package org.apache.pulsar.client.impl.auth.oauth2;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.io.IOUtils;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.ClientCredentialsExchangeRequest;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.ClientCredentialsExchanger;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.TokenClient;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.TokenExchangeException;
import org.apache.pulsar.client.impl.auth.oauth2.protocol.TokenResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-client-original-3.0.4.jar:org/apache/pulsar/client/impl/auth/oauth2/ClientCredentialsFlow.class */
public class ClientCredentialsFlow extends FlowBase {
    private static final Logger log;
    public static final String CONFIG_PARAM_ISSUER_URL = "issuerUrl";
    public static final String CONFIG_PARAM_AUDIENCE = "audience";
    public static final String CONFIG_PARAM_KEY_FILE = "privateKey";
    public static final String CONFIG_PARAM_SCOPE = "scope";
    private static final long serialVersionUID = 1;
    private final String audience;
    private final String privateKey;
    private final String scope;
    private transient ClientCredentialsExchanger exchanger;
    private boolean initialized;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:META-INF/bundled-dependencies/pulsar-client-original-3.0.4.jar:org/apache/pulsar/client/impl/auth/oauth2/ClientCredentialsFlow$ClientCredentialsFlowBuilder.class */
    public static class ClientCredentialsFlowBuilder {
        private URL issuerUrl;
        private String audience;
        private String privateKey;
        private String scope;

        ClientCredentialsFlowBuilder() {
        }

        public ClientCredentialsFlowBuilder issuerUrl(URL url) {
            this.issuerUrl = url;
            return this;
        }

        public ClientCredentialsFlowBuilder audience(String str) {
            this.audience = str;
            return this;
        }

        public ClientCredentialsFlowBuilder privateKey(String str) {
            this.privateKey = str;
            return this;
        }

        public ClientCredentialsFlowBuilder scope(String str) {
            this.scope = str;
            return this;
        }

        public ClientCredentialsFlow build() {
            return new ClientCredentialsFlow(this.issuerUrl, this.audience, this.privateKey, this.scope);
        }

        public String toString() {
            return "ClientCredentialsFlow.ClientCredentialsFlowBuilder(issuerUrl=" + this.issuerUrl + ", audience=" + this.audience + ", privateKey=" + this.privateKey + ", scope=" + this.scope + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }
    }

    public ClientCredentialsFlow(URL url, String str, String str2, String str3) {
        super(url);
        this.initialized = false;
        this.audience = str;
        this.privateKey = str2;
        this.scope = str3;
    }

    @Override // org.apache.pulsar.client.impl.auth.oauth2.FlowBase, org.apache.pulsar.client.impl.auth.oauth2.Flow
    public void initialize() throws PulsarClientException {
        super.initialize();
        if (!$assertionsDisabled && this.metadata == null) {
            throw new AssertionError();
        }
        this.exchanger = new TokenClient(this.metadata.getTokenEndpoint());
        this.initialized = true;
    }

    @Override // org.apache.pulsar.client.impl.auth.oauth2.Flow
    public TokenResult authenticate() throws PulsarClientException {
        try {
            KeyFile loadPrivateKey = loadPrivateKey(this.privateKey);
            ClientCredentialsExchangeRequest build = ClientCredentialsExchangeRequest.builder().clientId(loadPrivateKey.getClientId()).clientSecret(loadPrivateKey.getClientSecret()).audience(this.audience).scope(this.scope).build();
            if (!this.initialized) {
                initialize();
            }
            try {
                return this.exchanger.exchangeClientCredentials(build);
            } catch (IOException | TokenExchangeException e) {
                throw new PulsarClientException.AuthenticationException("Unable to obtain an access token: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new PulsarClientException.AuthenticationException("Unable to read private key: " + e2.getMessage());
        }
    }

    @Override // org.apache.pulsar.client.impl.auth.oauth2.Flow, java.lang.AutoCloseable
    public void close() throws Exception {
        this.exchanger.close();
    }

    public static ClientCredentialsFlow fromParameters(Map<String, String> map) {
        URL parseParameterUrl = parseParameterUrl(map, CONFIG_PARAM_ISSUER_URL);
        String parseParameterString = parseParameterString(map, CONFIG_PARAM_KEY_FILE);
        return builder().issuerUrl(parseParameterUrl).audience(map.get(CONFIG_PARAM_AUDIENCE)).privateKey(parseParameterString).scope(map.get("scope")).build();
    }

    private static KeyFile loadPrivateKey(String str) throws IOException {
        try {
            URLConnection openConnection = new org.apache.pulsar.client.api.url.URL(str).openConnection();
            try {
                String protocol = openConnection.getURL().getProtocol();
                String contentType = openConnection.getContentType();
                if ("data".equals(protocol) && !"application/json".equals(contentType)) {
                    throw new IllegalArgumentException("Unsupported media type or encoding format: " + openConnection.getContentType());
                }
                InputStreamReader inputStreamReader = new InputStreamReader((InputStream) openConnection.getContent(), StandardCharsets.UTF_8);
                try {
                    KeyFile fromJson = KeyFile.fromJson(inputStreamReader);
                    inputStreamReader.close();
                    return fromJson;
                } catch (Throwable th) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
                IOUtils.close(openConnection);
            }
        } catch (IllegalAccessException | InstantiationException | URISyntaxException e) {
            throw new IOException("Invalid privateKey format", e);
        }
    }

    public static ClientCredentialsFlowBuilder builder() {
        return new ClientCredentialsFlowBuilder();
    }

    static {
        $assertionsDisabled = !ClientCredentialsFlow.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger((Class<?>) ClientCredentialsFlow.class);
    }
}
