package tech.ydb.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.annotations.JsonAdapter;
import com.google.gson.annotations.SerializedName;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.time.Clock;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tech.ydb.auth.OAuth2TokenSource;
import tech.ydb.core.Status;
import tech.ydb.core.StatusCode;
import tech.ydb.core.UnexpectedResultException;
import tech.ydb.core.auth.BackgroundIdentity;
import tech.ydb.core.impl.auth.GrpcAuthRpc;

/* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider.class */
public class OAuth2TokenExchangeProvider implements AuthRpcProvider<GrpcAuthRpc> {
    public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
    private static final Logger logger = LoggerFactory.getLogger(OAuth2TokenExchangeProvider.class);
    private static final Gson GSON = new Gson();
    private static final Set<String> SUPPORTED_JWT_ALGS = new HashSet(Arrays.asList("HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512"));
    private final Clock clock;
    private final String endpoint;
    private final String scope;
    private final OAuth2TokenSource subjectTokenSource;
    private final OAuth2TokenSource actorTokenSource;
    private final List<NameValuePair> httpForm;
    private final int timeoutSeconds;

    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$Builder.class */
    public static class Builder {
        private String endpoint;
        private OAuth2TokenSource subject;
        private Clock clock;
        private int timeoutSeconds;
        private OAuth2TokenSource actor;
        private String scope;
        private final List<String> resourceList;
        private final List<String> audienceList;
        private String grantType;
        private String requestedTokenType;

        private Builder() {
            this.endpoint = null;
            this.subject = null;
            this.clock = Clock.systemUTC();
            this.timeoutSeconds = 60;
            this.actor = null;
            this.scope = null;
            this.resourceList = new ArrayList();
            this.audienceList = new ArrayList();
            this.grantType = OAuth2TokenExchangeProvider.GRANT_TYPE;
            this.requestedTokenType = OAuth2TokenSource.ACCESS_TOKEN;
        }

        private Builder(String str, OAuth2TokenSource oAuth2TokenSource) {
            this.endpoint = null;
            this.subject = null;
            this.clock = Clock.systemUTC();
            this.timeoutSeconds = 60;
            this.actor = null;
            this.scope = null;
            this.resourceList = new ArrayList();
            this.audienceList = new ArrayList();
            this.grantType = OAuth2TokenExchangeProvider.GRANT_TYPE;
            this.requestedTokenType = OAuth2TokenSource.ACCESS_TOKEN;
            this.endpoint = str;
            this.subject = oAuth2TokenSource;
        }

        @VisibleForTesting
        Builder withClock(Clock clock) {
            this.clock = clock;
            return this;
        }

        public Builder withTokenEndpoint(String str) {
            this.endpoint = str;
            return this;
        }

        public Builder withSubjectTokenSource(OAuth2TokenSource oAuth2TokenSource) {
            this.subject = oAuth2TokenSource;
            return this;
        }

        public Builder withActorTokenSource(OAuth2TokenSource oAuth2TokenSource) {
            this.actor = oAuth2TokenSource;
            return this;
        }

        public Builder withScope(String str) {
            this.scope = str;
            return this;
        }

        public Builder withResource(String str) {
            this.resourceList.add(str);
            return this;
        }

        public Builder withAudience(String str) {
            this.audienceList.add(str);
            return this;
        }

        public Builder withTimeoutSeconds(int i) {
            this.timeoutSeconds = i;
            return this;
        }

        public Builder withCustomGrantType(String str) {
            this.grantType = str;
            return this;
        }

        public Builder withCustomRequestedTokenType(String str) {
            this.requestedTokenType = str;
            return this;
        }

        public OAuth2TokenExchangeProvider build() {
            return new OAuth2TokenExchangeProvider(this.clock, this.endpoint, this.scope, this.subject, this.actor, fixedArgs(), this.timeoutSeconds);
        }

        private List<NameValuePair> fixedArgs() {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("grant_type", this.grantType));
            arrayList.add(new BasicNameValuePair("requested_token_type", this.requestedTokenType));
            Iterator<String> it = this.resourceList.iterator();
            while (it.hasNext()) {
                arrayList.add(new BasicNameValuePair("resource", it.next()));
            }
            Iterator<String> it2 = this.audienceList.iterator();
            while (it2.hasNext()) {
                arrayList.add(new BasicNameValuePair("audience", it2.next()));
            }
            if (this.scope != null) {
                arrayList.add(new BasicNameValuePair("scope", this.scope));
            }
            return arrayList;
        }
    }

    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$DurationJsonConfigDeserializer.class */
    private static class DurationJsonConfigDeserializer implements JsonDeserializer<Integer> {
        private DurationJsonConfigDeserializer() {
        }

        private Integer deserializeWithMultiplier(String str, double d) {
            double parseDouble = Double.parseDouble(str);
            if (parseDouble < 0.0d) {
                throw new RuntimeException(String.format("Cannot parse ttl from json, negative duration is not allowed: \"%s\"", str));
            }
            return Integer.valueOf((int) (parseDouble * d));
        }

        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public Integer m1deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) {
            String asString = jsonElement.getAsJsonPrimitive().getAsString();
            if (asString.endsWith("s")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 1), 1.0d);
            }
            if (asString.endsWith("m")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 1), 60.0d);
            }
            if (asString.endsWith("h")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 1), 3600.0d);
            }
            if (asString.endsWith("d")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 1), 86400.0d);
            }
            if (asString.endsWith("ms")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 2), 0.001d);
            }
            if (asString.endsWith("us")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 2), 1.0E-6d);
            }
            if (asString.endsWith("ns")) {
                return deserializeWithMultiplier(asString.substring(0, asString.length() - 2), 1.0E-9d);
            }
            throw new RuntimeException(String.format("Cannot parse ttl from json: \"%s\"", asString));
        }
    }

    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$JsonConfig.class */
    private static class JsonConfig {

        @SerializedName("token-endpoint")
        private String tokenEndpoint = null;

        @SerializedName("grant-type")
        private String grantType = null;

        @SerializedName("res")
        @JsonAdapter(SingleStringOrArrayOfStringsJsonConfigDeserializer.class)
        private String[] resource = null;

        @SerializedName("aud")
        @JsonAdapter(SingleStringOrArrayOfStringsJsonConfigDeserializer.class)
        private String[] audience = null;

        @SerializedName("scope")
        @JsonAdapter(SingleStringOrArrayOfStringsJsonConfigDeserializer.class)
        private String[] scope = null;

        @SerializedName("requested-token-type")
        private String requestedTokenType = null;

        @SerializedName("subject-credentials")
        private TokenSourceJsonConfig subject = null;

        @SerializedName("actor-credentials")
        private TokenSourceJsonConfig actor = null;

        private JsonConfig() {
        }

        public String getTokenEndpoint() {
            return this.tokenEndpoint;
        }

        public String getGrantType() {
            return this.grantType;
        }

        public String[] getResource() {
            return this.resource;
        }

        public String[] getAudience() {
            return this.audience;
        }

        public String[] getScope() {
            return this.scope;
        }

        public String buildScope() {
            String str = new String();
            for (String str2 : this.scope) {
                if (str.length() != 0) {
                    str = str + " ";
                }
                str = str + str2;
            }
            return str;
        }

        public String getRequestedTokenType() {
            return this.requestedTokenType;
        }

        public TokenSourceJsonConfig getSubject() {
            return this.subject;
        }

        public TokenSourceJsonConfig getActor() {
            return this.actor;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$OAuth2Response.class */
    public static class OAuth2Response {

        @SerializedName("access_token")
        private String accessToken;

        @SerializedName("issued_token_type")
        private String issuedTokenType;

        @SerializedName("token_type")
        private String tokenType;

        @SerializedName("expires_in")
        private Long expiredIn;

        @SerializedName("scope")
        private String scope;

        @SerializedName("refresh_token")
        private String refreshToken;

        private OAuth2Response() {
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getIssuedTokenType() {
            return this.issuedTokenType;
        }

        public String getTokenType() {
            return this.tokenType;
        }

        public Long getExpiredIn() {
            return this.expiredIn;
        }

        public String getScope() {
            return this.scope;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$OAuth2Rpc.class */
    public class OAuth2Rpc implements BackgroundIdentity.Rpc {
        private final ExecutorService executor;
        private final CloseableHttpClient client = HttpClients.createDefault();
        private volatile Instant subjectExpiredAt;
        private volatile String subjectToken;
        private volatile Instant actorExpiredAt;
        private volatile String actorToken;

        OAuth2Rpc(ExecutorService executorService) {
            this.executor = executorService;
        }

        public void close() {
            try {
                this.client.close();
            } catch (IOException e) {
                OAuth2TokenExchangeProvider.logger.error("io exception on closing of http client", e);
            }
        }

        /* JADX WARN: Failed to calculate best type for var: r10v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Failed to calculate best type for var: r10v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
         */
        /* JADX WARN: Failed to calculate best type for var: r11v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Failed to calculate best type for var: r11v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
         */
        /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
        	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Not initialized variable reg: 10, insn: 0x030b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:74:0x030b */
        /* JADX WARN: Not initialized variable reg: 11, insn: 0x0310: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:76:0x0310 */
        /* JADX WARN: Type inference failed for: r10v0, types: [java.io.Reader] */
        /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
        private BackgroundIdentity.Rpc.Token updateToken() throws IOException {
            StatusCode statusCode;
            if (OAuth2TokenExchangeProvider.this.subjectTokenSource != null && (this.subjectExpiredAt == null || OAuth2TokenExchangeProvider.this.clock.instant().isAfter(this.subjectExpiredAt))) {
                this.subjectToken = OAuth2TokenExchangeProvider.this.subjectTokenSource.getToken();
                this.subjectExpiredAt = OAuth2TokenExchangeProvider.this.clock.instant().plusSeconds(OAuth2TokenExchangeProvider.this.subjectTokenSource.getExpireInSeconds());
            }
            if (OAuth2TokenExchangeProvider.this.actorTokenSource != null && (this.actorExpiredAt == null || OAuth2TokenExchangeProvider.this.clock.instant().isAfter(this.actorExpiredAt))) {
                this.actorToken = OAuth2TokenExchangeProvider.this.actorTokenSource.getToken();
                this.actorExpiredAt = OAuth2TokenExchangeProvider.this.clock.instant().plusSeconds(OAuth2TokenExchangeProvider.this.actorTokenSource.getExpireInSeconds());
            }
            HttpPost httpPost = new HttpPost(OAuth2TokenExchangeProvider.this.endpoint);
            httpPost.setEntity(buildHttpForm());
            CloseableHttpResponse execute = this.client.execute(httpPost);
            int statusCode2 = execute.getStatusLine().getStatusCode();
            if (statusCode2 != 200) {
                switch (statusCode2) {
                    case 400:
                        statusCode = StatusCode.BAD_REQUEST;
                        break;
                    case 401:
                    case 403:
                        statusCode = StatusCode.UNAUTHORIZED;
                        break;
                    case 404:
                        statusCode = StatusCode.NOT_FOUND;
                        break;
                    case 500:
                        statusCode = StatusCode.INTERNAL_ERROR;
                        break;
                    case 503:
                    case 504:
                        statusCode = StatusCode.UNAVAILABLE;
                        break;
                    default:
                        statusCode = StatusCode.CLIENT_INTERNAL_ERROR;
                        break;
                }
                throw new UnexpectedResultException("Cannot get OAuth2 token with code " + statusCode2 + "[" + execute.getStatusLine().getReasonPhrase() + "]", Status.of(statusCode));
            }
            try {
                try {
                    InputStreamReader inputStreamReader = new InputStreamReader(execute.getEntity().getContent());
                    Throwable th = null;
                    OAuth2Response oAuth2Response = (OAuth2Response) OAuth2TokenExchangeProvider.GSON.fromJson(inputStreamReader, OAuth2Response.class);
                    if (oAuth2Response == null) {
                        throw new UnexpectedResultException("Empty OAuth2 response", Status.of(StatusCode.INTERNAL_ERROR));
                    }
                    if (!"Bearer".equalsIgnoreCase(oAuth2Response.getTokenType())) {
                        throw new UnexpectedResultException("OAuth2 token exchange: unsupported token type: " + oAuth2Response.getTokenType(), Status.of(StatusCode.INTERNAL_ERROR));
                    }
                    if (oAuth2Response.getExpiredIn() == null || oAuth2Response.getExpiredIn().longValue() <= 0) {
                        throw new UnexpectedResultException("OAuth2 token exchange: incorrect expiration time: " + oAuth2Response.getExpiredIn(), Status.of(StatusCode.INTERNAL_ERROR));
                    }
                    String scope = oAuth2Response.getScope();
                    if (OAuth2TokenExchangeProvider.this.scope != null && scope != null && !OAuth2TokenExchangeProvider.this.scope.equals(scope)) {
                        throw new UnexpectedResultException("OAuth2 token exchange: different scope. Expected: " + OAuth2TokenExchangeProvider.this.scope + ", but got: " + scope, Status.of(StatusCode.INTERNAL_ERROR));
                    }
                    BackgroundIdentity.Rpc.Token token = new BackgroundIdentity.Rpc.Token("Bearer " + oAuth2Response.getAccessToken(), OAuth2TokenExchangeProvider.this.clock.instant().plusSeconds(oAuth2Response.getExpiredIn().longValue()), OAuth2TokenExchangeProvider.this.clock.instant().plusSeconds(oAuth2Response.getExpiredIn().longValue() / 2));
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    return token;
                } finally {
                }
            } finally {
                execute.close();
            }
        }

        public CompletableFuture<BackgroundIdentity.Rpc.Token> getTokenAsync() {
            CompletableFuture<BackgroundIdentity.Rpc.Token> completableFuture = new CompletableFuture<>();
            this.executor.submit(() -> {
                try {
                    completableFuture.complete(updateToken());
                } catch (IOException | RuntimeException e) {
                    completableFuture.completeExceptionally(e);
                }
            });
            return completableFuture;
        }

        public int getTimeoutSeconds() {
            return OAuth2TokenExchangeProvider.this.timeoutSeconds;
        }

        private HttpEntity buildHttpForm() {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(OAuth2TokenExchangeProvider.this.httpForm);
            if (this.subjectToken != null) {
                arrayList.add(new BasicNameValuePair("subject_token", this.subjectToken));
                arrayList.add(new BasicNameValuePair("subject_token_type", OAuth2TokenExchangeProvider.this.subjectTokenSource.getType()));
            }
            if (this.actorToken != null) {
                arrayList.add(new BasicNameValuePair("actor_token", this.actorToken));
                arrayList.add(new BasicNameValuePair("actor_token_type", OAuth2TokenExchangeProvider.this.actorTokenSource.getType()));
            }
            try {
                return new UrlEncodedFormEntity(arrayList);
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("Cannot build OAuth2 http form", e);
            }
        }
    }

    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$SingleStringOrArrayOfStringsJsonConfigDeserializer.class */
    private static class SingleStringOrArrayOfStringsJsonConfigDeserializer implements JsonDeserializer<String[]> {
        private SingleStringOrArrayOfStringsJsonConfigDeserializer() {
        }

        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public String[] m2deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext) {
            if (!jsonElement.isJsonArray()) {
                if (!jsonElement.isJsonPrimitive()) {
                    throw new RuntimeException("Cannot parse config from json: field is expected to be string or array of nonempty strings");
                }
                String[] strArr = {jsonElement.getAsJsonPrimitive().getAsString()};
                if (strArr[0].length() == 0) {
                    throw new RuntimeException("Cannot parse config from json: empty string");
                }
                return strArr;
            }
            JsonArray asJsonArray = jsonElement.getAsJsonArray();
            if (asJsonArray.size() == 0) {
                return null;
            }
            String[] strArr2 = new String[asJsonArray.size()];
            for (int i = 0; i < asJsonArray.size(); i++) {
                strArr2[i] = asJsonArray.get(i).getAsJsonPrimitive().getAsString();
                if (strArr2[i].length() == 0) {
                    throw new RuntimeException("Cannot parse config from json: empty string");
                }
            }
            return strArr2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tech/ydb/auth/OAuth2TokenExchangeProvider$TokenSourceJsonConfig.class */
    public static class TokenSourceJsonConfig {

        @SerializedName("type")
        private String type = null;

        @SerializedName("token")
        private String token = null;

        @SerializedName("token-type")
        private String tokenType = null;

        @SerializedName("alg")
        private String alg = null;

        @SerializedName("private-key")
        private String privateKey = null;

        @SerializedName("kid")
        private String keyId = null;

        @SerializedName("iss")
        private String issuer = null;

        @SerializedName("sub")
        private String subject = null;

        @SerializedName("aud")
        @JsonAdapter(SingleStringOrArrayOfStringsJsonConfigDeserializer.class)
        private String[] audience = null;

        @SerializedName("jti")
        private String id = null;

        @SerializedName("ttl")
        @JsonAdapter(DurationJsonConfigDeserializer.class)
        private Integer ttlSeconds = null;

        private TokenSourceJsonConfig() {
        }

        public String getType() {
            return this.type;
        }

        public String getToken() {
            return this.token;
        }

        public String getTokenType() {
            return this.tokenType;
        }

        public String getAlg() {
            return this.alg;
        }

        public String getPrivateKey() {
            return this.privateKey;
        }

        public String getKeyId() {
            return this.keyId;
        }

        public String getIssuer() {
            return this.issuer;
        }

        public String getSubject() {
            return this.subject;
        }

        public String[] getAudience() {
            return this.audience;
        }

        public String getId() {
            return this.id;
        }

        public Integer getTtlSeconds() {
            return this.ttlSeconds;
        }
    }

    private OAuth2TokenExchangeProvider(Clock clock, String str, String str2, OAuth2TokenSource oAuth2TokenSource, OAuth2TokenSource oAuth2TokenSource2, List<NameValuePair> list, int i) {
        this.clock = clock;
        this.endpoint = str;
        this.scope = str2;
        this.subjectTokenSource = oAuth2TokenSource;
        this.actorTokenSource = oAuth2TokenSource2;
        this.httpForm = list;
        this.timeoutSeconds = i;
    }

    public static String[] getSupportedJwtAlgorithms() {
        String[] strArr = new String[SUPPORTED_JWT_ALGS.size()];
        int i = 0;
        Iterator<String> it = SUPPORTED_JWT_ALGS.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = it.next();
        }
        Arrays.sort(strArr);
        return strArr;
    }

    private static OAuth2TokenSource buildFixedTokenSourceFromConfig(TokenSourceJsonConfig tokenSourceJsonConfig) {
        if (tokenSourceJsonConfig.getToken() == null || tokenSourceJsonConfig.getToken().length() == 0 || tokenSourceJsonConfig.getTokenType() == null || tokenSourceJsonConfig.getTokenType().length() == 0) {
            throw new RuntimeException("Both token and token-type are required");
        }
        return OAuth2TokenSource.fromValue(tokenSourceJsonConfig.getToken(), tokenSourceJsonConfig.getTokenType());
    }

    private static OAuth2TokenSource buildJwtTokenSourceFromConfig(TokenSourceJsonConfig tokenSourceJsonConfig) {
        if (tokenSourceJsonConfig.getAlg() == null || tokenSourceJsonConfig.getAlg().length() == 0) {
            throw new RuntimeException("Algorithm is required");
        }
        if (tokenSourceJsonConfig.getPrivateKey() == null || tokenSourceJsonConfig.getPrivateKey().length() == 0) {
            throw new RuntimeException("Key is required");
        }
        String upperCase = tokenSourceJsonConfig.getAlg().toUpperCase();
        if (!SUPPORTED_JWT_ALGS.contains(upperCase)) {
            String str = "";
            for (String str2 : getSupportedJwtAlgorithms()) {
                if (str.length() > 0) {
                    str = str + ", ";
                }
                str = ((str + "\"") + str2) + "\"";
            }
            throw new RuntimeException(String.format("Algorithm \"%s\" is not supported. Supported algorithms: %s", tokenSourceJsonConfig.getAlg(), str));
        }
        OAuth2TokenSource.JWTTokenBuilder withHmacPrivateKeyBase64 = "HS256".equals(upperCase) || "HS384".equals(upperCase) || "HS512".equals(upperCase) ? OAuth2TokenSource.withHmacPrivateKeyBase64(tokenSourceJsonConfig.getPrivateKey(), upperCase) : OAuth2TokenSource.withPrivateKeyPem(new StringReader(tokenSourceJsonConfig.getPrivateKey()), upperCase);
        if (tokenSourceJsonConfig.getKeyId() != null) {
            withHmacPrivateKeyBase64.withKeyId(tokenSourceJsonConfig.getKeyId());
        }
        if (tokenSourceJsonConfig.getIssuer() != null) {
            withHmacPrivateKeyBase64.withIssuer(tokenSourceJsonConfig.getIssuer());
        }
        if (tokenSourceJsonConfig.getSubject() != null) {
            withHmacPrivateKeyBase64.withSubject(tokenSourceJsonConfig.getSubject());
        }
        if (tokenSourceJsonConfig.getAudience() != null && tokenSourceJsonConfig.getAudience().length != 0) {
            if (tokenSourceJsonConfig.getAudience().length > 1) {
                throw new RuntimeException("Multiple audience is not supported by current JWT library");
            }
            withHmacPrivateKeyBase64.withAudience(tokenSourceJsonConfig.getAudience()[0]);
        }
        if (tokenSourceJsonConfig.getId() != null) {
            withHmacPrivateKeyBase64.withId(tokenSourceJsonConfig.getId());
        }
        if (tokenSourceJsonConfig.getTtlSeconds() != null) {
            withHmacPrivateKeyBase64.withTtlSeconds(tokenSourceJsonConfig.getTtlSeconds().intValue());
        }
        return withHmacPrivateKeyBase64.build();
    }

    private static OAuth2TokenSource buildTokenSourceFromConfig(TokenSourceJsonConfig tokenSourceJsonConfig) {
        if (tokenSourceJsonConfig.getType() == null) {
            throw new RuntimeException("No token source type");
        }
        if ("FIXED".equalsIgnoreCase(tokenSourceJsonConfig.getType())) {
            return buildFixedTokenSourceFromConfig(tokenSourceJsonConfig);
        }
        if ("JWT".equalsIgnoreCase(tokenSourceJsonConfig.getType())) {
            return buildJwtTokenSourceFromConfig(tokenSourceJsonConfig);
        }
        throw new RuntimeException("Unsupported token source type: " + tokenSourceJsonConfig.getType());
    }

    /* JADX WARN: Failed to calculate best type for var: r8v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0159: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:65:0x0159 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x015d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:67:0x015d */
    /* JADX WARN: Type inference failed for: r8v1, types: [java.io.BufferedReader] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    public static Builder fromFile(File file) {
        Builder builder = new Builder();
        File expandUserHomeDir = expandUserHomeDir(file);
        try {
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(expandUserHomeDir));
                Throwable th = null;
                JsonConfig jsonConfig = (JsonConfig) GSON.fromJson(bufferedReader, JsonConfig.class);
                if (jsonConfig == null) {
                    throw new RuntimeException("Empty config");
                }
                if (jsonConfig.getTokenEndpoint() != null) {
                    builder.withTokenEndpoint(jsonConfig.getTokenEndpoint());
                }
                if (jsonConfig.getGrantType() != null) {
                    builder.withCustomGrantType(jsonConfig.getGrantType());
                }
                if (jsonConfig.getResource() != null && jsonConfig.getResource().length != 0) {
                    for (String str : jsonConfig.getResource()) {
                        builder.withResource(str);
                    }
                }
                if (jsonConfig.getAudience() != null && jsonConfig.getAudience().length != 0) {
                    for (String str2 : jsonConfig.getAudience()) {
                        builder.withAudience(str2);
                    }
                }
                if (jsonConfig.getScope() != null && jsonConfig.getScope().length != 0) {
                    builder.withScope(jsonConfig.buildScope());
                }
                if (jsonConfig.getRequestedTokenType() != null) {
                    builder.withCustomRequestedTokenType(jsonConfig.getRequestedTokenType());
                }
                if (jsonConfig.getSubject() != null) {
                    builder.withSubjectTokenSource(buildTokenSourceFromConfig(jsonConfig.getSubject()));
                }
                if (jsonConfig.getActor() != null) {
                    builder.withActorTokenSource(buildTokenSourceFromConfig(jsonConfig.getActor()));
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return builder;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Unable to read config from " + expandUserHomeDir, e);
        }
    }

    private static File expandUserHomeDir(File file) {
        String path = file.getPath();
        return path.startsWith(new StringBuilder().append("~").append(File.separator).toString()) ? new File(System.getProperty("user.home") + path.substring(1)) : file;
    }

    public AuthIdentity createAuthIdentity(GrpcAuthRpc grpcAuthRpc) {
        return new BackgroundIdentity(this.clock, new OAuth2Rpc(grpcAuthRpc.getExecutor()));
    }

    public static Builder newBuilder(String str, OAuth2TokenSource oAuth2TokenSource) {
        return new Builder(str, oAuth2TokenSource);
    }
}
