package io.confluent.kafka.security.oauthbearer;

import io.confluent.kafka.security.PemUtils;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.utils.FileWatchService;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/security/oauthbearer/PrivateKeyClientAssertion.class */
public class PrivateKeyClientAssertion implements ClientAssertion, Closeable {
    private String iss;
    private String aud;
    private String sub;
    private Boolean setNotBefore;
    private final Integer expirationTime;
    private Boolean setJti;
    private final PrivateKeyWatchListener privateKeyWatchListener;
    private final String privateKeyPath;
    private final String passPhrase;
    private AtomicReference<PrivateKey> privateKey = new AtomicReference<>(null);
    private static final Logger log = LoggerFactory.getLogger(PrivateKeyClientAssertion.class);
    private static final FileWatchService PRIVATE_KEY_WATCH_SERVICE = new FileWatchService();

    /* loaded from: input_file:io/confluent/kafka/security/oauthbearer/PrivateKeyClientAssertion$PrivateKeyWatchListener.class */
    static class PrivateKeyWatchListener implements FileWatchService.Listener {
        private final File privateKeyFile;
        private final Runnable setPrivateKey;

        PrivateKeyWatchListener(String str, Runnable runnable) {
            this.privateKeyFile = Paths.get(str, new String[0]).toFile();
            this.setPrivateKey = runnable;
        }

        @Override // org.apache.kafka.common.utils.FileWatchService.Listener
        public File file() {
            return this.privateKeyFile;
        }

        @Override // org.apache.kafka.common.utils.FileWatchService.Listener
        public void onInit() {
        }

        @Override // org.apache.kafka.common.utils.FileWatchService.Listener
        public void onUpdate() {
            this.setPrivateKey.run();
        }
    }

    public PrivateKeyClientAssertion(String str, String str2, String str3, Integer num, Boolean bool, Boolean bool2, String str4, String str5) {
        this.iss = ValidationUtils.sanitizeString("the client assertion issuer claim", str);
        this.aud = ValidationUtils.sanitizeString("the client assertion audience claim", str2);
        this.sub = ValidationUtils.sanitizeString("the client assertion subject claim", str3);
        this.expirationTime = ValidationUtils.sanitizeInteger("the client assertion expiration time", num, 1);
        this.setJti = bool2;
        this.setNotBefore = bool;
        this.privateKeyPath = str4;
        this.passPhrase = str5;
        setPrivateKey();
        this.privateKeyWatchListener = new PrivateKeyWatchListener(str4, this::setPrivateKey);
        PRIVATE_KEY_WATCH_SERVICE.add(this.privateKeyWatchListener);
    }

    @Override // io.confluent.kafka.security.oauthbearer.ClientAssertion
    public String getJwt() {
        try {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setIssuer(this.iss);
            jwtClaims.setAudience(this.aud);
            jwtClaims.setExpirationTimeMinutesInTheFuture(this.expirationTime.intValue());
            if (this.setJti.booleanValue()) {
                jwtClaims.setGeneratedJwtId(16);
            }
            jwtClaims.setIssuedAtToNow();
            if (this.setNotBefore.booleanValue()) {
                jwtClaims.setNotBeforeMinutesInThePast(1.0f);
            }
            jwtClaims.setSubject(this.sub);
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(this.privateKey.get());
            jsonWebSignature.setAlgorithmHeaderValue("RS256");
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new KafkaException((Throwable) e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r6v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r6v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 6, insn: 0x0064: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r6 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:32:0x0064 */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x0068: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:34:0x0068 */
    /* JADX WARN: Type inference failed for: r6v1, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r7v0, types: [java.lang.Throwable] */
    private void setPrivateKey() {
        try {
            try {
                InputStream newInputStream = Files.newInputStream(Paths.get(this.privateKeyPath, new String[0]), new OpenOption[0]);
                Throwable th = null;
                KeyPair loadKeyPair = (this.passPhrase == null || this.passPhrase.isEmpty()) ? PemUtils.loadKeyPair(newInputStream) : PemUtils.loadKeyPair(newInputStream, this.passPhrase);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                if (this.privateKey.get() != null) {
                    log.info("Private key has been updated");
                }
                this.privateKey.set(loadKeyPair.getPrivate());
            } finally {
            }
        } catch (IOException e) {
            throw new KafkaException(e);
        }
    }

    protected PrivateKey getPrivateKey() {
        return this.privateKey.get();
    }

    @Override // io.confluent.kafka.security.oauthbearer.ClientAssertion, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        PRIVATE_KEY_WATCH_SERVICE.remove(this.privateKeyWatchListener);
    }
}
