package com.google.cloud.pubsublite.kafka.internal;

import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.collect.ImmutableMap;
import com.google.gson.Gson;
import com.sun.net.httpserver.HttpServer;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.util.Base64;
import java.util.Collections;

/* loaded from: input_file:com/google/cloud/pubsublite/kafka/internal/AuthServer.class */
public class AuthServer {
    public static int PORT = 14293;
    public static InetSocketAddress ADDRESS = new InetSocketAddress(InetAddress.getLoopbackAddress(), PORT);
    private static final String HEADER = new Gson().toJson(ImmutableMap.of("typ", "JWT", "alg", "GOOG_TOKEN"));

    private static String b64Encode(String str) {
        return Base64.getUrlEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    private static String getJwt(AccessToken accessToken) {
        return new Gson().toJson(ImmutableMap.of("exp", Long.valueOf(accessToken.getExpirationTime().toInstant().getEpochSecond()), "iat", Long.valueOf(Instant.now().getEpochSecond()), "scope", "pubsub", "sub", "unused"));
    }

    private static String getKafkaAccessToken(AccessToken accessToken) {
        return String.join(".", b64Encode(HEADER), b64Encode(getJwt(accessToken)), b64Encode(accessToken.getTokenValue()));
    }

    private static String getResponse(GoogleCredentials googleCredentials) throws IOException {
        googleCredentials.refreshIfExpired();
        AccessToken accessToken = googleCredentials.getAccessToken();
        return new Gson().toJson(ImmutableMap.of("access_token", getKafkaAccessToken(accessToken), "token_type", "bearer", "expires_in", Long.toString(Duration.between(Instant.now(), accessToken.getExpirationTime().toInstant()).getSeconds())));
    }

    private static void spawnDaemon() {
        Thread thread = new Thread(AuthServer::spawn);
        thread.setDaemon(true);
        thread.start();
    }

    private static void spawn() {
        try {
            GoogleCredentials createScoped = GoogleCredentials.getApplicationDefault().createScoped(new String[]{"https://www.googleapis.com/auth/cloud-platform"});
            HttpServer create = HttpServer.create(ADDRESS, 0);
            create.createContext("/", httpExchange -> {
                try {
                    byte[] bytes = getResponse(createScoped).getBytes(StandardCharsets.UTF_8);
                    httpExchange.getResponseHeaders().put("Content-type", Collections.singletonList("text/plain"));
                    httpExchange.sendResponseHeaders(200, bytes.length);
                    httpExchange.getResponseBody().write(bytes);
                    httpExchange.close();
                } catch (Exception e) {
                    e.printStackTrace(System.err);
                    throw new RuntimeException(e);
                }
            });
            create.start();
        } catch (Exception e) {
            e.printStackTrace(System.err);
            throw new RuntimeException(e);
        }
    }

    static {
        spawnDaemon();
    }
}
