package dagr;

import ch.qos.logback.core.joran.action.Action;
import com.typesafe.config.Config;
import io.bullet.borer.Decoder;
import io.bullet.borer.InputReader;
import io.bullet.borer.Reader;
import io.bullet.borer.compat.pekkoHttp$;
import io.bullet.borer.derivation.helpers.package$package$;
import java.io.FileReader;
import java.io.Serializable;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Base64;
import java.util.UUID;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.http.scaladsl.model.ContentTypes$;
import org.apache.pekko.http.scaladsl.model.HttpEntity$;
import org.apache.pekko.http.scaladsl.model.HttpMethods$;
import org.apache.pekko.http.scaladsl.model.HttpRequest$;
import org.apache.pekko.http.scaladsl.model.MediaRange;
import org.apache.pekko.http.scaladsl.model.MediaRange$;
import org.apache.pekko.http.scaladsl.model.MediaTypes$;
import org.apache.pekko.http.scaladsl.model.Uri$;
import org.apache.pekko.http.scaladsl.model.Uri$Query$;
import org.apache.pekko.http.scaladsl.model.headers.Accept$;
import org.apache.pekko.http.scaladsl.model.headers.Host;
import org.apache.pekko.http.scaladsl.model.headers.Host$;
import org.apache.pekko.http.scaladsl.unmarshalling.Unmarshal$;
import org.apache.pekko.stream.Materializer$;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pdi.jwt.Jwt$;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtClaim$;
import scala.C$less$colon$less$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Product;
import scala.Some$;
import scala.Tuple2;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.MapOps;
import scala.collection.StringOps$;
import scala.collection.immutable.C$colon$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.io.Source$;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.IntRef;
import scala.runtime.Nothing$;
import scala.runtime.ObjectRef;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Statics;
import scala.util.control.NonFatal$;

/* compiled from: SecurityToken.scala */
/* loaded from: input_file:dagr/SecurityTokenServiceClient.class */
public class SecurityTokenServiceClient {
    private final Config config;
    private final String role;
    private final HttpClient http;
    private final ActorSystem system;
    private final ExecutionContext ec;
    private final PrivateKey privateKey;
    private final String client_id;
    private final String token_service_uri;
    private final String jwtPayloadAudience;
    private final Map<String, String> jwtScope;
    private final List<Host> withHostHeader;
    private CachedToken cachedToken;
    private final Decoder<Token> tokenDecoder;
    public final SecurityTokenServiceClient$CachedToken$ CachedToken$lzy1 = new SecurityTokenServiceClient$CachedToken$(this);
    private final Logger logger = LoggerFactory.getLogger("dagr.token");

    /* compiled from: SecurityToken.scala */
    /* loaded from: input_file:dagr/SecurityTokenServiceClient$CachedToken.class */
    public class CachedToken implements Product, Serializable {
        private final Token token;
        private final long validTo;
        private final /* synthetic */ SecurityTokenServiceClient $outer;

        public CachedToken(SecurityTokenServiceClient securityTokenServiceClient, Token token, long j) {
            this.token = token;
            this.validTo = j;
            if (securityTokenServiceClient == null) {
                throw new NullPointerException();
            }
            this.$outer = securityTokenServiceClient;
        }

        @Override // scala.Product
        public /* bridge */ /* synthetic */ Iterator productIterator() {
            Iterator productIterator;
            productIterator = productIterator();
            return productIterator;
        }

        @Override // scala.Product
        public /* bridge */ /* synthetic */ Iterator productElementNames() {
            Iterator productElementNames;
            productElementNames = productElementNames();
            return productElementNames;
        }

        public int hashCode() {
            return Statics.finalizeHash(Statics.mix(Statics.mix(Statics.mix(-889275714, productPrefix().hashCode()), Statics.anyHash(token())), Statics.longHash(validTo())), 2);
        }

        @Override // scala.Equals
        public boolean equals(Object obj) {
            boolean z;
            if (this != obj) {
                if ((obj instanceof CachedToken) && ((CachedToken) obj).dagr$SecurityTokenServiceClient$CachedToken$$$outer() == this.$outer) {
                    CachedToken cachedToken = (CachedToken) obj;
                    if (validTo() == cachedToken.validTo()) {
                        Token token = token();
                        Token token2 = cachedToken.token();
                        if (token != null ? token.equals(token2) : token2 == null) {
                            if (cachedToken.canEqual(this)) {
                                z = true;
                            }
                        }
                    }
                    z = false;
                } else {
                    z = false;
                }
                if (!z) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        @Override // scala.Equals
        public boolean canEqual(Object obj) {
            return obj instanceof CachedToken;
        }

        @Override // scala.Product
        public int productArity() {
            return 2;
        }

        @Override // scala.Product
        public String productPrefix() {
            return "CachedToken";
        }

        @Override // scala.Product
        public Object productElement(int i) {
            if (0 == i) {
                return _1();
            }
            if (1 == i) {
                return BoxesRunTime.boxToLong(_2());
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        @Override // scala.Product
        public String productElementName(int i) {
            if (0 == i) {
                return "token";
            }
            if (1 == i) {
                return "validTo";
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        public Token token() {
            return this.token;
        }

        public long validTo() {
            return this.validTo;
        }

        public CachedToken copy(Token token, long j) {
            return new CachedToken(this.$outer, token, j);
        }

        public Token copy$default$1() {
            return token();
        }

        public long copy$default$2() {
            return validTo();
        }

        public Token _1() {
            return token();
        }

        public long _2() {
            return validTo();
        }

        public final /* synthetic */ SecurityTokenServiceClient dagr$SecurityTokenServiceClient$CachedToken$$$outer() {
            return this.$outer;
        }
    }

    public SecurityTokenServiceClient(Config config, String str, HttpClient httpClient, ActorSystem actorSystem, ExecutionContext executionContext) {
        this.config = config;
        this.role = str;
        this.http = httpClient;
        this.system = actorSystem;
        this.ec = executionContext;
        Security.addProvider(new BouncyCastleProvider());
        this.privateKey = (PrivateKey) Option$.MODULE$.apply(new StringBuilder(9).append(str).append(".key.path").toString()).filter(str2 -> {
            return config.hasPath(str2);
        }).map(str3 -> {
            return config.getString(str3);
        }).map(str4 -> {
            this.logger.debug(new StringBuilder(33).append("Obtaining private key from file: ").append(str4).toString());
            PemReader pemReader = new PemReader(new FileReader(str4));
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent());
            pemReader.close();
            return KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME).generatePrivate(pKCS8EncodedKeySpec);
        }).getOrElse(() -> {
            return r2.$init$$$anonfun$4(r3, r4);
        });
        if (this.privateKey == null) {
            this.logger.warn(new StringBuilder(74).append("Empty private key for JWT token encoding - data synchronization may fail. ").append(new StringBuilder(86).append("Please set '").append(str).append(".key' or '").append(str).append(".key.path' configuration value for this connector appropriately.").toString()).toString());
        }
        this.client_id = config.getString(new StringBuilder(10).append(str).append(".client_id").toString());
        this.token_service_uri = config.getString("jwt.service.uri");
        this.jwtPayloadAudience = config.getString("jwt.payload-audience");
        this.jwtScope = (Map) Option$.MODULE$.apply("jwt.scope").filter(str5 -> {
            return config.hasPath(str5);
        }).map(str6 -> {
            return config.getString(str6);
        }).map(str7 -> {
            return (Map) Predef$.MODULE$.Map().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc(Action.SCOPE_ATTRIBUTE), URLEncoder.encode(str7, StandardCharsets.UTF_8))}));
        }).getOrElse(SecurityTokenServiceClient::$init$$$anonfun$8);
        this.withHostHeader = (List) Option$.MODULE$.apply("jwt.service.with-host-header").filter(str8 -> {
            return config.hasPath(str8);
        }).map(str9 -> {
            return config.getBoolean(str9) ? new C$colon$colon(Host$.MODULE$.apply(Uri$.MODULE$.apply(this.token_service_uri).authority().host(), Host$.MODULE$.$lessinit$greater$default$2()), Nil$.MODULE$) : Nil$.MODULE$;
        }).getOrElse(SecurityTokenServiceClient::$init$$$anonfun$11);
        this.cachedToken = null;
        this.tokenDecoder = inputReader -> {
            if (inputReader.tryReadMapStart()) {
                return readObject$1(inputReader, -1);
            }
            if (!inputReader.hasMapHeader()) {
                throw inputReader.unexpectedDataItem("Map Start or Map Header for decoding an instance of type `Token`");
            }
            long readMapHeader = inputReader.readMapHeader();
            if (readMapHeader > 2147483647L) {
                throw inputReader.overflow("Maps with more than 2^31 entries are not supported");
            }
            return readObject$1(inputReader, (int) readMapHeader);
        };
    }

    public HttpClient http() {
        return this.http;
    }

    private final SecurityTokenServiceClient$CachedToken$ CachedToken() {
        return this.CachedToken$lzy1;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private CachedToken getCachedToken() {
        CachedToken cachedToken;
        synchronized (this) {
            cachedToken = this.cachedToken;
        }
        if (cachedToken == null || getInstantNowInMillisAtUTC() + 2000 >= cachedToken.validTo()) {
            return null;
        }
        return cachedToken;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setCachedToken(CachedToken cachedToken) {
        synchronized (this) {
            this.cachedToken = cachedToken;
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
    }

    private long getInstantNowInMillisAtUTC() {
        return Clock.fixed(Instant.now(), ZoneId.of("UTC")).millis();
    }

    public Decoder<Token> tokenDecoder() {
        return this.tokenDecoder;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public Future<Token> getToken() {
        CachedToken cachedToken = getCachedToken();
        if (cachedToken != null) {
            this.logger.debug(new StringBuilder(21).append("get cached token: ").append(cachedToken.token().access_token().length() > 5 ? StringOps$.MODULE$.take$extension(Predef$.MODULE$.augmentString(cachedToken.token().access_token()), 5) : "???").append("...").toString());
            return Future$.MODULE$.successful(cachedToken.token());
        }
        try {
            this.logger.debug("Preparing jwt claim");
            long instantNowInMillisAtUTC = getInstantNowInMillisAtUTC();
            long j = instantNowInMillisAtUTC / 1000;
            String query = Uri$Query$.MODULE$.apply((Map<String, String>) ((MapOps) Predef$.MODULE$.Map().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("grant_type"), "client_credentials"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("client_assertion_type"), "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("client_id"), this.client_id), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("client_assertion"), Jwt$.MODULE$.encode(JwtClaim$.MODULE$.apply(JwtClaim$.MODULE$.apply$default$1(), Some$.MODULE$.apply(this.client_id), Some$.MODULE$.apply(this.client_id), Some$.MODULE$.apply(Predef$.MODULE$.Set().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{this.jwtPayloadAudience}))), Some$.MODULE$.apply(BoxesRunTime.boxToLong(j + 900)), Some$.MODULE$.apply(BoxesRunTime.boxToLong(j)), Some$.MODULE$.apply(BoxesRunTime.boxToLong(j)), Some$.MODULE$.apply(UUID.randomUUID().toString())), this.privateKey, JwtAlgorithm$RS256$.MODULE$))}))).$plus$plus2((IterableOnce) this.jwtScope)).toString();
            this.logger.debug("jwt claim prepared");
            return getToken(instantNowInMillisAtUTC, query);
        } catch (Throwable th) {
            if (th != null) {
                Option<Throwable> unapply = NonFatal$.MODULE$.unapply(th);
                if (!unapply.isEmpty()) {
                    Throwable th2 = unapply.get();
                    this.logger.error("Failed to request security token", th2);
                    throw th2;
                }
            }
            throw th;
        }
    }

    private Future<Token> getToken(long j, String str) {
        this.logger.debug(new StringBuilder(28).append("Getting security token from ").append(this.token_service_uri).toString());
        return http().doRequest(HttpRequest$.MODULE$.apply(HttpMethods$.MODULE$.POST(), Uri$.MODULE$.apply(this.token_service_uri), new C$colon$colon(Accept$.MODULE$.apply(MediaRange$.MODULE$.apply(MediaTypes$.MODULE$.application$divjson()), ScalaRunTime$.MODULE$.wrapRefArray(new MediaRange[0])), Nil$.MODULE$).$plus$plus2(this.withHostHeader), HttpEntity$.MODULE$.apply(ContentTypes$.MODULE$.application$divx$minuswww$minusform$minusurlencoded(), str), HttpRequest$.MODULE$.apply$default$5()), http().doRequest$default$2(), http().doRequest$default$3(), http().doRequest$default$4()).flatMap(httpResponse -> {
            return Unmarshal$.MODULE$.apply(httpResponse).to(pekkoHttp$.MODULE$.borerFromMessageUnmarshaller(tokenDecoder()), this.ec, Materializer$.MODULE$.matFromSystem(this.system));
        }, this.ec).map(token -> {
            this.logger.debug(new StringBuilder(23).append("set cached token: ").append(token.access_token().length() > 5 ? StringOps$.MODULE$.take$extension(Predef$.MODULE$.augmentString(token.access_token()), 5) : "???").append("..., ").append(new StringBuilder(15).append("start time - ").append(Instant.ofEpochMilli(j)).append(", ").toString()).append(new StringBuilder(13).append("expires at - ").append(Instant.ofEpochMilli(j + (token.expires_in() * 1000))).toString()).toString());
            setCachedToken(CachedToken().apply(token, j + (token.expires_in() * 1000)));
            return token;
        }, this.ec).recover(new SecurityTokenServiceClient$$anon$1(), this.ec);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final /* synthetic */ String $anonfun$1(byte b) {
        return StringOps$.MODULE$.format$extension(Predef$.MODULE$.augmentString("%02x"), ScalaRunTime$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToByte(b)}));
    }

    private final PrivateKey $init$$$anonfun$4(String str, Config config) {
        return (PrivateKey) Option$.MODULE$.apply(new StringBuilder(4).append(str).append(".key").toString()).filter(str2 -> {
            return config.hasPath(str2);
        }).map(str3 -> {
            return config.getString(str3);
        }).map(str4 -> {
            return Source$.MODULE$.fromString(str4).getLines().filterNot(str4 -> {
                return str4 != null ? str4.equals("-----BEGIN PRIVATE KEY-----") : "-----BEGIN PRIVATE KEY-----" == 0;
            }).filterNot(str5 -> {
                return str5 != null ? str5.equals("-----END PRIVATE KEY-----") : "-----END PRIVATE KEY-----" == 0;
            }).toSeq().mkString();
        }).map(str5 -> {
            this.logger.debug(new StringBuilder(50).append("Obtaining private key from ").append(str).append(".key setting. SHA-256: ").append(Predef$.MODULE$.wrapRefArray((Object[]) ArrayOps$.MODULE$.map$extension(Predef$.MODULE$.byteArrayOps(MessageDigest.getInstance("SHA-256").digest(str5.getBytes("UTF-8"))), obj -> {
                return $anonfun$1(BoxesRunTime.unboxToByte(obj));
            }, ClassTag$.MODULE$.apply(String.class))).mkString()).toString());
            return KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str5)));
        }).orNull(C$less$colon$less$.MODULE$.refl());
    }

    private static final Map $init$$$anonfun$8() {
        return (Map) Predef$.MODULE$.Map().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[0]));
    }

    private static final List $init$$$anonfun$11() {
        return Nil$.MODULE$;
    }

    /* JADX WARN: Type inference failed for: r1v16, types: [T, java.lang.String] */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static final void read$2(InputReader inputReader, IntRef intRef, ObjectRef objectRef, IntRef intRef2) {
        int tryReadStringCompare = inputReader.tryReadStringCompare("expires_in");
        if (tryReadStringCompare < 0) {
            if (inputReader.tryReadStringCompare("access_token") != 0) {
                inputReader.skipElement().skipElement();
                return;
            } else {
                if ((intRef.elem & 1) != 0) {
                    throw package$package$.MODULE$.failDuplicateMapKey(inputReader, "access_token", "Token");
                }
                objectRef.elem = inputReader.readString();
                intRef.elem |= 1;
                return;
            }
        }
        if (tryReadStringCompare > 0) {
            inputReader.skipElement().skipElement();
        } else {
            if ((intRef.elem & 2) != 0) {
                throw package$package$.MODULE$.failDuplicateMapKey(inputReader, "expires_in", "Token");
            }
            intRef2.elem = inputReader.readInt();
            intRef.elem |= 2;
        }
    }

    /* JADX WARN: Type inference failed for: r1v16, types: [T, java.lang.String] */
    /* JADX WARN: Type inference failed for: r1v6, types: [T, java.lang.String] */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static final void read$1(InputReader inputReader, IntRef intRef, ObjectRef objectRef, IntRef intRef2, ObjectRef objectRef2, ObjectRef objectRef3) {
        int tryReadStringCompare = inputReader.tryReadStringCompare(Action.SCOPE_ATTRIBUTE);
        if (tryReadStringCompare < 0) {
            read$2(inputReader, intRef, objectRef, intRef2);
            return;
        }
        if (tryReadStringCompare <= 0) {
            if ((intRef.elem & 8) != 0) {
                throw package$package$.MODULE$.failDuplicateMapKey(inputReader, Action.SCOPE_ATTRIBUTE, "Token");
            }
            objectRef3.elem = inputReader.readString();
            intRef.elem |= 8;
            return;
        }
        if (inputReader.tryReadStringCompare("token_type") != 0) {
            inputReader.skipElement().skipElement();
        } else {
            if ((intRef.elem & 4) != 0) {
                throw package$package$.MODULE$.failDuplicateMapKey(inputReader, "token_type", "Token");
            }
            objectRef2.elem = inputReader.readString();
            intRef.elem |= 4;
        }
    }

    private static final Nothing$ failMissing$1(InputReader inputReader, int i) {
        return package$package$.MODULE$.failMissing((InputReader<? extends Reader.Config>) inputReader, "Token", i, (List<String>) new C$colon$colon("access_token", new C$colon$colon("expires_in", new C$colon$colon("token_type", new C$colon$colon(Action.SCOPE_ATTRIBUTE, Nil$.MODULE$)))));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static final Token readObject$1(InputReader inputReader, int i) {
        String str;
        int unboxToInt;
        String str2;
        String str3;
        int i2 = i;
        IntRef create = IntRef.create(0);
        if (i2 == 0 || !inputReader.tryReadString("access_token")) {
            str = null;
        } else {
            create.elem |= 1;
            i2--;
            str = inputReader.readString();
        }
        ObjectRef create2 = ObjectRef.create(str);
        if (i2 == 0 || !inputReader.tryReadString("expires_in")) {
            unboxToInt = BoxesRunTime.unboxToInt(null);
        } else {
            create.elem |= 2;
            i2--;
            unboxToInt = inputReader.readInt();
        }
        IntRef create3 = IntRef.create(unboxToInt);
        if (i2 == 0 || !inputReader.tryReadString("token_type")) {
            str2 = null;
        } else {
            create.elem |= 4;
            i2--;
            str2 = inputReader.readString();
        }
        ObjectRef create4 = ObjectRef.create(str2);
        if (i2 == 0 || !inputReader.tryReadString(Action.SCOPE_ATTRIBUTE)) {
            str3 = null;
        } else {
            create.elem |= 8;
            i2--;
            str3 = inputReader.readString();
        }
        ObjectRef create5 = ObjectRef.create(str3);
        while (true) {
            if (i2 > 0 || (i2 < 0 && !inputReader.tryReadBreak())) {
                if (create.elem != 15) {
                    read$1(inputReader, create, create2, create3, create4, create5);
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    inputReader.skipElement().skipElement();
                }
                i2--;
            }
        }
        int i3 = create.elem | (-16);
        if (i3 == -1) {
            return Token$.MODULE$.apply((String) create2.elem, create3.elem, (String) create4.elem, (String) create5.elem);
        }
        throw failMissing$1(inputReader, i3);
    }
}
