package com.google.cloud.hadoop.gcsio;

import com.google.cloud.hadoop.util.AccessBoundary;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.flogger.GoogleLogger;
import com.google.storage.v2.ComposeObjectRequest;
import com.google.storage.v2.DeleteObjectRequest;
import com.google.storage.v2.Object;
import com.google.storage.v2.ReadObjectRequest;
import com.google.storage.v2.StartResumableWriteRequest;
import com.google.storage.v2.WriteObjectRequest;
import io.grpc.CallOptions;
import io.grpc.Channel;
import io.grpc.ClientCall;
import io.grpc.ClientInterceptor;
import io.grpc.ForwardingClientCall;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/cloud/hadoop/gcsio/GoogleCloudStorageClientGrpcDownscopingInterceptor.class */
public class GoogleCloudStorageClientGrpcDownscopingInterceptor implements ClientInterceptor {

    @VisibleForTesting
    static final String GOOGLE_STORAGE_V_2_STORAGE_COMPOSE_OBJECT = "google.storage.v2.Storage/ComposeObject";

    @VisibleForTesting
    static final String GOOGLE_STORAGE_V_2_STORAGE_DELETE_OBJECT = "google.storage.v2.Storage/DeleteObject";

    @VisibleForTesting
    static final String GOOGLE_STORAGE_V_2_STORAGE_READ_OBJECT = "google.storage.v2.Storage/ReadObject";

    @VisibleForTesting
    static final String GOOGLE_STORAGE_V_2_STORAGE_START_RESUMABLE_WRITE = "google.storage.v2.Storage/StartResumableWrite";

    @VisibleForTesting
    static final String GOOGLE_STORAGE_V_2_STORAGE_WRITE_OBJECT = "google.storage.v2.Storage/WriteObject";
    private final Function<List<AccessBoundary>, String> downscopingFunction;
    private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();

    @VisibleForTesting
    private static final int BUCKET_PREFIX_LENGTH = FolderInfo.BUCKET_PREFIX.length();

    @VisibleForTesting
    static Metadata.Key<String> AUTH_KEY = Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);

    public GoogleCloudStorageClientGrpcDownscopingInterceptor(Function<List<AccessBoundary>, String> function) {
        this.downscopingFunction = function;
    }

    public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(final MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions callOptions, Channel channel) {
        logger.atFinest().log(String.format("interceptCall(): method=%s", methodDescriptor.getFullMethodName()));
        return new ForwardingClientCall.SimpleForwardingClientCall<ReqT, RespT>(channel.newCall(methodDescriptor, callOptions)) { // from class: com.google.cloud.hadoop.gcsio.GoogleCloudStorageClientGrpcDownscopingInterceptor.1
            private int flowControlRequests;
            private final String methodName;
            private Metadata headers;
            private ClientCall.Listener<RespT> responseListener;

            {
                this.methodName = methodDescriptor.getFullMethodName();
            }

            public void start(ClientCall.Listener<RespT> listener, Metadata metadata) {
                this.responseListener = listener;
                this.headers = metadata;
                GoogleCloudStorageClientGrpcDownscopingInterceptor.logger.atFinest().log("start(): method=%s", this.methodName);
            }

            public void request(int i) {
                if (this.headers != null) {
                    this.flowControlRequests += i;
                } else {
                    super.request(i);
                }
            }

            public void sendMessage(ReqT reqt) {
                if (this.headers != null) {
                    setAuthHeader(reqt);
                    super.start(this.responseListener, this.headers);
                    this.headers = null;
                    if (this.flowControlRequests != 0) {
                        super.request(this.flowControlRequests);
                        this.flowControlRequests = 0;
                    }
                }
                super.sendMessage(reqt);
            }

            private void setAuthHeader(ReqT reqt) {
                String downScopedToken;
                if (this.headers == null || (downScopedToken = getDownScopedToken(reqt)) == null) {
                    return;
                }
                GoogleCloudStorageClientGrpcDownscopingInterceptor.logger.atFinest().log("Setting down-scoped auth token");
                this.headers.put(GoogleCloudStorageClientGrpcDownscopingInterceptor.AUTH_KEY, "Bearer " + downScopedToken);
            }

            private String getDownScopedToken(ReqT reqt) {
                return getDownscopedToken(getAccessBoundaries(reqt));
            }

            private String getBucketName(String str) {
                return str.substring(GoogleCloudStorageClientGrpcDownscopingInterceptor.BUCKET_PREFIX_LENGTH);
            }

            private List<AccessBoundary> getAccessBoundaries(ReqT reqt) {
                if (GoogleCloudStorageClientGrpcDownscopingInterceptor.GOOGLE_STORAGE_V_2_STORAGE_READ_OBJECT.equals(this.methodName)) {
                    ReadObjectRequest readObjectRequest = (ReadObjectRequest) reqt;
                    return ImmutableList.of(AccessBoundary.create(getBucketName(readObjectRequest.getBucket()), readObjectRequest.getObject(), AccessBoundary.Action.READ_OBJECTS));
                }
                if (GoogleCloudStorageClientGrpcDownscopingInterceptor.GOOGLE_STORAGE_V_2_STORAGE_WRITE_OBJECT.equals(this.methodName)) {
                    Object resource = ((WriteObjectRequest) reqt).getWriteObjectSpec().getResource();
                    String bucket = resource.getBucket();
                    return (bucket == null || bucket.length() == 0) ? ImmutableList.of() : ImmutableList.of(AccessBoundary.create(getBucketName(bucket), resource.getName(), AccessBoundary.Action.WRITE_OBJECTS));
                }
                if (GoogleCloudStorageClientGrpcDownscopingInterceptor.GOOGLE_STORAGE_V_2_STORAGE_DELETE_OBJECT.equals(this.methodName)) {
                    DeleteObjectRequest deleteObjectRequest = (DeleteObjectRequest) reqt;
                    return ImmutableList.of(AccessBoundary.create(getBucketName(deleteObjectRequest.getBucket()), deleteObjectRequest.getObject(), AccessBoundary.Action.DELETE_OBJECTS));
                }
                if (GoogleCloudStorageClientGrpcDownscopingInterceptor.GOOGLE_STORAGE_V_2_STORAGE_START_RESUMABLE_WRITE.equals(this.methodName)) {
                    Object resource2 = ((StartResumableWriteRequest) reqt).getWriteObjectSpec().getResource();
                    return ImmutableList.of(AccessBoundary.create(getBucketName(resource2.getBucket()), resource2.getName(), AccessBoundary.Action.WRITE_OBJECTS));
                }
                if (!GoogleCloudStorageClientGrpcDownscopingInterceptor.GOOGLE_STORAGE_V_2_STORAGE_COMPOSE_OBJECT.equals(this.methodName)) {
                    GoogleCloudStorageClientGrpcDownscopingInterceptor.logger.atSevere().log("Unexpected method `%s`", this.methodName);
                    return ImmutableList.of();
                }
                ComposeObjectRequest composeObjectRequest = (ComposeObjectRequest) reqt;
                Object destination = composeObjectRequest.getDestination();
                List sourceObjectsList = composeObjectRequest.getSourceObjectsList();
                String bucketName = getBucketName(destination.getBucket());
                ArrayList arrayList = new ArrayList(sourceObjectsList.size() + 1);
                arrayList.add(AccessBoundary.create(bucketName, destination.getName(), AccessBoundary.Action.WRITE_OBJECTS));
                Iterator it = sourceObjectsList.iterator();
                while (it.hasNext()) {
                    arrayList.add(AccessBoundary.create(bucketName, ((ComposeObjectRequest.SourceObject) it.next()).getName(), AccessBoundary.Action.READ_OBJECTS));
                }
                return arrayList;
            }

            private String getDownscopedToken(List<AccessBoundary> list) {
                GoogleCloudStorageClientGrpcDownscopingInterceptor.logger.atFinest().log("Getting downscoped token for %s; method=%s", list, this.methodName);
                if (list.size() == 0) {
                    return null;
                }
                try {
                    return (String) GoogleCloudStorageClientGrpcDownscopingInterceptor.this.downscopingFunction.apply(list);
                } catch (Throwable th) {
                    GoogleCloudStorageClientGrpcDownscopingInterceptor.logger.atSevere().withCause(th).log("Getting down-scoped token failed. details=%s", th.getMessage());
                    throw th;
                }
            }
        };
    }
}
