package com.mapr.admin.controller;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.mapr.admin.Constants;
import com.mapr.admin.lib.SecurityUtils;
import com.mapr.admin.model.metering.CGClusterInfo;
import com.mapr.admin.model.opal.MossServerResponse;
import com.mapr.admin.security.JwtAuthToken;
import com.mapr.admin.service.AdminService;
import com.mapr.admin.service.impl.MapRAdminService;
import com.mapr.admin.service.impl.MossServiceImpl;
import com.mapr.admin.util.HttpClientUtils;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.math.random.MersenneTwister;
import org.apache.http.HttpResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.tomcat.util.http.fileupload.FileUploadBase;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.util.StreamUtils;
import org.springframework.web.client.HttpMessageConverterExtractor;
import org.springframework.web.client.RequestCallback;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Api("opal")
@Path("/opal")
@SwaggerDefinition(tags = {@Tag(name = "opal", description = "Opal API")})
@Consumes({"application/json"})
@Produces({"application/json"})
/* loaded from: input_file:com/mapr/admin/controller/OpalController.class */
public class OpalController extends ResourceController {
    private static final Logger log = LogManager.getLogger((Class<?>) OpalController.class);
    private List<String> s3Servers = new CopyOnWriteArrayList();
    AdminService adminService = new MapRAdminService();
    private MossServiceImpl mossService = new MossServiceImpl();
    private MersenneTwister r = new MersenneTwister();

    /* JADX WARN: Multi-variable type inference failed */
    @Path("executePostMossRequestNew")
    @Consumes({"application/json"})
    @Deprecated
    @ApiOperation("Execute POST Moss request")
    @Produces({"application/json"})
    @POST
    public Response executePostMossRequestNew(@Context HttpServletRequest httpServletRequest, String str) {
        Boolean bool = false;
        String str2 = null;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken) {
            bool = true;
            if (httpServletRequest.getSession().getAttribute("atoken") == null) {
                throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
            }
            str2 = httpServletRequest.getSession().getAttribute("atoken").toString();
        } else if (SecurityContextHolder.getContext().getAuthentication() instanceof JwtAuthToken) {
            bool = true;
            String header = httpServletRequest.getHeader("Authorization");
            str2 = header.substring(header.indexOf(32) + 1);
        }
        String header2 = httpServletRequest.getHeader("clusterName");
        String header3 = httpServletRequest.getHeader("mtoken");
        String header4 = httpServletRequest.getHeader("proxyPath");
        if (header4 == null) {
            throw new Exception("proxyPath not found in the header");
        }
        String header5 = httpServletRequest.getHeader("isExternalS3");
        if (header2 == null || this.adminService.isClusterLocal(header2) || (!StringUtils.isBlank(header5) && header5.equalsIgnoreCase("true"))) {
            if (header2 == null) {
                return Response.status(400, "Cluster " + header2 + " is not provided").build();
            }
            Iterator<String> it = this.adminService.getInfoFromClusterGroup(this.adminService.getDashboardInfo().getClusterInfo().getClusterName()).getApiIpsList().iterator();
            while (it.hasNext()) {
                String str3 = "https://" + it.next() + header4;
                log.debug("send POST request to proxy url on local cluster: {}", str3);
                HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(new HttpClientUtils().httpClient(null));
                httpComponentsClientHttpRequestFactory.setBufferRequestBody(false);
                RestTemplate restTemplate = new RestTemplate(httpComponentsClientHttpRequestFactory);
                HttpHeaders httpHeaders = new HttpHeaders();
                Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    String nextElement = headerNames.nextElement();
                    if (!nextElement.equalsIgnoreCase("proxyPath") && !nextElement.equalsIgnoreCase("mtoken")) {
                        httpHeaders.set(nextElement, httpServletRequest.getHeader(nextElement));
                    }
                }
                httpHeaders.set("Authorization", "Bearer " + header3);
                httpHeaders.set("ssoToken", str2);
                try {
                    ResponseEntity exchange = restTemplate.exchange(str3, HttpMethod.POST, new HttpEntity<>(str, httpHeaders), String.class, new Object[0]);
                    return !exchange.getStatusCode().is2xxSuccessful() ? Response.status(exchange.getStatusCode().value(), (String) exchange.getBody()).build() : Response.ok(exchange.getBody()).build();
                } catch (ResourceAccessException e) {
                } catch (Exception e2) {
                    return Response.status(500, e2.getMessage()).build();
                }
            }
            throw new Exception(Constants.MCS_NOT_REACHABLE);
        }
        if (!bool.booleanValue()) {
            throw new InvalidParameterException(Constants.NON_SSO_ERROR);
        }
        if (str2 == null) {
            throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
        }
        DecodedJWT decode = JWT.decode(str2);
        if (decode.getExpiresAt() != null && decode.getExpiresAt().before(new Date())) {
            return Response.status(401, Constants.SSO_TOKEN_EXPIRED).build();
        }
        CGClusterInfo infoFromClusterGroup = this.adminService.getInfoFromClusterGroup(header2);
        if (infoFromClusterGroup == null) {
            throw new Exception("cluster info not found for " + header2 + " in cgtable");
        }
        for (String str4 : infoFromClusterGroup.getApiIpsList()) {
            if (str4 != null) {
                String str5 = "https://" + str4 + header4;
                log.debug("sending POST request to remote proxy server url={}", str5);
                HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory2 = new HttpComponentsClientHttpRequestFactory(new HttpClientUtils().httpClient(null));
                httpComponentsClientHttpRequestFactory2.setBufferRequestBody(false);
                RestTemplate restTemplate2 = new RestTemplate(httpComponentsClientHttpRequestFactory2);
                HttpHeaders httpHeaders2 = new HttpHeaders();
                Enumeration<String> headerNames2 = httpServletRequest.getHeaderNames();
                while (headerNames2.hasMoreElements()) {
                    String nextElement2 = headerNames2.nextElement();
                    if (!nextElement2.equalsIgnoreCase("Cookie") && !nextElement2.equalsIgnoreCase("proxyPath") && !nextElement2.equalsIgnoreCase("mtoken")) {
                        httpHeaders2.set(nextElement2, httpServletRequest.getHeader(nextElement2));
                    }
                }
                httpHeaders2.set("Authorization", "Bearer " + header3);
                httpHeaders2.add("ssoToken", str2);
                try {
                    ResponseEntity exchange2 = restTemplate2.exchange(UriComponentsBuilder.fromUriString(str5).build(true).toUri(), HttpMethod.POST, new HttpEntity<>(str, httpHeaders2), String.class);
                    return !exchange2.getStatusCode().is2xxSuccessful() ? Response.status(exchange2.getStatusCode().value(), (String) exchange2.getBody()).build() : Response.ok(exchange2.getBody()).build();
                } catch (ResourceAccessException e3) {
                } catch (Exception e4) {
                    return Response.status(500, e4.getMessage()).build();
                }
            }
        }
        throw new Exception("Cluster " + header2 + " is not reachable");
    }

    @Path("executePutMossRequestNew")
    @Consumes({"*/*"})
    @Deprecated
    @ApiOperation("Execute PUT Moss request")
    @Produces({"*/*"})
    @PUT
    public Response executePutMossRequestNew(@Context HttpServletRequest httpServletRequest, final InputStream inputStream) {
        Boolean bool = false;
        String str = null;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken) {
            bool = true;
            if (httpServletRequest.getSession().getAttribute("atoken") == null) {
                throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
            }
            str = httpServletRequest.getSession().getAttribute("atoken").toString();
        } else if (SecurityContextHolder.getContext().getAuthentication() instanceof JwtAuthToken) {
            bool = true;
            String header = httpServletRequest.getHeader("Authorization");
            str = header.substring(header.indexOf(32) + 1);
        }
        final String header2 = httpServletRequest.getHeader("clusterName");
        String header3 = httpServletRequest.getHeader("mtoken");
        String header4 = httpServletRequest.getHeader("proxyPath");
        if (header4 == null) {
            throw new Exception("proxyPath not found in the header");
        }
        String header5 = httpServletRequest.getHeader("isExternalS3");
        if (header2 == null || this.adminService.isClusterLocal(header2) || (!StringUtils.isBlank(header5) && header5.equalsIgnoreCase("true"))) {
            if (header2 == null) {
                return Response.status(400, "Cluster " + header2 + " is not provided").build();
            }
            Iterator<String> it = this.adminService.getInfoFromClusterGroup(this.adminService.getDashboardInfo().getClusterInfo().getClusterName()).getApiIpsList().iterator();
            while (it.hasNext()) {
                String str2 = "https://" + it.next() + header4;
                log.debug("send PUT request to proxy url on local cluster: {}", str2);
                SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();
                simpleClientHttpRequestFactory.setConnectTimeout(0);
                simpleClientHttpRequestFactory.setReadTimeout(0);
                simpleClientHttpRequestFactory.setBufferRequestBody(false);
                RestTemplate restTemplate = new RestTemplate(simpleClientHttpRequestFactory);
                final String str3 = "Bearer " + header3;
                final String str4 = str;
                final String header6 = httpServletRequest.getHeader("Content-Length");
                final String header7 = httpServletRequest.getHeader("X-mapr-is-dir");
                try {
                    return Response.ok((String) restTemplate.execute(UriComponentsBuilder.fromUriString(str2).build(true).toUri(), HttpMethod.PUT, new RequestCallback() { // from class: com.mapr.admin.controller.OpalController.2
                        @Override // org.springframework.web.client.RequestCallback
                        public void doWithRequest(ClientHttpRequest clientHttpRequest) throws IOException {
                            clientHttpRequest.getHeaders().set("Authorization", str3);
                            clientHttpRequest.getHeaders().set("ssoToken", str4);
                            clientHttpRequest.getHeaders().set("Content-Length", header6);
                            if (!StringUtils.isBlank(header7)) {
                                clientHttpRequest.getHeaders().set("X-mapr-is-dir", header7);
                            }
                            clientHttpRequest.getHeaders().set("clusterName", header2);
                            clientHttpRequest.getHeaders().set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
                            StreamUtils.copy(inputStream, clientHttpRequest.getBody());
                        }
                    }, new HttpMessageConverterExtractor(String.class, restTemplate.getMessageConverters()))).build();
                } catch (ResourceAccessException e) {
                } catch (Exception e2) {
                    return Response.status(500, e2.getMessage()).build();
                }
            }
            throw new Exception(Constants.MCS_NOT_REACHABLE);
        }
        if (!bool.booleanValue()) {
            throw new InvalidParameterException(Constants.NON_SSO_ERROR);
        }
        if (str == null) {
            throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
        }
        DecodedJWT decode = JWT.decode(str);
        if (decode.getExpiresAt() != null && decode.getExpiresAt().before(new Date())) {
            return Response.status(401, Constants.SSO_TOKEN_EXPIRED).build();
        }
        CGClusterInfo infoFromClusterGroup = this.adminService.getInfoFromClusterGroup(header2);
        if (infoFromClusterGroup == null) {
            throw new Exception("cluster info not found for " + header2 + " in cgtable");
        }
        Iterator<String> it2 = infoFromClusterGroup.getApiIpsList().iterator();
        while (it2.hasNext()) {
            String str5 = "https://" + it2.next() + header4;
            log.debug("send request to remote proxy server {} for cluster {}: ", str5, header2);
            ignoreCertificates();
            SimpleClientHttpRequestFactory simpleClientHttpRequestFactory2 = new SimpleClientHttpRequestFactory();
            simpleClientHttpRequestFactory2.setConnectTimeout(0);
            simpleClientHttpRequestFactory2.setReadTimeout(0);
            simpleClientHttpRequestFactory2.setBufferRequestBody(false);
            RestTemplate restTemplate2 = new RestTemplate(simpleClientHttpRequestFactory2);
            final String str6 = "Bearer " + header3;
            final String str7 = str;
            final String header8 = httpServletRequest.getHeader("Content-Length");
            final String header9 = httpServletRequest.getHeader("X-mapr-is-dir");
            try {
                return Response.ok((String) restTemplate2.execute(UriComponentsBuilder.fromUriString(str5).build(true).toUri(), HttpMethod.PUT, new RequestCallback() { // from class: com.mapr.admin.controller.OpalController.1
                    @Override // org.springframework.web.client.RequestCallback
                    public void doWithRequest(ClientHttpRequest clientHttpRequest) throws IOException {
                        clientHttpRequest.getHeaders().set("Authorization", str6);
                        clientHttpRequest.getHeaders().set("ssoToken", str7);
                        clientHttpRequest.getHeaders().set("Content-Length", header8);
                        if (!StringUtils.isBlank(header9)) {
                            clientHttpRequest.getHeaders().set("X-mapr-is-dir", header9);
                        }
                        clientHttpRequest.getHeaders().set("clusterName", header2);
                        clientHttpRequest.getHeaders().set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
                        StreamUtils.copy(inputStream, clientHttpRequest.getBody());
                    }
                }, new HttpMessageConverterExtractor(String.class, restTemplate2.getMessageConverters()))).build();
            } catch (ResourceAccessException e3) {
            } catch (Exception e4) {
                return Response.status(500, e4.getMessage()).build();
            }
        }
        throw new Exception("Cluster " + header2 + " is not reachable");
    }

    private void ignoreCertificates() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.mapr.admin.controller.OpalController.3
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception e) {
        }
    }

    @GET
    @Path("executeGetMossRequestNew")
    @Consumes({"*/*"})
    @Deprecated
    @ApiOperation("Execute GET Moss request")
    @Produces({"*/*"})
    public Response executeGetMossRequestNew(@Context HttpServletRequest httpServletRequest, String str) {
        Boolean bool = false;
        String str2 = null;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken) {
            bool = true;
            if (httpServletRequest.getSession().getAttribute("atoken") == null) {
                throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
            }
            str2 = httpServletRequest.getSession().getAttribute("atoken").toString();
        } else if (SecurityContextHolder.getContext().getAuthentication() instanceof JwtAuthToken) {
            bool = true;
            String header = httpServletRequest.getHeader("Authorization");
            str2 = header.substring(header.indexOf(32) + 1);
        }
        final String header2 = httpServletRequest.getHeader("clusterName");
        String header3 = httpServletRequest.getHeader("mtoken");
        String header4 = httpServletRequest.getHeader("proxyPath");
        if (header4 == null) {
            throw new Exception("proxyPath not found in the header");
        }
        String header5 = httpServletRequest.getHeader("isExternalS3");
        if (header2 == null || this.adminService.isClusterLocal(header2) || (!StringUtils.isBlank(header5) && header5.equalsIgnoreCase("true"))) {
            if (header2 == null) {
                return Response.status(400, "Cluster " + header2 + " is not provided").build();
            }
            Iterator<String> it = this.adminService.getInfoFromClusterGroup(this.adminService.getDashboardInfo().getClusterInfo().getClusterName()).getApiIpsList().iterator();
            while (it.hasNext()) {
                String str3 = "https://" + it.next() + header4;
                log.debug("send GET request to proxy url on local cluster: {}", str3);
                HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(new HttpClientUtils().httpClient(null));
                httpComponentsClientHttpRequestFactory.setBufferRequestBody(false);
                RestTemplate restTemplate = new RestTemplate(httpComponentsClientHttpRequestFactory);
                final String str4 = "Bearer " + header3;
                final String str5 = str2;
                try {
                    return Response.ok((File) restTemplate.execute(UriComponentsBuilder.fromUriString(str3).build(true).toUri(), HttpMethod.GET, new RequestCallback() { // from class: com.mapr.admin.controller.OpalController.4
                        @Override // org.springframework.web.client.RequestCallback
                        public void doWithRequest(ClientHttpRequest clientHttpRequest) throws IOException {
                            clientHttpRequest.getHeaders().set(FileUploadBase.CONTENT_TYPE, "application/octet-stream");
                            clientHttpRequest.getHeaders().set("Authorization", str4);
                            clientHttpRequest.getHeaders().set("ssoToken", str5);
                            clientHttpRequest.getHeaders().set("clusterName", header2);
                            clientHttpRequest.getHeaders().set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
                        }
                    }, clientHttpResponse -> {
                        File createTempFile = File.createTempFile("download", "tmp", new File("/tmp"));
                        StreamUtils.copy(clientHttpResponse.getBody(), new FileOutputStream(createTempFile));
                        return createTempFile;
                    })).build();
                } catch (ResourceAccessException e) {
                } catch (Exception e2) {
                    return Response.status(500, e2.getMessage()).build();
                }
            }
            throw new Exception(Constants.MCS_NOT_REACHABLE);
        }
        if (!bool.booleanValue()) {
            throw new InvalidParameterException(Constants.NON_SSO_ERROR);
        }
        if (str2 == null) {
            throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
        }
        DecodedJWT decode = JWT.decode(str2);
        if (decode.getExpiresAt() != null && decode.getExpiresAt().before(new Date())) {
            throw new Exception(Constants.SSO_TOKEN_EXPIRED);
        }
        CGClusterInfo infoFromClusterGroup = this.adminService.getInfoFromClusterGroup(header2);
        if (infoFromClusterGroup == null) {
            throw new Exception("cluster info not found for " + header2 + " in cgtable");
        }
        for (String str6 : infoFromClusterGroup.getApiIpsList()) {
            if (str6 != null) {
                String str7 = "https://" + str6 + "/opal/executeGetMossRequestNew";
                log.debug("sending GET request to remote mcs server url={}", str7);
                HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory2 = new HttpComponentsClientHttpRequestFactory(new HttpClientUtils().httpClient(null));
                httpComponentsClientHttpRequestFactory2.setBufferRequestBody(false);
                RestTemplate restTemplate2 = new RestTemplate(httpComponentsClientHttpRequestFactory2);
                HttpHeaders httpHeaders = new HttpHeaders();
                Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    String nextElement = headerNames.nextElement();
                    if (!nextElement.equalsIgnoreCase("Cookie")) {
                        httpHeaders.add(nextElement, httpServletRequest.getHeader(nextElement));
                    }
                }
                httpHeaders.set("Authorization", "Bearer " + str2);
                try {
                    return Response.ok(restTemplate2.exchange(UriComponentsBuilder.fromUriString(str7).build(true).toUri(), HttpMethod.GET, new HttpEntity<>(str, httpHeaders), byte[].class).getBody()).build();
                } catch (ResourceAccessException e3) {
                } catch (Exception e4) {
                    return Response.status(500, e4.getMessage()).build();
                }
            }
        }
        throw new Exception("Cluster " + header2 + " is not reachable");
    }

    @GET
    @Path("getToken")
    @ApiOperation("Get MOSS Jwt Token")
    public Response getToken(@Context HttpServletRequest httpServletRequest, HttpResponse httpResponse) {
        String currentUserName = SecurityUtils.getCurrentUserName();
        Boolean bool = false;
        String str = null;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof OAuth2AuthenticationToken) {
            bool = true;
            if (httpServletRequest.getSession().getAttribute("atoken") == null) {
                throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
            }
            str = httpServletRequest.getSession().getAttribute("atoken").toString();
        } else if (SecurityContextHolder.getContext().getAuthentication() instanceof JwtAuthToken) {
            bool = true;
            String header = httpServletRequest.getHeader("Authorization");
            str = header.substring(header.indexOf(32) + 1);
        }
        String header2 = httpServletRequest.getHeader("isExternalS3");
        String header3 = httpServletRequest.getHeader("clusterName");
        if (header3 == null || this.adminService.isClusterLocal(header3) || (!StringUtils.isBlank(header2) && header2.equalsIgnoreCase("true"))) {
            MossServerResponse jwtTokenForUser = this.mossService.getJwtTokenForUser(currentUserName);
            if (jwtTokenForUser.getResult() == null) {
                return Response.ok(jwtTokenForUser).build();
            }
            return Response.ok(jwtTokenForUser).cookie(new NewCookie("token", jwtTokenForUser.getResult().getToken(), "/", (String) null, (String) null, -1, true, true)).build();
        }
        if (!bool.booleanValue()) {
            throw new InvalidParameterException(Constants.NON_SSO_ERROR);
        }
        if (str == null) {
            throw new InvalidParameterException(Constants.NO_ACCESS_TOKEN_ERROR);
        }
        DecodedJWT decode = JWT.decode(str);
        if (decode.getExpiresAt() != null && decode.getExpiresAt().before(new Date())) {
            return Response.status(401, Constants.SSO_TOKEN_EXPIRED).build();
        }
        for (String str2 : this.adminService.getInfoFromClusterGroup(header3).getApiIpsList()) {
            if (str2 != null) {
                String str3 = "https://" + str2 + "/opal/getToken";
                RestTemplate restTemplate = new RestTemplate(new HttpComponentsClientHttpRequestFactory(new HttpClientUtils().httpClient(null)));
                HttpHeaders httpHeaders = new HttpHeaders();
                httpHeaders.add("Authorization", "Bearer " + str);
                httpHeaders.setContentType(MediaType.APPLICATION_JSON);
                try {
                    return Response.ok(restTemplate.exchange(str3, HttpMethod.GET, new HttpEntity<>("", httpHeaders), String.class, new Object[0]).getBody()).build();
                } catch (ResourceAccessException e) {
                }
            }
        }
        throw new Exception("Cluster " + header3 + " is not reachable");
    }
}
