package no.ks.fiks.maskinporten;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.JSONObjectUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import lombok.NonNull;
import net.jodah.expiringmap.ExpirationPolicy;
import net.jodah.expiringmap.ExpiringMap;
import net.jodah.expiringmap.ExpiringValue;
import net.minidev.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/ks/fiks/maskinporten/Maskinportenklient.class */
public class Maskinportenklient {
    private static final Logger log = LoggerFactory.getLogger(Maskinportenklient.class);
    private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
    static final String CLAIM_SCOPE = "scope";
    static final String CLAIM_CONSUMER_ORG = "consumer_org";
    private final MaskinportenklientProperties properties;
    private final JWSHeader jwsHeader;
    private final JWSSigner signer;
    private final ExpiringMap<AccessTokenRequest, String> map;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:no/ks/fiks/maskinporten/Maskinportenklient$AccessTokenRequest.class */
    public static final class AccessTokenRequest {

        @NonNull
        private final Set<String> scopes;
        private final String consumerOrg;

        /* loaded from: input_file:no/ks/fiks/maskinporten/Maskinportenklient$AccessTokenRequest$AccessTokenRequestBuilder.class */
        public static class AccessTokenRequestBuilder {
            private Set<String> scopes;
            private String consumerOrg;

            AccessTokenRequestBuilder() {
            }

            public AccessTokenRequestBuilder scopes(@NonNull Set<String> set) {
                if (set == null) {
                    throw new NullPointerException("scopes is marked non-null but is null");
                }
                this.scopes = set;
                return this;
            }

            public AccessTokenRequestBuilder consumerOrg(String str) {
                this.consumerOrg = str;
                return this;
            }

            public AccessTokenRequest build() {
                return new AccessTokenRequest(this.scopes, this.consumerOrg);
            }

            public String toString() {
                return "Maskinportenklient.AccessTokenRequest.AccessTokenRequestBuilder(scopes=" + this.scopes + ", consumerOrg=" + this.consumerOrg + ")";
            }
        }

        AccessTokenRequest(@NonNull Set<String> set, String str) {
            if (set == null) {
                throw new NullPointerException("scopes is marked non-null but is null");
            }
            this.scopes = set;
            this.consumerOrg = str;
        }

        public static AccessTokenRequestBuilder builder() {
            return new AccessTokenRequestBuilder();
        }

        @NonNull
        public Set<String> getScopes() {
            return this.scopes;
        }

        public String getConsumerOrg() {
            return this.consumerOrg;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AccessTokenRequest)) {
                return false;
            }
            AccessTokenRequest accessTokenRequest = (AccessTokenRequest) obj;
            Set<String> scopes = getScopes();
            Set<String> scopes2 = accessTokenRequest.getScopes();
            if (scopes == null) {
                if (scopes2 != null) {
                    return false;
                }
            } else if (!scopes.equals(scopes2)) {
                return false;
            }
            String consumerOrg = getConsumerOrg();
            String consumerOrg2 = accessTokenRequest.getConsumerOrg();
            return consumerOrg == null ? consumerOrg2 == null : consumerOrg.equals(consumerOrg2);
        }

        public int hashCode() {
            Set<String> scopes = getScopes();
            int hashCode = (1 * 59) + (scopes == null ? 43 : scopes.hashCode());
            String consumerOrg = getConsumerOrg();
            return (hashCode * 59) + (consumerOrg == null ? 43 : consumerOrg.hashCode());
        }

        public String toString() {
            return "Maskinportenklient.AccessTokenRequest(scopes=" + getScopes() + ", consumerOrg=" + getConsumerOrg() + ")";
        }
    }

    public Maskinportenklient(@NonNull KeyStore keyStore, String str, char[] cArr, @NonNull MaskinportenklientProperties maskinportenklientProperties) throws KeyStoreException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException {
        this((PrivateKey) keyStore.getKey(str, cArr), (X509Certificate) keyStore.getCertificate(str), maskinportenklientProperties);
        if (keyStore == null) {
            throw new NullPointerException("keyStore is marked non-null but is null");
        }
        if (maskinportenklientProperties == null) {
            throw new NullPointerException("properties is marked non-null but is null");
        }
    }

    public Maskinportenklient(@NonNull PrivateKey privateKey, X509Certificate x509Certificate, @NonNull MaskinportenklientProperties maskinportenklientProperties) throws CertificateEncodingException {
        if (privateKey == null) {
            throw new NullPointerException("privateKey is marked non-null but is null");
        }
        if (maskinportenklientProperties == null) {
            throw new NullPointerException("properties is marked non-null but is null");
        }
        this.properties = maskinportenklientProperties;
        this.jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).x509CertChain(Collections.singletonList(Base64.encode(x509Certificate.getEncoded()))).build();
        this.signer = new RSASSASigner(privateKey);
        this.map = ExpiringMap.builder().variableExpiration().expiringEntryLoader(accessTokenRequest -> {
            JSONObject parse = parse(doAcquireAccessToken(accessTokenRequest));
            JSONObject parseAccessToken = parseAccessToken(parse);
            long longValue = ((Long) parse.getAsNumber("expires_in")).longValue();
            long numberOfSecondsLeftBeforeExpire = longValue - maskinportenklientProperties.getNumberOfSecondsLeftBeforeExpire();
            log.info("Adding access token to cache; access_token.scopes: '{}', access_token.exp: {}, expires_in: {} seconds. Expires from cache in {} seconds ({}).", new Object[]{parse.getAsString(CLAIM_SCOPE), new Date(TimeUnit.MILLISECONDS.convert(((Long) parseAccessToken.getAsNumber("exp")).longValue(), TimeUnit.SECONDS)), Long.valueOf(longValue), Long.valueOf(numberOfSecondsLeftBeforeExpire), new Date(System.currentTimeMillis() + (1000 * numberOfSecondsLeftBeforeExpire))});
            return new ExpiringValue(parse.getAsString("access_token"), ExpirationPolicy.CREATED, numberOfSecondsLeftBeforeExpire, TimeUnit.SECONDS);
        }).build();
    }

    public String getAccessToken(@NonNull Collection<String> collection) {
        if (collection == null) {
            throw new NullPointerException("scopes is marked non-null but is null");
        }
        return getTokenForRequest(AccessTokenRequest.builder().scopes(new HashSet(collection)).build());
    }

    public String getAccessToken(String... strArr) {
        return getAccessToken(scopesToCollection(strArr));
    }

    public String getDelegatedAccessToken(@NonNull String str, @NonNull Collection<String> collection) {
        if (str == null) {
            throw new NullPointerException("consumerOrg is marked non-null but is null");
        }
        if (collection == null) {
            throw new NullPointerException("scopes is marked non-null but is null");
        }
        return getTokenForRequest(AccessTokenRequest.builder().scopes(new HashSet(collection)).consumerOrg(str).build());
    }

    public String getDelegatedAccessToken(@NonNull String str, String... strArr) {
        if (str == null) {
            throw new NullPointerException("consumerOrg is marked non-null but is null");
        }
        return getDelegatedAccessToken(str, scopesToCollection(strArr));
    }

    private String getTokenForRequest(@NonNull AccessTokenRequest accessTokenRequest) {
        if (accessTokenRequest == null) {
            throw new NullPointerException("accessTokenRequest is marked non-null but is null");
        }
        if (accessTokenRequest.getScopes().isEmpty()) {
            throw new IllegalArgumentException("Minst ett scope må oppgies");
        }
        return (String) this.map.get(accessTokenRequest);
    }

    protected String createJwtRequestForAccessToken(AccessTokenRequest accessTokenRequest) throws JOSEException {
        long currentTimeMillis = System.currentTimeMillis();
        long convert = currentTimeMillis + TimeUnit.MILLISECONDS.convert(2L, TimeUnit.MINUTES);
        String audience = this.properties.getAudience();
        String issuer = this.properties.getIssuer();
        String str = (String) accessTokenRequest.getScopes().stream().collect(Collectors.joining(" "));
        String str2 = (String) Optional.ofNullable(accessTokenRequest.consumerOrg).orElse(this.properties.getConsumerOrg());
        log.debug("Signing JWTRequest with audience='{}',issuer='{}',scopes='{}',consumerOrg='{}'", new Object[]{audience, issuer, str, str2});
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().audience(audience).issuer(issuer).claim(CLAIM_SCOPE, str).jwtID(UUID.randomUUID().toString()).issueTime(new Date(currentTimeMillis)).expirationTime(new Date(convert));
        if (str2 != null) {
            expirationTime.claim(CLAIM_CONSUMER_ORG, str2);
        }
        SignedJWT signedJWT = new SignedJWT(this.jwsHeader, expirationTime.build());
        signedJWT.sign(this.signer);
        return signedJWT.serialize();
    }

    private String doAcquireAccessToken(AccessTokenRequest accessTokenRequest) {
        try {
            return acquireAccessToken(accessTokenRequest);
        } catch (JOSEException | IOException e) {
            log.error("Could not acquire access token due to an exception", e);
            throw new RuntimeException((Throwable) e);
        }
    }

    private String acquireAccessToken(AccessTokenRequest accessTokenRequest) throws JOSEException, IOException {
        byte[] bytes = "grant_type={grant_type}&assertion={assertion}".replace("{grant_type}", GRANT_TYPE).replace("{assertion}", createJwtRequestForAccessToken(accessTokenRequest)).getBytes(StandardCharsets.UTF_8);
        int length = bytes.length;
        String tokenEndpoint = this.properties.getTokenEndpoint();
        log.debug("Acquiring access token from \"{}\"", tokenEndpoint);
        long currentTimeMillis = System.currentTimeMillis();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(tokenEndpoint).openConnection();
        httpURLConnection.setConnectTimeout(this.properties.getTimeoutMillis());
        httpURLConnection.setReadTimeout(this.properties.getTimeoutMillis());
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setInstanceFollowRedirects(false);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Charset", "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(length));
        httpURLConnection.setUseCaches(false);
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        Throwable th = null;
        try {
            dataOutputStream.write(bytes);
            if (dataOutputStream != null) {
                if (0 != 0) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    dataOutputStream.close();
                }
            }
            int responseCode = httpURLConnection.getResponseCode();
            log.debug("Access token response received in {} ms with status {}", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), Integer.valueOf(responseCode));
            if (responseCode == 200) {
                return toString(httpURLConnection.getInputStream());
            }
            throw new RuntimeException(String.format("Http response code: %s, url: '%s', scopes: '%s', message: '%s'", Integer.valueOf(httpURLConnection.getResponseCode()), tokenEndpoint, accessTokenRequest, toString(httpURLConnection.getErrorStream())));
        } catch (Throwable th3) {
            if (dataOutputStream != null) {
                if (0 != 0) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dataOutputStream.close();
                }
            }
            throw th3;
        }
    }

    private String toString(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            return null;
        }
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        Throwable th = null;
        try {
            BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
            Throwable th2 = null;
            try {
                try {
                    String str = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return str;
                } finally {
                }
            } catch (Throwable th4) {
                if (bufferedReader != null) {
                    if (th2 != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
        }
    }

    private JSONObject parse(String str) {
        try {
            return JSONObjectUtils.parse(str);
        } catch (ParseException e) {
            throw new RuntimeException(e);
        }
    }

    private JSONObject parseAccessToken(JSONObject jSONObject) {
        try {
            return JWSObject.parse(jSONObject.getAsString("access_token")).getPayload().toJSONObject();
        } catch (ParseException e) {
            throw new RuntimeException(e);
        }
    }

    private static Collection<String> scopesToCollection(String... strArr) {
        return Arrays.asList(String.join(" ", strArr).split("\\s"));
    }
}
