package com.adobe.granite.auth.ims.impl;

import com.adobe.granite.auth.ims.impl.http.client.IMSHttpClientBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTReader;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/ims/impl/IMSClusterATExchangeGrantProviderImpl.class */
public class IMSClusterATExchangeGrantProviderImpl implements IMSClusterATExchangeGrantProvider {
    private final Logger log;
    private final IMSHttpClientBuilder imsHttpClientBuilder;
    private final CloseableHttpClient httpClient;
    private final String clientId;
    private final String clientSecret;
    private final String imsOrg;
    private final String tokenExchangeURL;
    private final Set<String> allowedClientIds;

    /* loaded from: input_file:com/adobe/granite/auth/ims/impl/IMSClusterATExchangeGrantProviderImpl$Builder.class */
    public static class Builder {
        private String clientId;
        private String clientSecret;
        private String imsOrg;
        private String tokenExchangeURL;
        private Set<String> allowedClientIds;
        private IMSHttpClientBuilder imsHttpClientBuilder;

        public Builder withClientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder withClientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Builder withImsOrg(String str) {
            this.imsOrg = str;
            return this;
        }

        public Builder withTokenExchangeURL(String str) {
            this.tokenExchangeURL = str;
            return this;
        }

        public Builder withAllowedClientIds(Set<String> set) {
            this.allowedClientIds = set;
            return this;
        }

        public Builder withIMSHttpClientBuilder(IMSHttpClientBuilder iMSHttpClientBuilder) {
            this.imsHttpClientBuilder = iMSHttpClientBuilder;
            return this;
        }

        public IMSClusterATExchangeGrantProviderImpl build() {
            return new IMSClusterATExchangeGrantProviderImpl(this);
        }
    }

    @Override // com.adobe.granite.auth.ims.impl.IMSClusterATExchangeGrantProvider
    public void close() {
        this.log.info("close: closing httpClient used to exchange tokens");
        HttpClientUtils.closeQuietly(this.httpClient);
    }

    @Override // com.adobe.granite.auth.ims.impl.IMSClusterATExchangeGrantProvider
    public String exchangeTokenByIMSOrg(@NotNull String str) {
        if (!validateTokenClientId(str, this.allowedClientIds)) {
            this.log.debug("exchangeTokenByIMSOrg: failure validating token");
            return null;
        }
        HttpPost buildExchangeTokenRequest = buildExchangeTokenRequest(str, this.clientId, this.clientSecret, this.imsOrg, this.tokenExchangeURL);
        if (buildExchangeTokenRequest == null) {
            this.log.error("exchangeTokenByIMSOrg: Error building the token exchange HTTP request.");
            return null;
        }
        String performExchangeTokenRequest = performExchangeTokenRequest(buildExchangeTokenRequest);
        if (performExchangeTokenRequest == null) {
            this.log.error("exchangeTokenByIMSOrg: Error performing the token exchange HTTP request.");
            return null;
        }
        String extractTokenFromResponse = extractTokenFromResponse(performExchangeTokenRequest);
        if (extractTokenFromResponse != null) {
            return extractTokenFromResponse;
        }
        this.log.error("exchangeTokenByIMSOrg: Error extracting token from response.");
        return null;
    }

    private boolean validateTokenClientId(String str, Set<String> set) {
        if (set == null) {
            this.log.error("validateTokenClientId: Set of allowedClientIds is null.");
            return false;
        }
        String extractClientIdFromAccessToken = extractClientIdFromAccessToken(str);
        if (extractClientIdFromAccessToken == null) {
            this.log.debug("validateTokenClientId: No valid clientID found in the access token");
            return false;
        }
        if (set.contains(extractClientIdFromAccessToken)) {
            return true;
        }
        this.log.debug("validateTokenClientId: Client ID not in the allow list, the token preprocessor will not exchange this token.");
        return false;
    }

    private String extractClientIdFromAccessToken(String str) {
        if (str == null) {
            this.log.debug("extractClientIdFromAccessToken: null access token.");
            return null;
        }
        String str2 = (String) ((JWT) new JWTReader().read(str)).getClaimsSet().getCustomField(IMSConstants.CLIENT_ID, String.class);
        if (str2 != null) {
            return str2;
        }
        this.log.debug("extractClientIdFromAccessToken: client_id is null.");
        return null;
    }

    private HttpPost buildExchangeTokenRequest(String str, String str2, String str3, String str4, String str5) {
        try {
            new URL(str5);
            HttpPost httpPost = new HttpPost(str5);
            try {
                httpPost.setURI(new URIBuilder(httpPost.getURI()).addParameter(IMSConstants.CLIENT_ID, str2).build());
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("grant_type", "cluster_at_exchange"));
                arrayList.add(new BasicNameValuePair(IMSConstants.CLIENT_SECRET, str3));
                arrayList.add(new BasicNameValuePair("user_token", str));
                arrayList.add(new BasicNameValuePair("owning_org_id", str4));
                try {
                    httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                    return httpPost;
                } catch (UnsupportedEncodingException e) {
                    this.log.error("buildExchangeTokenRequest: Failure to encode the token exchange request body: {}", e.getMessage());
                    return null;
                }
            } catch (URISyntaxException e2) {
                this.log.error("buildExchangeTokenRequest: Failure to build the token exchange request URI: {}", e2.getMessage());
                return null;
            }
        } catch (MalformedURLException e3) {
            this.log.error("buildExchangeTokenRequest: Invalid tokenExchangeURL");
            return null;
        }
    }

    private String performExchangeTokenRequest(HttpPost httpPost) {
        try {
            CloseableHttpResponse execute = this.httpClient.execute(httpPost);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                this.log.info("performExchangeTokenRequest: Received a status code {} when contacting the token endpoint.", Integer.valueOf(statusCode));
                this.log.debug("Error response: {}", readResponseBody(execute));
                return null;
            }
            String readResponseBody = readResponseBody(execute);
            if (readResponseBody == null) {
                this.log.error("performExchangeTokenRequest: Failure to read IMS token exchange response.");
                return null;
            }
            try {
                execute.close();
            } catch (IOException e) {
                this.log.error("performExchangeTokenRequest: Failure to close Response resources. Attempting to continue ...");
            }
            return readResponseBody;
        } catch (IOException e2) {
            this.log.error("performExchangeTokenRequest: Error performing the HTTP request for token exchange: {}", e2.getMessage());
            return null;
        }
    }

    private String readResponseBody(CloseableHttpResponse closeableHttpResponse) {
        try {
            InputStream content = closeableHttpResponse.getEntity().getContent();
            Throwable th = null;
            try {
                String iOUtils = IOUtils.toString(content, StandardCharsets.UTF_8);
                if (content != null) {
                    if (0 != 0) {
                        try {
                            content.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        content.close();
                    }
                }
                return iOUtils;
            } finally {
            }
        } catch (IOException | IllegalStateException e) {
            this.log.error("readResponseBody: Failure to read the body of the response: {}", e.getMessage());
            return null;
        }
    }

    private String extractTokenFromResponse(String str) {
        try {
            try {
                return new JSONObject(str).getString(IMSConstants.ACCESS_TOKEN);
            } catch (JSONException e) {
                this.log.debug("extractTokenFromResponse: No access_token field in the response, invalid token: {}", e.getMessage());
                return null;
            }
        } catch (JSONException e2) {
            this.log.error("extractTokenFromResponse: Failure to parse IMS Token exchange response: {}", e2.getMessage());
            return null;
        }
    }

    private IMSClusterATExchangeGrantProviderImpl(Builder builder) {
        this.log = LoggerFactory.getLogger(getClass());
        this.clientId = builder.clientId;
        this.clientSecret = builder.clientSecret;
        this.imsOrg = builder.imsOrg;
        this.tokenExchangeURL = builder.tokenExchangeURL;
        this.allowedClientIds = builder.allowedClientIds;
        this.imsHttpClientBuilder = builder.imsHttpClientBuilder;
        this.httpClient = this.imsHttpClientBuilder.buildHttpClientWithIMSConfig();
    }
}
