package io.strimzi.kafka.oauth.common;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/strimzi/kafka/oauth/common/OAuthAuthenticator.class */
public class OAuthAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(OAuthAuthenticator.class);

    public static TokenInfo loginWithAccessToken(String str) {
        return loginWithAccessToken(str, true);
    }

    public static TokenInfo loginWithAccessToken(String str, boolean z) {
        if (log.isDebugEnabled()) {
            log.debug("loginWithAccessToken() - pass-through access_token: {}", LogUtil.mask(str));
        }
        if (z) {
            try {
                return TokenIntrospection.introspectAccessToken(str);
            } catch (Exception e) {
                log.debug("[IGNORED] Could not parse token as JWT access token. Could not extract scope, subject, and expiry.", e);
            }
        }
        return new TokenInfo(str, "undefined", "undefined", System.currentTimeMillis(), System.currentTimeMillis() + 1471228928);
    }

    public static TokenInfo loginWithClientSecret(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("loginWithClientSecret() - tokenEndpointUrl: {}, clientId: {}, clientSecret: {}", new Object[]{uri, str, LogUtil.mask(str2)});
        }
        return post(uri, sSLSocketFactory, hostnameVerifier, "Basic " + base64encode(str + ':' + str2), new StringBuilder("grant_type=client_credentials").toString(), z);
    }

    public static TokenInfo loginWithRefreshToken(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, String str3, boolean z) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("loginWithRefreshToken() - tokenEndpointUrl: {}, refreshToken: {}, clientId: {}, clientSecret: {}", new Object[]{uri, str, str2, LogUtil.mask(str3)});
        }
        return post(uri, sSLSocketFactory, hostnameVerifier, str3 != null ? "Basic " + base64encode(str2 + ':' + str3) : null, "grant_type=refresh_token&refresh_token=" + urlencode(str) + "&client_id=" + urlencode(str2), z);
    }

    private static TokenInfo post(URI uri, SSLSocketFactory sSLSocketFactory, HostnameVerifier hostnameVerifier, String str, String str2, boolean z) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        JsonNode jsonNode = (JsonNode) HttpUtil.post(uri, sSLSocketFactory, hostnameVerifier, str, "application/x-www-form-urlencoded", str2, JsonNode.class);
        JsonNode jsonNode2 = jsonNode.get("access_token");
        if (jsonNode2 == null) {
            throw new IllegalStateException("Invalid response from authorization server: no access_token");
        }
        JsonNode jsonNode3 = jsonNode.get("expires_in");
        if (jsonNode3 == null) {
            throw new IllegalStateException("Invalid response from authorization server: no expires_in");
        }
        JsonNode jsonNode4 = jsonNode.get("scope");
        if (jsonNode4 == null) {
            throw new IllegalStateException("Invalid response from authorization server: no scope");
        }
        if (z) {
            try {
                return TokenIntrospection.introspectAccessToken(jsonNode2.asText());
            } catch (Exception e) {
                log.debug("[IGNORED] Could not parse token as JWT access token. Could not extract subject.", e);
            }
        }
        return new TokenInfo(jsonNode2.asText(), jsonNode4.asText(), "undefined", currentTimeMillis, currentTimeMillis + (jsonNode3.asLong() * 1000));
    }

    public static String base64encode(String str) {
        return Base64.getUrlEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    public static String urlencode(String str) {
        try {
            return URLEncoder.encode(str, "utf-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unexpected: Encoding utf-8 not supported");
        }
    }
}
