package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.github.benmanes.caffeine.cache.Cache;
import com.google.common.base.Functions;
import com.sap.cloud.sdk.cloudplatform.cache.CacheKey;
import com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceV1Response;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.security.principal.exception.PrincipalAccessException;
import com.sap.cloud.sdk.cloudplatform.tenant.exception.TenantAccessException;
import io.vavr.control.Try;
import java.time.LocalDateTime;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.locks.ReentrantLock;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/GetOrComputeSingleDestinationCommand.class */
class GetOrComputeSingleDestinationCommand {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(GetOrComputeSingleDestinationCommand.class);
    private static final long EXPIRATION_BUFFER_TIME = 10;

    @Nonnull
    private final String destinationName;

    @Nonnull
    private final CacheKey cacheKey;

    @Nullable
    private final CacheKey additionalKeyWithTenantAndPrincipal;

    @Nonnull
    private final ReentrantLock isolationLock;

    @Nonnull
    private final Cache<CacheKey, Destination> destinationCache;

    @Nonnull
    private final Supplier<Destination> destinationSupplier;

    @Nonnull
    private final DestinationServiceTokenExchangeStrategy exchangeStrategy;

    @Nullable
    private final GetOrComputeAllDestinationsCommand getAllCommand;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Try<GetOrComputeSingleDestinationCommand> prepareCommand(@Nonnull String str, @Nonnull DestinationOptions destinationOptions, @Nonnull Cache<CacheKey, Destination> cache, @Nonnull Cache<CacheKey, ReentrantLock> cache2, @Nonnull BiFunction<String, DestinationOptions, Destination> biFunction, @Nullable GetOrComputeAllDestinationsCommand getOrComputeAllDestinationsCommand) {
        CacheKey ofTenantAndPrincipalIsolation;
        Supplier supplier = () -> {
            return (Destination) biFunction.apply(str, destinationOptions);
        };
        DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy = (DestinationServiceTokenExchangeStrategy) DestinationServiceOptionsAugmenter.getTokenExchangeStrategy(destinationOptions).getOrElse(DestinationServiceTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE);
        CacheKey cacheKey = null;
        if (destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY) {
            try {
                ofTenantAndPrincipalIsolation = CacheKey.ofTenantAndPrincipalIsolation();
            } catch (TenantAccessException | PrincipalAccessException e) {
                return Try.failure(new DestinationAccessException("Failed to determine tenant/principal information required for destination token exchange strategy " + DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY, e));
            }
        } else {
            ofTenantAndPrincipalIsolation = CacheKey.ofTenantOptionalIsolation();
            if (destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE || destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.FORWARD_USER_TOKEN) {
                cacheKey = CacheKey.ofTenantAndPrincipalOptionalIsolation().append(new Object[]{str, destinationOptions});
            }
        }
        ofTenantAndPrincipalIsolation.append(new Object[]{str, destinationOptions});
        return Try.success(new GetOrComputeSingleDestinationCommand(str, ofTenantAndPrincipalIsolation, cacheKey, (ReentrantLock) Objects.requireNonNull((ReentrantLock) cache2.get(ofTenantAndPrincipalIsolation, cacheKey2 -> {
            return new ReentrantLock();
        })), cache, supplier, destinationServiceTokenExchangeStrategy, getOrComputeAllDestinationsCommand));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Try<Destination> execute() {
        Destination cachedDestination = getCachedDestination();
        if (cachedDestination != null) {
            return Try.success(cachedDestination);
        }
        try {
            this.isolationLock.lock();
            Destination cachedDestination2 = getCachedDestination();
            if (cachedDestination2 != null) {
                Try<Destination> success = Try.success(cachedDestination2);
                this.isolationLock.unlock();
                return success;
            }
            Try<Destination> ofSupplier = Try.ofSupplier(this.destinationSupplier);
            if (ofSupplier.isFailure()) {
                return ofSupplier;
            }
            Destination destination = (Destination) ofSupplier.get();
            switch (this.exchangeStrategy) {
                case LOOKUP_ONLY:
                case EXCHANGE_ONLY:
                    this.destinationCache.put(this.cacheKey, destination);
                    logErroneousCombinations(destination, this.destinationName, this.exchangeStrategy);
                    break;
                case LOOKUP_THEN_EXCHANGE:
                case FORWARD_USER_TOKEN:
                    if (!DestinationUtility.requiresUserTokenExchange(destination)) {
                        this.destinationCache.put(this.cacheKey, destination);
                        break;
                    } else if (!this.additionalKeyWithTenantAndPrincipal.getPrincipalId().isEmpty()) {
                        this.destinationCache.put(this.additionalKeyWithTenantAndPrincipal, destination);
                        break;
                    } else {
                        Try<Destination> failure = Try.failure(new DestinationAccessException("No principal is available in the current ThreadContext, but a principal is required for fetching the destination %s. This typically means that the current context is malformed, containing inconsistent information about the authentication token, tenant and principal.".formatted(this.destinationName)));
                        this.isolationLock.unlock();
                        return failure;
                    }
            }
            Try<Destination> success2 = Try.success(destination);
            this.isolationLock.unlock();
            return success2;
        } finally {
            this.isolationLock.unlock();
        }
    }

    private void logErroneousCombinations(@Nonnull DestinationProperties destinationProperties, @Nonnull String str, @Nonnull DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy) {
        if (DestinationUtility.requiresUserTokenExchange(destinationProperties) && destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY) {
            log.debug("The destination {} was retrieved with strategy {}, but it requires user token exchange. Hence, the destination cannot be used to connect to the target system successfully, please refer to the documentation of {} to find the recommended strategy. Caching the destination for all users of the current tenant since it was obtained without user token exchange. ", new Object[]{str, DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY, DestinationServiceTokenExchangeStrategy.class.getSimpleName()});
        }
        if (DestinationUtility.requiresUserTokenExchange(destinationProperties) || destinationServiceTokenExchangeStrategy != DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY) {
            return;
        }
        log.warn("The destination {} was retrieved with strategy {}, but doesn't require user token exchange. This is not recommended, please refer to the documentation of {}. Caching the destination for the current user of the current tenant since it was obtained with a user token.", new Object[]{str, DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY, DestinationServiceTokenExchangeStrategy.class.getSimpleName()});
    }

    @Nullable
    private Destination getCachedDestination() {
        Destination destination = (Destination) this.destinationCache.getIfPresent(this.cacheKey);
        if (destination == null && this.additionalKeyWithTenantAndPrincipal != null) {
            destination = (Destination) this.destinationCache.getIfPresent(this.additionalKeyWithTenantAndPrincipal);
        }
        if (destination == null || authTokenIsExpired(destination) || certificateIsExpired(destination)) {
            return null;
        }
        if (this.getAllCommand == null) {
            return destination;
        }
        Try<List<DestinationProperties>> execute = this.getAllCommand.execute();
        if (execute.isFailure()) {
            log.warn("Failed to resolve all destinations of the current tenant from the destination service. Cannot perform change detection. {} will therefore be assumed to remain unchanged.", this.destinationName);
            log.debug("Failed to resolve all destinations of the current tenant from the destination service. Cannot perform change detection. {} will therefore be assumed to remain unchanged.", this.destinationName, execute.getCause());
            return destination;
        }
        if (destinationIsChanged((List) execute.get(), destination)) {
            return null;
        }
        return destination;
    }

    private static boolean certificateIsExpired(Destination destination) {
        return destination.get(DestinationProperty.CERTIFICATES).toStream().flatMap(Functions.identity()).map(obj -> {
            return ((DestinationServiceV1Response.DestinationCertificate) obj).getExpiryTimestamp();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).min().filter(localDateTime -> {
            return LocalDateTime.now().plusSeconds(EXPIRATION_BUFFER_TIME).isAfter(localDateTime);
        }).isDefined();
    }

    private static boolean authTokenIsExpired(@Nonnull Destination destination) {
        return destination.get(DestinationProperty.AUTH_TOKENS).toStream().flatMap(Functions.identity()).map(obj -> {
            return ((DestinationServiceV1Response.DestinationAuthToken) obj).getExpiryTimestamp();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).min().filter(localDateTime -> {
            return LocalDateTime.now().plusSeconds(EXPIRATION_BUFFER_TIME).isAfter(localDateTime);
        }).isDefined();
    }

    private static boolean destinationIsChanged(@Nonnull List<DestinationProperties> list, @Nonnull Destination destination) {
        String str = (String) destination.get(DestinationProperty.NAME).get();
        DestinationProperties orElse = list.stream().filter(destinationProperties -> {
            return destinationProperties.get(DestinationProperty.NAME).contains(str);
        }).findFirst().orElse(null);
        return orElse == null || !destinationIsEqualTo(orElse, destination);
    }

    static boolean destinationIsEqualTo(@Nonnull DestinationProperties destinationProperties, @Nonnull Destination destination) {
        for (String str : destinationProperties.getPropertyNames()) {
            if (!destinationProperties.get(str).equals(destination.get(str))) {
                log.debug("Detected change in destination property {}", str);
                return false;
            }
        }
        for (String str2 : (Collection) destination.get(DestinationProperty.PROPERTIES_FOR_CHANGE_DETECTION).get()) {
            if (!destination.get(str2).equals(destinationProperties.get(str2))) {
                log.debug("Detected change in destination property {}", str2);
                return false;
            }
        }
        return true;
    }

    @Generated
    private GetOrComputeSingleDestinationCommand(@Nonnull String str, @Nonnull CacheKey cacheKey, @Nullable CacheKey cacheKey2, @Nonnull ReentrantLock reentrantLock, @Nonnull Cache<CacheKey, Destination> cache, @Nonnull Supplier<Destination> supplier, @Nonnull DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy, @Nullable GetOrComputeAllDestinationsCommand getOrComputeAllDestinationsCommand) {
        if (str == null) {
            throw new NullPointerException("destinationName is marked non-null but is null");
        }
        if (cacheKey == null) {
            throw new NullPointerException("cacheKey is marked non-null but is null");
        }
        if (reentrantLock == null) {
            throw new NullPointerException("isolationLock is marked non-null but is null");
        }
        if (cache == null) {
            throw new NullPointerException("destinationCache is marked non-null but is null");
        }
        if (supplier == null) {
            throw new NullPointerException("destinationSupplier is marked non-null but is null");
        }
        if (destinationServiceTokenExchangeStrategy == null) {
            throw new NullPointerException("exchangeStrategy is marked non-null but is null");
        }
        this.destinationName = str;
        this.cacheKey = cacheKey;
        this.additionalKeyWithTenantAndPrincipal = cacheKey2;
        this.isolationLock = reentrantLock;
        this.destinationCache = cache;
        this.destinationSupplier = supplier;
        this.exchangeStrategy = destinationServiceTokenExchangeStrategy;
        this.getAllCommand = getOrComputeAllDestinationsCommand;
    }

    @Nonnull
    @Generated
    CacheKey getCacheKey() {
        return this.cacheKey;
    }

    @Generated
    @Nullable
    CacheKey getAdditionalKeyWithTenantAndPrincipal() {
        return this.additionalKeyWithTenantAndPrincipal;
    }

    @Nonnull
    @Generated
    DestinationServiceTokenExchangeStrategy getExchangeStrategy() {
        return this.exchangeStrategy;
    }
}
