package io.camunda.zeebe.client.impl.oauth;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import io.camunda.zeebe.client.CredentialsProvider;
import io.camunda.zeebe.client.impl.ZeebeClientCredentials;
import io.camunda.zeebe.client.impl.util.VersionUtil;
import io.grpc.Metadata;
import io.grpc.Status;
import io.grpc.internal.GrpcUtil;
import io.netty.handler.codec.http.HttpHeaders;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.HashMap;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:BOOT-INF/lib/zeebe-client-java-8.0.4.jar:io/camunda/zeebe/client/impl/oauth/OAuthCredentialsProvider.class */
public final class OAuthCredentialsProvider implements CredentialsProvider {
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    private static final ObjectReader CREDENTIALS_READER = JSON_MAPPER.readerFor(ZeebeClientCredentials.class);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuthCredentialsProvider.class);
    private static final Metadata.Key<String> HEADER_AUTH_KEY = Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
    private final URL authorizationServerUrl;
    private final String payload;
    private final String endpoint;
    private final OAuthCredentialsCache credentialsCache;
    private final Duration connectionTimeout;
    private final Duration readTimeout;
    private ZeebeClientCredentials credentials;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuthCredentialsProvider(OAuthCredentialsProviderBuilder oAuthCredentialsProviderBuilder) {
        this.authorizationServerUrl = oAuthCredentialsProviderBuilder.getAuthorizationServer();
        this.endpoint = oAuthCredentialsProviderBuilder.getAudience();
        this.payload = createParams(oAuthCredentialsProviderBuilder);
        this.credentialsCache = new OAuthCredentialsCache(oAuthCredentialsProviderBuilder.getCredentialsCache());
        this.connectionTimeout = oAuthCredentialsProviderBuilder.getConnectTimeout();
        this.readTimeout = oAuthCredentialsProviderBuilder.getReadTimeout();
    }

    @Override // io.camunda.zeebe.client.CredentialsProvider
    public void applyCredentials(Metadata metadata) throws IOException {
        if (this.credentials == null) {
            loadCredentials();
        }
        String tokenType = this.credentials.getTokenType();
        if (tokenType == null || tokenType.isEmpty()) {
            throw new IOException(String.format("Expected valid token type but was absent or invalid '%s'", tokenType));
        }
        metadata.put(HEADER_AUTH_KEY, String.format("%s %s", Character.toUpperCase(tokenType.charAt(0)) + tokenType.substring(1), this.credentials.getAccessToken()));
    }

    @Override // io.camunda.zeebe.client.CredentialsProvider
    public boolean shouldRetryRequest(Throwable th) {
        try {
            if (Status.fromThrowable(th).getCode() == Status.Code.UNAUTHENTICATED) {
                if (refreshCredentials()) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            LOG.error("Failed while fetching credentials: ", (Throwable) e);
            return false;
        }
    }

    private void loadCredentials() throws IOException {
        Optional<ZeebeClientCredentials> empty;
        try {
            empty = this.credentialsCache.readCache().get(this.endpoint);
        } catch (IOException e) {
            LOG.debug("Failed to read credentials cache", (Throwable) e);
            empty = Optional.empty();
        }
        if (empty.isPresent() && empty.get().isValid()) {
            this.credentials = empty.get();
        } else {
            refreshCredentials();
        }
    }

    private boolean refreshCredentials() throws IOException {
        ZeebeClientCredentials fetchCredentials = fetchCredentials();
        this.credentialsCache.put(this.endpoint, fetchCredentials).writeCache();
        if (this.credentials != null && this.credentials.isValid() && fetchCredentials.equals(this.credentials)) {
            return false;
        }
        this.credentials = fetchCredentials;
        LOG.debug("Refreshed credentials.");
        return true;
    }

    private static String createParams(OAuthCredentialsProviderBuilder oAuthCredentialsProviderBuilder) {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", oAuthCredentialsProviderBuilder.getClientId());
        hashMap.put("client_secret", oAuthCredentialsProviderBuilder.getClientSecret());
        hashMap.put("audience", oAuthCredentialsProviderBuilder.getAudience());
        hashMap.put("grant_type", "client_credentials");
        return (String) hashMap.entrySet().stream().map(entry -> {
            return encode((String) entry.getKey()) + "=" + encode((String) entry.getValue());
        }).collect(Collectors.joining(BeanFactory.FACTORY_BEAN_PREFIX));
    }

    private static String encode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new UncheckedIOException("Failed while encoding OAuth request parameters: ", e);
        }
    }

    private ZeebeClientCredentials fetchCredentials() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) this.authorizationServerUrl.openConnection();
        httpURLConnection.setRequestMethod(GrpcUtil.HTTP_METHOD);
        httpURLConnection.setRequestProperty("Content-Type", HttpHeaders.Values.APPLICATION_X_WWW_FORM_URLENCODED);
        httpURLConnection.setRequestProperty("Accept", "application/json");
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setReadTimeout(Math.toIntExact(this.readTimeout.toMillis()));
        httpURLConnection.setConnectTimeout(Math.toIntExact(this.connectionTimeout.toMillis()));
        httpURLConnection.setRequestProperty("User-Agent", "zeebe-client-java/" + VersionUtil.getVersion());
        OutputStream outputStream = httpURLConnection.getOutputStream();
        try {
            byte[] bytes = this.payload.getBytes(StandardCharsets.UTF_8);
            outputStream.write(bytes, 0, bytes.length);
            if (outputStream != null) {
                outputStream.close();
            }
            if (httpURLConnection.getResponseCode() != 200) {
                throw new IOException(String.format("Failed while requesting access token with status code %d and message %s.", Integer.valueOf(httpURLConnection.getResponseCode()), httpURLConnection.getResponseMessage()));
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
                try {
                    ZeebeClientCredentials zeebeClientCredentials = (ZeebeClientCredentials) CREDENTIALS_READER.readValue(inputStreamReader);
                    if (zeebeClientCredentials == null) {
                        throw new IOException("Expected valid credentials but got null instead.");
                    }
                    inputStreamReader.close();
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    return zeebeClientCredentials;
                } finally {
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
