package org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.internal.IgniteInterruptedCheckedException;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.resources.LoggerResource;
import org.apache.ignite.spi.IgniteSpiException;
import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinderAdapter;

/* loaded from: input_file:org/apache/ignite/spi/discovery/tcp/ipfinder/kubernetes/TcpDiscoveryKubernetesIpFinder.class */
public class TcpDiscoveryKubernetesIpFinder extends TcpDiscoveryIpFinderAdapter {

    @LoggerResource
    private IgniteLogger log;
    private final AtomicBoolean initGuard = new AtomicBoolean();
    private final CountDownLatch initLatch = new CountDownLatch(1);
    private TrustManager[] trustAll = {new X509TrustManager() { // from class: org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};
    private HostnameVerifier trustAllHosts = new HostnameVerifier() { // from class: org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder.2
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    };
    private String serviceName = "ignite";
    private String namespace = "default";
    private String master = "https://kubernetes.default.svc.cluster.local:443";
    private String accountToken = "/var/run/secrets/kubernetes.io/serviceaccount/token";
    private URL url;
    private SSLContext ctx;

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/apache/ignite/spi/discovery/tcp/ipfinder/kubernetes/TcpDiscoveryKubernetesIpFinder$Address.class */
    private static class Address {
        public String ip;

        private Address() {
        }
    }

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/apache/ignite/spi/discovery/tcp/ipfinder/kubernetes/TcpDiscoveryKubernetesIpFinder$Endpoints.class */
    private static class Endpoints {
        public List<Subset> subsets;

        private Endpoints() {
        }
    }

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:org/apache/ignite/spi/discovery/tcp/ipfinder/kubernetes/TcpDiscoveryKubernetesIpFinder$Subset.class */
    private static class Subset {
        public List<Address> addresses;

        private Subset() {
        }
    }

    public TcpDiscoveryKubernetesIpFinder() {
        setShared(true);
    }

    public Collection<InetSocketAddress> getRegisteredAddresses() throws IgniteSpiException {
        init();
        ArrayList arrayList = new ArrayList();
        try {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Getting Apache Ignite endpoints from: " + this.url);
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) this.url.openConnection();
            httpsURLConnection.setHostnameVerifier(this.trustAllHosts);
            httpsURLConnection.setSSLSocketFactory(this.ctx.getSocketFactory());
            httpsURLConnection.addRequestProperty("Authorization", "Bearer " + serviceAccountToken(this.accountToken));
            Endpoints endpoints = (Endpoints) new ObjectMapper().readValue(httpsURLConnection.getInputStream(), Endpoints.class);
            if (endpoints != null && endpoints.subsets != null && !endpoints.subsets.isEmpty()) {
                for (Subset subset : endpoints.subsets) {
                    if (subset.addresses != null && !subset.addresses.isEmpty()) {
                        for (Address address : subset.addresses) {
                            arrayList.add(new InetSocketAddress(address.ip, 0));
                            if (this.log.isDebugEnabled()) {
                                this.log.debug("Added an address to the list: " + address.ip);
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new IgniteSpiException("Failed to retrieve Ignite pods IP addresses.", e);
        }
    }

    public void registerAddresses(Collection<InetSocketAddress> collection) throws IgniteSpiException {
    }

    public void unregisterAddresses(Collection<InetSocketAddress> collection) throws IgniteSpiException {
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public void setNamespace(String str) {
        this.namespace = str;
    }

    public void setMasterUrl(String str) {
        this.master = str;
    }

    public void setAccountToken(String str) {
        this.accountToken = str;
    }

    private void init() throws IgniteSpiException {
        if (!this.initGuard.compareAndSet(false, true)) {
            try {
                U.await(this.initLatch);
                if (this.url == null || this.ctx == null) {
                    throw new IgniteSpiException("IP finder has not been initialized properly.");
                }
                return;
            } catch (IgniteInterruptedCheckedException e) {
                throw new IgniteSpiException("Thread has been interrupted.", e);
            }
        }
        if (this.serviceName != null && !this.serviceName.isEmpty() && this.namespace != null && !this.namespace.isEmpty() && this.master != null && !this.master.isEmpty() && this.accountToken != null) {
            try {
                if (!this.accountToken.isEmpty()) {
                    try {
                        this.url = new URL(this.master + String.format("/api/v1/namespaces/%s/endpoints/%s", this.namespace, this.serviceName));
                        this.ctx = SSLContext.getInstance("SSL");
                        this.ctx.init(null, this.trustAll, new SecureRandom());
                        this.initLatch.countDown();
                        return;
                    } catch (Exception e2) {
                        throw new IgniteSpiException("Failed to connect to Ignite's Kubernetes Service.", e2);
                    }
                }
            } catch (Throwable th) {
                this.initLatch.countDown();
                throw th;
            }
        }
        throw new IgniteSpiException("One or more configuration parameters are invalid [setServiceName=" + this.serviceName + ", setNamespace=" + this.namespace + ", setMasterUrl=" + this.master + ", setAccountToken=" + this.accountToken + "]");
    }

    private String serviceAccountToken(String str) {
        try {
            return new String(Files.readAllBytes(Paths.get(str, new String[0])));
        } catch (IOException e) {
            throw new IgniteSpiException("Failed to load services account token [setAccountToken= " + str + "]", e);
        }
    }
}
