package io.confluent.security.auth.oauth.mockserver.common;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/auth/oauth/mockserver/common/OAuthAuthenticator.class */
public class OAuthAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(OAuthAuthenticator.class);

    public static TokenInfo loginWithClientSecret(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z, PrincipalExtractor principalExtractor, String str3) throws IOException {
        return loginWithClientSecret(uri, sSLSocketFactory, hostnameVerifier, str, str2, z, null, principalExtractor, str3, null, HttpUtil.DEFAULT_CONNECT_TIMEOUT, HttpUtil.DEFAULT_READ_TIMEOUT, null, 0, 0L);
    }

    public static TokenInfo loginWithClientSecret(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z, Map<String, Object> map, PrincipalExtractor principalExtractor, String str3, String str4) throws IOException {
        return loginWithClientSecret(uri, sSLSocketFactory, hostnameVerifier, str, str2, z, map, principalExtractor, str3, str4, HttpUtil.DEFAULT_CONNECT_TIMEOUT, HttpUtil.DEFAULT_READ_TIMEOUT, null, 0, 0L);
    }

    public static TokenInfo loginWithClientSecret(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z, Map<String, Object> map, PrincipalExtractor principalExtractor, String str3, String str4, int i, int i2, MetricsHandler metricsHandler, int i3, long j) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("loginWithClientSecret() - tokenEndpointUrl: {}, clientId: {}, clientSecret: {}, scope: {}, audience: {}, connectTimeout: {}, readTimeout: {}, retries: {}, retryPauseMillis: {}", new Object[]{uri, str, LogUtil.mask(str2), str3, str4, Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(i3), Long.valueOf(j)});
        }
        if (str == null) {
            throw new IllegalArgumentException("No clientId specified");
        }
        if (str2 == null) {
            str2 = "";
        }
        String str5 = "Basic " + base64encode(str + ":" + str2);
        StringBuilder sb = new StringBuilder("grant_type=client_credentials");
        map.forEach((str6, obj) -> {
            sb.append("&" + str6 + "=").append(obj);
        });
        if (str3 != null) {
            sb.append("&scope=").append(urlencode(str3));
        }
        if (str4 != null) {
            sb.append("&audience=").append(urlencode(str4));
        }
        return post(uri, sSLSocketFactory, hostnameVerifier, str5, sb.toString(), z, principalExtractor, i, i2, metricsHandler, i3, j);
    }

    private static TokenInfo post(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z, PrincipalExtractor principalExtractor, int i, int i2, MetricsHandler metricsHandler, int i3, long j) throws IOException {
        try {
            JsonNode jsonNode = (JsonNode) HttpUtil.doWithRetries(i3, j, metricsHandler, () -> {
                return (JsonNode) HttpUtil.post(uri, sSLSocketFactory, hostnameVerifier, str, "application/x-www-form-urlencoded", str2, JsonNode.class, i, i2);
            });
            JsonNode jsonNode2 = jsonNode.get("access_token");
            if (jsonNode2 == null) {
                throw new IllegalStateException("Invalid response from authorization server: no access_token");
            }
            JsonNode jsonNode3 = jsonNode.get("expires_in");
            if (jsonNode3 == null) {
                throw new IllegalStateException("Invalid response from authorization server: no expires_in");
            }
            JsonNode jsonNode4 = jsonNode.get(TokenInfo.SCOPE);
            if (z) {
                try {
                    return TokenIntrospection.introspectAccessToken(jsonNode2.asText(), principalExtractor);
                } catch (Exception e) {
                    log.debug("[IGNORED] Could not parse token as JWT access token. Could not extract subject.", e);
                }
            }
            long currentTimeMillis = System.currentTimeMillis();
            return new TokenInfo(jsonNode2.asText(), jsonNode4 != null ? jsonNode4.asText() : null, "undefined", null, currentTimeMillis, currentTimeMillis + (jsonNode3.asLong() * 1000));
        } catch (Throwable th) {
            Throwable th2 = th;
            if (th instanceof ExecutionException) {
                th2 = th.getCause();
            }
            if (th2 instanceof IOException) {
                throw ((IOException) th2);
            }
            throw new IllegalStateException("Unexpected exception while sending HTTP POST request", th2);
        }
    }

    public static String base64encode(String str) {
        return Base64.getUrlEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    public static String urlencode(String str) {
        try {
            return URLEncoder.encode(str, "utf-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unexpected: Encoding utf-8 not supported");
        }
    }
}
