package com.liferay.digital.signature.internal.web.cache;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.json.JSONUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.HashMapBuilder;
import com.liferay.portal.kernel.util.Http;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.webcache.WebCacheItem;
import com.liferay.portal.kernel.webcache.WebCachePoolUtil;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.Base64;
import net.oauth.signature.pem.PEMReader;
import net.oauth.signature.pem.PKCS1EncodedKeySpec;

/* loaded from: input_file:com/liferay/digital/signature/internal/web/cache/DSAccessTokenWebCacheItem.class */
public class DSAccessTokenWebCacheItem implements WebCacheItem {
    private static final long _REFRESH_TIME = 2700000;
    private static final Log _log = LogFactoryUtil.getLog(DSAccessTokenWebCacheItem.class);
    private final String _apiUsername;
    private final String _integrationKey;
    private final byte[] _rsaPrivateKeyBytes;

    public static JSONObject get(String str, String str2, String str3) {
        return (JSONObject) WebCachePoolUtil.get(StringBundler.concat(new String[]{DSAccessTokenWebCacheItem.class.getName(), "#", str, "#", str2, "#", str3}), new DSAccessTokenWebCacheItem(str, str2, str3));
    }

    public DSAccessTokenWebCacheItem(String str, String str2, String str3) {
        this._apiUsername = str;
        this._integrationKey = str2;
        if (str3 != null) {
            this._rsaPrivateKeyBytes = str3.getBytes();
        } else {
            this._rsaPrivateKeyBytes = new byte[0];
        }
    }

    /* renamed from: convert, reason: merged with bridge method [inline-methods] */
    public JSONObject m3convert(String str) {
        try {
            if (_log.isDebugEnabled()) {
                _log.debug("Get DocuSign access token for integration key " + this._integrationKey);
            }
            Http.Options options = new Http.Options();
            options.setParts(HashMapBuilder.put("assertion", _getJWT()).put("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer").build());
            options.setLocation("https://account-d.docusign.com/oauth/token");
            options.setPost(true);
            return JSONFactoryUtil.createJSONObject(HttpUtil.URLtoString(options));
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
            return JSONFactoryUtil.createJSONObject();
        }
    }

    public long getRefreshTime() {
        return _REFRESH_TIME;
    }

    private String _encode(byte[] bArr) {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    private String _getJWT() throws Exception {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(_readPrivateKey());
        String jSONObject = JSONUtil.put("alg", "RS256").put("typ", "JWT").toString();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        String str = _encode(jSONObject.getBytes()) + "." + _encode(JSONUtil.put("aud", "account-d.docusign.com").put("exp", currentTimeMillis + 3600).put("iat", currentTimeMillis).put("iss", this._integrationKey).put("scope", "signature").put("sub", this._apiUsername).toString().getBytes());
        signature.update(str.getBytes());
        return StringUtil.removeSubstring(str + "." + _encode(signature.sign()), "=");
    }

    private PrivateKey _readPrivateKey() throws Exception {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS1EncodedKeySpec(new PEMReader(this._rsaPrivateKeyBytes).getDerBytes()).getKeySpec());
    }
}
