package io.debezium.server.http.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.debezium.DebeziumException;
import io.debezium.server.http.Authenticator;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/debezium/server/http/jwt/JWTAuthenticator.class */
public class JWTAuthenticator implements Authenticator {
    private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthenticator.class);
    private static final double EXPIRATION_DURATION_MULTIPLIER = 0.9d;
    private final String username;
    private final String password;
    private final long tokenExpirationDuration;
    private final long refreshTokenExpirationDuration;
    private String jwtToken;
    private String jwtRefreshToken;
    private final HttpRequest.Builder authRequestBuilder;
    private final HttpRequest.Builder refreshRequestBuilder;
    private AuthenticationState authenticationState;
    private Instant expirationDateTime;
    private final ObjectMapper mapper = new ObjectMapper();
    private final HttpClient client = HttpClient.newHttpClient();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/debezium/server/http/jwt/JWTAuthenticator$AuthenticationState.class */
    public enum AuthenticationState {
        NOT_AUTHENTICATED,
        FAILED_AUTHENTICATION,
        ACTIVE,
        EXPIRED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JWTAuthenticator(URI uri, URI uri2, String str, String str2, long j, long j2, Duration duration) {
        this.username = str;
        this.password = str2;
        this.tokenExpirationDuration = j;
        this.refreshTokenExpirationDuration = j2;
        this.authRequestBuilder = HttpRequest.newBuilder(uri).timeout(duration);
        this.authRequestBuilder.setHeader("content-type", "application/json");
        this.refreshRequestBuilder = HttpRequest.newBuilder(uri2).timeout(duration);
        this.refreshRequestBuilder.setHeader("content-type", "application/json");
        this.authenticationState = AuthenticationState.NOT_AUTHENTICATED;
        this.expirationDateTime = Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS);
    }

    void setAuthenticationState(AuthenticationState authenticationState) {
        this.authenticationState = authenticationState;
    }

    void setJwtToken(String str) {
        this.jwtToken = str;
    }

    void setJwtRefreshToken(String str) {
        this.jwtRefreshToken = str;
    }

    HttpRequest generateInitialAuthenticationRequest() {
        JWTAuthorizationInitialRequest jWTAuthorizationInitialRequest = new JWTAuthorizationInitialRequest(this.username, this.password, this.tokenExpirationDuration, this.refreshTokenExpirationDuration);
        StringWriter stringWriter = new StringWriter();
        try {
            this.mapper.writeValue(stringWriter, jWTAuthorizationInitialRequest);
            return this.authRequestBuilder.POST(HttpRequest.BodyPublishers.ofString(stringWriter.toString())).build();
        } catch (IOException e) {
            throw new DebeziumException("Could not serialize JWTAuthorizationRequest object to JSON.", e);
        }
    }

    private void checkAuthenticationExpired() {
        if (this.authenticationState == AuthenticationState.ACTIVE && this.expirationDateTime.isBefore(Instant.now())) {
            this.authenticationState = AuthenticationState.EXPIRED;
        }
    }

    HttpRequest generateRefreshAuthenticationRequest() {
        checkAuthenticationExpired();
        if (this.authenticationState == AuthenticationState.NOT_AUTHENTICATED || this.authenticationState == AuthenticationState.FAILED_AUTHENTICATION) {
            throw new DebeziumException("Must perform initial authentication successfully before attempting to refresh authentication");
        }
        JWTAuthorizationRefreshRequest jWTAuthorizationRefreshRequest = new JWTAuthorizationRefreshRequest(this.jwtRefreshToken, this.tokenExpirationDuration, this.refreshTokenExpirationDuration);
        StringWriter stringWriter = new StringWriter();
        try {
            this.mapper.writeValue(stringWriter, jWTAuthorizationRefreshRequest);
            return this.authRequestBuilder.POST(HttpRequest.BodyPublishers.ofString(stringWriter.toString())).build();
        } catch (IOException e) {
            throw new DebeziumException("Could not serialize JWTAuthorizationRequest object to JSON.", e);
        }
    }

    @Override // io.debezium.server.http.Authenticator
    public void setAuthorizationHeader(HttpRequest.Builder builder) {
        checkAuthenticationExpired();
        if (this.authenticationState == AuthenticationState.NOT_AUTHENTICATED || this.authenticationState == AuthenticationState.FAILED_AUTHENTICATION) {
            throw new DebeziumException("Must successfully authenticate against JWT endpoint before you can add the authorization information to the HTTP header.");
        }
        if (this.authenticationState == AuthenticationState.EXPIRED) {
            throw new DebeziumException("JWT authentication is expired. Must renew authentication before you can add the authorization information to the HTTP header.");
        }
        builder.setHeader("Authorization", "Bearer: " + this.jwtToken);
    }

    @Override // io.debezium.server.http.Authenticator
    public boolean authenticate() throws InterruptedException {
        HttpRequest generateInitialAuthenticationRequest;
        checkAuthenticationExpired();
        if (this.authenticationState == AuthenticationState.ACTIVE) {
            return true;
        }
        if (this.authenticationState == AuthenticationState.NOT_AUTHENTICATED || this.authenticationState == AuthenticationState.FAILED_AUTHENTICATION) {
            generateInitialAuthenticationRequest = generateInitialAuthenticationRequest();
        } else {
            if (this.authenticationState != AuthenticationState.EXPIRED) {
                throw new DebeziumException("Reached invalid authentication state.");
            }
            generateInitialAuthenticationRequest = generateRefreshAuthenticationRequest();
        }
        try {
            HttpResponse send = this.client.send(generateInitialAuthenticationRequest, HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() != 200) {
                this.authenticationState = AuthenticationState.FAILED_AUTHENTICATION;
                LOGGER.error("JWT Authentication failure. Check credentials.");
                return false;
            }
            try {
                JWTAuthorizationResponse jWTAuthorizationResponse = (JWTAuthorizationResponse) this.mapper.readValue((String) send.body(), JWTAuthorizationResponse.class);
                this.jwtToken = jWTAuthorizationResponse.getJwt();
                this.jwtRefreshToken = jWTAuthorizationResponse.getJwtRefreshToken();
                this.expirationDateTime = Instant.now().plus((long) (EXPIRATION_DURATION_MULTIPLIER * jWTAuthorizationResponse.getExpiresIn()), (TemporalUnit) ChronoUnit.MILLIS);
                this.authenticationState = AuthenticationState.ACTIVE;
                return true;
            } catch (IOException e) {
                throw new DebeziumException("Could not deserialize JWT authorization response.", e);
            }
        } catch (IOException e2) {
            throw new DebeziumException("Failed to send authentication request", e2);
        }
    }
}
