package com.incountry.residence.sdk.tools.http.impl;

import com.google.gson.FieldNamingPolicy;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonSyntaxException;
import com.incountry.residence.sdk.tools.exceptions.StorageClientException;
import com.incountry.residence.sdk.tools.exceptions.StorageServerException;
import com.incountry.residence.sdk.tools.http.TokenClient;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.AbstractMap;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/incountry/residence/sdk/tools/http/impl/OAuthTokenClient.class */
public class OAuthTokenClient extends AbstractHttpRequestCreator implements TokenClient {
    private static final String MSG_REFRESH_TOKEN = "refreshToken force={}, audience={}";
    private static final String MSG_AUTH_URL = "auth URL={}";
    private static final String DEFAULT_APAC_AUTH_URL = "https://auth-apac.incountry.com/oauth2/token";
    private static final String DEFAULT_EMEA_AUTH_URL = "https://auth-emea.incountry.com/oauth2/token";
    private static final String APAC = "apac";
    private static final String EMEA = "emea";
    private static final String MSG_ERR_AUTH = "Unexpected exception during authorization, params [OAuth URL=%s, audience=%s]";
    private static final String MSG_ERR_NULL_TOKEN = "Token is null";
    private static final String MSG_ERR_EXPIRES = "Token TTL is invalid";
    private static final String MSG_ERR_INVALID_TYPE = "Token type is invalid";
    private static final String MSG_ERR_INVALID_SCOPE = "Token scope is invalid";
    private static final String MSG_RESPONSE_ERR = "Error in parsing authorization response: '%s'";
    private static final String MSG_ERR_PARAMS = "Can't use param 'authEndpoints' without setting 'defaultAuthEndpoint'";
    private static final String MSG_ERR_ILLEGAL_AUTH_ENDPOINTS = "Parameter 'authEndpoints' contains null keys/values";
    private static final String USER_AGENT = "User-Agent";
    private static final String USER_AGENT_VALUE = "SDK-Java/3.3.1";
    private static final String BODY = "grant_type=client_credentials&audience=%s&scope=%s";
    private static final String BEARER_TOKEN_TYPE = "bearer";
    private static final String BASIC = "Basic ";
    private static final String POST = "POST";
    private static final String AUTHORIZATION = "Authorization";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String APPLICATION_URLENCODED = "application/x-www-form-urlencoded";
    private final String basicAuthToken;
    private final String scope;
    private final Map<String, Map.Entry<String, Long>> tokenMap = new HashMap();
    private final Map<String, String> regionMap = new HashMap();
    private final String defaultAuthEndpoint;
    private final CloseableHttpClient httpClient;
    private static final Logger LOG = LogManager.getLogger(OAuthTokenClient.class);
    private static final Charset CHARSET = StandardCharsets.UTF_8;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/incountry/residence/sdk/tools/http/impl/OAuthTokenClient$TransferToken.class */
    public static class TransferToken {
        String accessToken;
        String tokenType;
        String scope;
        Long expiresIn;

        private TransferToken() {
        }
    }

    public OAuthTokenClient(String str, Map<String, String> map, String str2, String str3, String str4, CloseableHttpClient closeableHttpClient) throws StorageClientException {
        if (map != null && !map.isEmpty()) {
            if (isEmpty(str)) {
                throw new StorageClientException(MSG_ERR_PARAMS);
            }
            if (map.entrySet().stream().anyMatch(entry -> {
                return isEmpty((String) entry.getKey()) || isEmpty((String) entry.getValue());
            })) {
                throw new StorageClientException(MSG_ERR_ILLEGAL_AUTH_ENDPOINTS);
            }
        }
        this.scope = str2;
        this.basicAuthToken = BASIC + getCredentialsBase64(str3, str4);
        this.httpClient = closeableHttpClient;
        this.defaultAuthEndpoint = str != null ? str : DEFAULT_EMEA_AUTH_URL;
        if (map != null && !map.isEmpty()) {
            map.forEach((str5, str6) -> {
                this.regionMap.put(str5.toLowerCase(), str6);
            });
        } else if (str == null) {
            this.regionMap.put(APAC, DEFAULT_APAC_AUTH_URL);
            this.regionMap.put(EMEA, DEFAULT_EMEA_AUTH_URL);
        }
    }

    private boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }

    @Override // com.incountry.residence.sdk.tools.http.TokenClient
    public String getToken(String str, String str2) throws StorageServerException {
        return refreshToken(false, str, str2);
    }

    @Override // com.incountry.residence.sdk.tools.http.TokenClient
    public synchronized String refreshToken(boolean z, String str, String str2) throws StorageServerException {
        if (LOG.isTraceEnabled()) {
            LOG.trace(MSG_REFRESH_TOKEN, Boolean.valueOf(z), str);
        }
        Map.Entry<String, Long> entry = this.tokenMap.get(str);
        if (z || entry == null || entry.getValue().longValue() < System.currentTimeMillis()) {
            entry = newToken(str, str2);
            this.tokenMap.put(str, entry);
        }
        return entry.getKey();
    }

    private HttpRequestBase addHeaders(HttpRequestBase httpRequestBase) {
        httpRequestBase.addHeader(AUTHORIZATION, this.basicAuthToken);
        httpRequestBase.addHeader(CONTENT_TYPE, APPLICATION_URLENCODED);
        httpRequestBase.addHeader(USER_AGENT, USER_AGENT_VALUE);
        return httpRequestBase;
    }

    private Map.Entry<String, Long> newToken(String str, String str2) throws StorageServerException {
        String format = String.format(BODY, str, this.scope);
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            try {
                try {
                    String str3 = this.regionMap.get(str2);
                    if (str3 == null) {
                        str3 = this.defaultAuthEndpoint;
                    }
                    if (LOG.isTraceEnabled()) {
                        LOG.trace(MSG_AUTH_URL, str3);
                    }
                    HttpRequestBase createRequest = createRequest(str3, POST, format, null);
                    addHeaders(createRequest);
                    CloseableHttpResponse execute = this.httpClient.execute(createRequest);
                    int statusCode = execute.getStatusLine().getStatusCode();
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    if (!(statusCode == 200)) {
                        throw createAndLogException(String.format(MSG_RESPONSE_ERR, entityUtils));
                    }
                    Map.Entry<String, Long> validateAndGet = validateAndGet(entityUtils);
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (IOException e) {
                            LOG.warn(e);
                        }
                    }
                    return validateAndGet;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            closeableHttpResponse.close();
                        } catch (IOException e2) {
                            LOG.warn(e2);
                        }
                    }
                    throw th;
                }
            } catch (StorageServerException e3) {
                throw e3;
            }
        } catch (Exception e4) {
            String format2 = String.format(MSG_ERR_AUTH, null, str);
            LOG.error(format2);
            throw new StorageServerException(format2, e4);
        }
    }

    private Map.Entry<String, Long> validateAndGet(String str) throws StorageServerException {
        try {
            TransferToken transferToken = (TransferToken) new GsonBuilder().setFieldNamingStrategy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create().fromJson(str, TransferToken.class);
            if (transferToken.accessToken == null || transferToken.accessToken.isEmpty()) {
                throw createAndLogException(MSG_ERR_NULL_TOKEN);
            }
            if (transferToken.expiresIn == null || transferToken.expiresIn.longValue() < 1) {
                throw createAndLogException(MSG_ERR_EXPIRES);
            }
            if (!BEARER_TOKEN_TYPE.equals(transferToken.tokenType)) {
                throw createAndLogException(MSG_ERR_INVALID_TYPE);
            }
            if (this.scope.equals(transferToken.scope)) {
                return new AbstractMap.SimpleEntry(transferToken.accessToken, Long.valueOf(System.currentTimeMillis() + (transferToken.expiresIn.longValue() * 1000)));
            }
            throw createAndLogException(MSG_ERR_INVALID_SCOPE);
        } catch (JsonSyntaxException e) {
            String format = String.format(MSG_RESPONSE_ERR, str);
            LOG.error(format);
            throw new StorageServerException(format, e);
        }
    }

    private StorageServerException createAndLogException(String str) {
        String replaceAll = str.replaceAll("[\r\n]", "");
        LOG.error(replaceAll);
        return new StorageServerException(replaceAll);
    }

    private String getCredentialsBase64(String str, String str2) {
        return new String(Base64.getEncoder().encode((str + ":" + str2).getBytes(CHARSET)), CHARSET);
    }
}
