package com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler.login;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mulesoft.connectors.kafka.api.oauth.connection.provider.CredentialsPlacement;
import com.mulesoft.connectors.kafka.internal.error.exception.oauth.OAuthLoginException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Date;
import java.util.concurrent.TimeoutException;
import org.mule.runtime.core.api.util.IOUtils;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.client.HttpClient;
import org.mule.runtime.http.api.client.auth.HttpAuthentication;
import org.mule.runtime.http.api.domain.entity.InputStreamHttpEntity;
import org.mule.runtime.http.api.domain.message.request.HttpRequest;
import org.mule.runtime.http.api.domain.message.request.HttpRequestBuilder;
import org.mule.runtime.http.api.domain.message.response.HttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connectors/kafka/internal/connection/provider/sasl/oauth/handler/login/ClientCredentialsLoginManager.class */
public class ClientCredentialsLoginManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientCredentialsLoginManager.class);
    private final boolean followRedirects;
    private final boolean includeAcceptHeader;
    private final Integer responseTimeout;
    private final HttpClient httpClient;
    private final CredentialsPlacement credentialsPlacement;
    private static final String ACCEPT = "Accept";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String APPLICATION_JSON = "application/json";
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String AUDIENCE = "audience";
    private static final String AUTHORIZATION = "Authorization";
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_CREDENTIALS = "client_credentials";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String EXPIRES_IN = "expires_in";
    private static final String GRANT_TYPE = "grant_type";
    private static final String SCOPE = "scope";

    public ClientCredentialsLoginManager(HttpClient httpClient, Integer num, boolean z, boolean z2, CredentialsPlacement credentialsPlacement) {
        this.httpClient = httpClient;
        this.responseTimeout = num;
        this.followRedirects = z;
        this.includeAcceptHeader = z2;
        this.credentialsPlacement = credentialsPlacement;
    }

    public AuthenticationDetails login(LoginDetails loginDetails) throws IOException, TimeoutException {
        String clientId = loginDetails.getClientId();
        String clientSecret = loginDetails.getClientSecret();
        String scope = loginDetails.getScope();
        String audience = loginDetails.getAudience();
        String principalName = loginDetails.getPrincipalName();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Building request body with credentials placement in {}", this.credentialsPlacement.toString());
        }
        StringBuilder sb = new StringBuilder(String.format("%s=%s", GRANT_TYPE, CLIENT_CREDENTIALS));
        try {
            if (this.credentialsPlacement.equals(CredentialsPlacement.BODY)) {
                sb.append("&").append(CLIENT_ID).append("=").append(encodeToUrl(clientId));
                sb.append("&").append(CLIENT_SECRET).append("=").append(encodeToUrl(clientSecret));
            }
            if (scope != null) {
                sb.append("&").append(SCOPE).append("=").append(encodeToUrl(scope));
            }
            if (audience != null) {
                sb.append("&").append(AUDIENCE).append("=").append(encodeToUrl(normalizeAudiences(audience.split(","))));
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Building authentication request with body: {}", sb);
            }
            HttpRequestBuilder method = HttpRequest.builder().addHeader(CONTENT_TYPE, APPLICATION_X_WWW_FORM_URLENCODED).entity(new InputStreamHttpEntity(new ByteArrayInputStream(sb.toString().getBytes()))).uri(loginDetails.getTokenEndpoint()).method(HttpConstants.Method.POST);
            LOGGER.info("Authentication request successfully built.");
            if (this.includeAcceptHeader) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Adding header: 'Accept=application/json'");
                }
                method.addHeader(ACCEPT, APPLICATION_JSON);
            }
            if (this.credentialsPlacement.equals(CredentialsPlacement.BASIC_AUTHENTICATION_HEADER)) {
                method.addHeader(AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes(StandardCharsets.UTF_8)));
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Sending request to {}", loginDetails.getTokenEndpoint());
            }
            HttpResponse send = this.httpClient.send(method.build(), this.responseTimeout.intValue(), this.followRedirects, (HttpAuthentication) null);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Response status code: {}", Integer.valueOf(send.getStatusCode()));
            }
            if (send.getStatusCode() < 200 || send.getStatusCode() > 299) {
                Object[] objArr = new Object[2];
                objArr[0] = Integer.valueOf(send.getStatusCode());
                objArr[1] = send.getEntity() != null ? IOUtils.toString(send.getEntity().getContent()) : "";
                throw new OAuthLoginException(String.format("There was an error during invoking the request to the authentication server. Status code: %s. Message: %s", objArr));
            }
            if (send.getEntity() == null) {
                throw new OAuthLoginException(String.format("Invalid response from the authentication server: Missing HTTP entity. Status code: %s", Integer.valueOf(send.getStatusCode())));
            }
            JsonNode readTree = new ObjectMapper().readTree(send.getEntity().getContent());
            JsonNode jsonNode = readTree.get(ACCESS_TOKEN);
            JsonNode jsonNode2 = readTree.get(EXPIRES_IN);
            JsonNode jsonNode3 = readTree.get(SCOPE);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Response entity was present and successfully read");
            }
            if (jsonNode == null) {
                throw new OAuthLoginException("Invalid response from authentication server: Missing access_token parameter!");
            }
            if (jsonNode2 == null) {
                throw new OAuthLoginException("Invalid response from authentication server: Missing expires_in parameter!");
            }
            long currentTimeMillis = System.currentTimeMillis();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Token details successfully retrieved at: {}", new Date(currentTimeMillis));
            }
            return new AuthenticationDetails(jsonNode.asText(), currentTimeMillis, currentTimeMillis + (jsonNode2.asLong() * 1000), jsonNode3 != null ? jsonNode3.asText() : null, principalName);
        } catch (UnsupportedEncodingException e) {
            throw new OAuthLoginException("UTF-8 encoding not supported! Error message: " + e.getMessage(), e);
        }
    }

    private String encodeToUrl(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "utf-8");
    }

    private String normalizeAudiences(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = strArr[i].trim();
        }
        return String.join(" ", strArr);
    }
}
