package io.streamnative.pulsar.handlers.kop.security.oauth;

import com.google.common.annotations.VisibleForTesting;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.HashMap;
import java.util.stream.Collectors;
import kafka.oauthclient.com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import kafka.oauthclient.com.fasterxml.jackson.annotation.JsonProperty;
import kafka.oauthclient.com.fasterxml.jackson.databind.ObjectMapper;
import kafka.oauthclient.com.fasterxml.jackson.databind.ObjectReader;

/* loaded from: input_file:io/streamnative/pulsar/handlers/kop/security/oauth/ClientCredentialsFlow.class */
public class ClientCredentialsFlow implements Closeable {
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final ObjectReader METADATA_READER = OBJECT_MAPPER.readerFor(Metadata.class);
    private static final ObjectReader CLIENT_INFO_READER = OBJECT_MAPPER.readerFor(ClientInfo.class);
    private static final ObjectReader TOKEN_RESULT_READER = OBJECT_MAPPER.readerFor(OAuthBearerTokenImpl.class);
    private static final ObjectReader TOKEN_ERROR_READER = OBJECT_MAPPER.readerFor(TokenError.class);
    private final Duration connectTimeout = Duration.ofSeconds(10);
    private final Duration readTimeout = Duration.ofSeconds(30);
    private final ClientConfig clientConfig;

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:io/streamnative/pulsar/handlers/kop/security/oauth/ClientCredentialsFlow$ClientInfo.class */
    public static class ClientInfo {

        @JsonProperty("client_id")
        private String id;

        @JsonProperty("client_secret")
        private String secret;

        public String getId() {
            return this.id;
        }

        public String getSecret() {
            return this.secret;
        }
    }

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:io/streamnative/pulsar/handlers/kop/security/oauth/ClientCredentialsFlow$Metadata.class */
    public static class Metadata {

        @JsonProperty("token_endpoint")
        private String tokenEndPoint;

        public String getTokenEndPoint() {
            return this.tokenEndPoint;
        }
    }

    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:io/streamnative/pulsar/handlers/kop/security/oauth/ClientCredentialsFlow$TokenError.class */
    public static class TokenError {

        @JsonProperty("error")
        private String error;

        @JsonProperty("error_description")
        private String errorDescription;

        @JsonProperty("error_uri")
        private String errorUri;

        public String getError() {
            return this.error;
        }

        public String getErrorDescription() {
            return this.errorDescription;
        }

        public String getErrorUri() {
            return this.errorUri;
        }
    }

    public ClientCredentialsFlow(ClientConfig clientConfig) {
        this.clientConfig = clientConfig;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to find switch 'out' block (already processed)
        	at jadx.core.dex.visitors.regions.RegionMaker.calcSwitchOut(RegionMaker.java:923)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:797)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processExcHandler(RegionMaker.java:1110)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1046)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    public io.streamnative.pulsar.handlers.kop.security.oauth.OAuthBearerTokenImpl authenticate() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 339
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.streamnative.pulsar.handlers.kop.security.oauth.ClientCredentialsFlow.authenticate():io.streamnative.pulsar.handlers.kop.security.oauth.OAuthBearerTokenImpl");
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @VisibleForTesting
    Metadata findAuthorizationServer() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) URI.create(this.clientConfig.getIssuerUrl().toExternalForm() + "/.well-known/openid-configuration").normalize().toURL().openConnection();
        try {
            httpURLConnection.setConnectTimeout((int) this.connectTimeout.toMillis());
            httpURLConnection.setReadTimeout((int) this.readTimeout.toMillis());
            httpURLConnection.setRequestProperty("Accept", "application/json");
            InputStream inputStream = httpURLConnection.getInputStream();
            try {
                Metadata metadata = (Metadata) METADATA_READER.readValue(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return metadata;
            } finally {
            }
        } finally {
            httpURLConnection.disconnect();
        }
    }

    @VisibleForTesting
    ClientInfo loadPrivateKey() throws IOException {
        InputStream inputStream = this.clientConfig.getCredentialsUrl().openConnection().getInputStream();
        try {
            ClientInfo clientInfo = (ClientInfo) CLIENT_INFO_READER.readValue(inputStream);
            if (inputStream != null) {
                inputStream.close();
            }
            return clientInfo;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static String encode(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
    }

    private String buildClientCredentialsBody(ClientInfo clientInfo) throws UnsupportedEncodingException {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "client_credentials");
        hashMap.put("client_id", encode(clientInfo.getId()));
        hashMap.put("client_secret", encode(clientInfo.getSecret()));
        if (this.clientConfig.getAudience() != null) {
            hashMap.put("audience", encode(this.clientConfig.getAudience()));
        }
        if (this.clientConfig.getScope() != null) {
            hashMap.put("scope", encode(this.clientConfig.getScope()));
        }
        return (String) hashMap.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
        }).collect(Collectors.joining("&"));
    }
}
