, boolean z) {
        byte[] bytes;
        sb.setLength(0);
        this.requests++;
        this.wasRefresh = this.currentAuthServiceResponse != null;
        if (this.wasRefresh) {
            this.refreshRequests++;
            bytes = "refresh_token=TOKEN&grant_type=refresh_token".replace(TOKEN_ARG, this.currentAuthServiceResponse.refresh_token).getBytes();
        } else {
            bytes = this.initialPostParams.getBytes();
        }
        byte[] genericHTTPRequest = ((NetworkUtilities) ArgentoPicoContainer.getInstance(NetworkUtilities.class)).genericHTTPRequest(false, true, z, AgentPolicy.getPolicy().getAuthServiceURL(), AUTH_SERVICE_PURPOSE, "POST", "application/x-www-form-urlencoded; charset=utf-8", bytes, sb);
        if (!this.isEnabledOrDisabledForTesting) {
            sb.setLength(0);
            sb.append("This is a Test Error to check Agent Response to Auth Service issues...");
        }
        if (sb.length() > 0) {
            this.errors++;
            if (!this.wasRefresh) {
                return null;
            }
            this.refreshErrors++;
            return null;
        }
        AuthServiceResponse authServiceResponse = null;
        try {
            authServiceResponse = (AuthServiceResponse) new ObjectMapper().readValue(new String(genericHTTPRequest), AuthServiceResponse.class);
            this.currentAuthServiceResponse = authServiceResponse;
            this.hadSuccess = true;
        } catch (Exception e) {
            sb.append(e.toString());
        }
        return authServiceResponse;
    }

    public void clearAuthServiceToken() {
        this.currentAuthServiceResponse = null;
        this.currentTokenStatus.set(false);
    }

    public boolean wasRefresh() {
        return this.wasRefresh;
    }

    public void setForceNetworkForUT(boolean z) {
        this.forceNetworkForUT = z;
    }

    public void resetForUT() {
        this.currentTokenStatus.set(false);
        clearAuthServiceToken();
        this.requests = 0L;
        this.errors = 0L;
        this.refreshRequests = 0L;
        this.refreshErrors = 0L;
        this.inFailureMode = false;
        this.hadSuccess = false;
        this.tokenExpirationTimeInFailureMode = 0L;
    }

    public String getStats() {
        StringBuilder sb = new StringBuilder();
        sb.append("<br>Enabled: " + AgentPolicy.getPolicy().isManagementServerIsAuthService());
        sb.append("<br>Service URL: " + AgentPolicy.getPolicy().getAuthServiceURL());
        sb.append("<br>Current Token: " + getCurrentAccessToken());
        sb.append("<br>Refresh Token: " + getCurrentRefreshToken());
        sb.append("<br>Token Expiration: " + getTokenExpiration());
        sb.append("<br>Next Update: " + new Date(this.tokenExpirationTime).toString());
        sb.append("<br>Requests: " + this.requests);
        sb.append("<br>Refresh Requests: " + this.refreshRequests);
        sb.append("<br>Errors: " + this.errors);
        sb.append("<br>Refresh Errors: " + this.refreshErrors);
        sb.append("<br>Last Errors: " + this.lastError);
        sb.append("<br>In Failure Mode: " + this.inFailureMode);
        sb.append("<br>Failure Mode Errors: " + this.failureModeFailures);
        sb.append("<br>Failure Mode Wait Time: " + new Date(this.tokenExpirationTimeInFailureMode).toString());
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCurrentAccessToken() {
        if (this.currentAuthServiceResponse != null) {
            return this.currentAuthServiceResponse.access_token;
        }
        return null;
    }

    String getCurrentRefreshToken() {
        if (this.currentAuthServiceResponse != null) {
            return this.currentAuthServiceResponse.refresh_token;
        }
        return null;
    }

    long getTokenExpiration() {
        return (this.currentAuthServiceResponse != null ? Long.valueOf(this.currentAuthServiceResponse.expires_in) : null).longValue();
    }

    public String showStatus() {
        return isWorking() ? "Have Valid Token" : "Is Broken";
    }

    public boolean isWorking() {
        return this.currentTokenStatus.get();
    }

    @Generated
    public boolean isWasRefresh() {
        return this.wasRefresh;
    }

    @Generated
    public long getRequests() {
        return this.requests;
    }

    @Generated
    public long getErrors() {
        return this.errors;
    }

    @Generated
    public String getLastError() {
        return this.lastError;
    }

    @Generated
    public long getFailureModeFailures() {
        return this.failureModeFailures;
    }

    @Generated
    public boolean isInFailureMode() {
        return this.inFailureMode;
    }

    @Generated
    public boolean isHadSuccess() {
        return this.hadSuccess;
    }
}
