package com.okta.sdk.impl.oauth2;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.okta.commons.http.MediaType;
import com.okta.commons.http.authc.DisabledAuthenticator;
import com.okta.commons.lang.Assert;
import com.okta.oidc.net.ConnectionParameters;
import com.okta.sdk.authc.credentials.ClientCredentials;
import com.okta.sdk.client.AuthenticationScheme;
import com.okta.sdk.client.AuthorizationMode;
import com.okta.sdk.impl.api.DefaultClientCredentialsResolver;
import com.okta.sdk.impl.config.ClientConfiguration;
import com.okta.sdk.impl.error.DefaultError;
import com.okta.sdk.impl.util.ConfigUtil;
import com.okta.sdk.resource.ExtensibleResource;
import com.okta.sdk.resource.ResourceException;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.util.Optional;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class AccessTokenRetrieverServiceImpl implements AccessTokenRetrieverService {
    public static final /* synthetic */ int $r8$clinit = 0;
    private static final String TOKEN_URI = "/oauth2/v1/token";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AccessTokenRetrieverServiceImpl.class);
    private final OAuth2TokenClient tokenClient;
    private final ClientConfiguration tokenClientConfiguration;

    public AccessTokenRetrieverServiceImpl(ClientConfiguration clientConfiguration) {
        Assert.notNull(clientConfiguration, "apiClientConfiguration must not be null.");
        ClientConfiguration constructTokenClientConfig = constructTokenClientConfig(clientConfiguration);
        this.tokenClient = new OAuth2TokenClient(constructTokenClientConfig);
        this.tokenClientConfiguration = constructTokenClientConfig;
    }

    public AccessTokenRetrieverServiceImpl(ClientConfiguration clientConfiguration, OAuth2TokenClient oAuth2TokenClient) {
        Assert.notNull(clientConfiguration, "apiClientConfiguration must not be null.");
        Assert.notNull(oAuth2TokenClient, "tokenClient must not be null.");
        this.tokenClient = oAuth2TokenClient;
        this.tokenClientConfiguration = constructTokenClientConfig(clientConfiguration);
    }

    private Reader getPemReader() throws IOException {
        String privateKey = this.tokenClientConfiguration.getPrivateKey();
        return ConfigUtil.hasPrivateKeyContentWrapper(privateKey) ? new StringReader(privateKey) : Files.newBufferedReader(Paths.get(privateKey, new String[0]), Charset.defaultCharset());
    }

    public ClientConfiguration constructTokenClientConfig(ClientConfiguration clientConfiguration) {
        ClientConfiguration clientConfiguration2 = new ClientConfiguration();
        clientConfiguration2.setClientCredentialsResolver(new DefaultClientCredentialsResolver(new ClientCredentials() { // from class: com.okta.sdk.impl.oauth2.-$$Lambda$AccessTokenRetrieverServiceImpl$TqDYZb5_TRmQuSvlPwXGNuPeZO4
            @Override // com.okta.sdk.authc.credentials.ClientCredentials
            public final Object getCredentials() {
                int i = AccessTokenRetrieverServiceImpl.$r8$clinit;
                return Optional.empty();
            }
        }));
        clientConfiguration2.setRequestAuthenticator(new DisabledAuthenticator());
        clientConfiguration2.setCacheManagerEnabled(false);
        if (clientConfiguration.getBaseUrlResolver() != null) {
            clientConfiguration2.setBaseUrlResolver(clientConfiguration.getBaseUrlResolver());
        }
        if (clientConfiguration.getProxy() != null) {
            clientConfiguration2.setProxy(clientConfiguration.getProxy());
        }
        clientConfiguration2.setAuthenticationScheme(AuthenticationScheme.NONE);
        clientConfiguration2.setAuthorizationMode(AuthorizationMode.get(clientConfiguration2.getAuthenticationScheme()));
        clientConfiguration2.setClientId(clientConfiguration.getClientId());
        clientConfiguration2.setScopes(clientConfiguration.getScopes());
        clientConfiguration2.setPrivateKey(clientConfiguration.getPrivateKey());
        clientConfiguration2.setKid(clientConfiguration.getKid());
        clientConfiguration2.setRetryMaxElapsed(0);
        clientConfiguration2.setRetryMaxAttempts(1);
        return clientConfiguration2;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x00ce  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x004c A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x003d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:34:0x002b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String createSignedJWT() throws java.security.InvalidKeyException, java.io.IOException {
        /*
            r7 = this;
            com.okta.sdk.impl.config.ClientConfiguration r0 = r7.tokenClientConfiguration
            java.lang.String r0 = r0.getClientId()
            java.io.Reader r1 = r7.getPemReader()
            java.security.PrivateKey r1 = r7.parsePrivateKey(r1)
            java.time.Instant r2 = java.time.Instant.now()
            int r3 = io.jsonwebtoken.Jwts.$r8$clinit
            r3 = 0
            java.lang.Thread r4 = java.lang.Thread.currentThread()     // Catch: java.lang.Throwable -> L1e
            java.lang.ClassLoader r4 = r4.getContextClassLoader()     // Catch: java.lang.Throwable -> L1e
            goto L1f
        L1e:
            r4 = r3
        L1f:
            java.lang.String r5 = "io.jsonwebtoken.impl.DefaultJwtBuilder"
            if (r4 == 0) goto L28
            java.lang.Class r4 = r4.loadClass(r5)     // Catch: java.lang.ClassNotFoundException -> L28
            goto L29
        L28:
            r4 = r3
        L29:
            if (r4 != 0) goto L3b
            java.lang.Class<io.jsonwebtoken.lang.Classes> r4 = io.jsonwebtoken.lang.Classes.class
            java.lang.ClassLoader r4 = r4.getClassLoader()     // Catch: java.lang.Throwable -> L32
            goto L33
        L32:
            r4 = r3
        L33:
            if (r4 == 0) goto L3a
            java.lang.Class r4 = r4.loadClass(r5)     // Catch: java.lang.ClassNotFoundException -> L3a
            goto L3b
        L3a:
            r4 = r3
        L3b:
            if (r4 != 0) goto L4a
            java.lang.ClassLoader r4 = java.lang.ClassLoader.getSystemClassLoader()     // Catch: java.lang.Throwable -> L42
            goto L43
        L42:
            r4 = r3
        L43:
            if (r4 == 0) goto L49
            java.lang.Class r3 = r4.loadClass(r5)     // Catch: java.lang.ClassNotFoundException -> L49
        L49:
            r4 = r3
        L4a:
            if (r4 == 0) goto Lce
            java.lang.Object r3 = r4.newInstance()     // Catch: java.lang.Exception -> Lbb
            io.jsonwebtoken.JwtBuilder r3 = (io.jsonwebtoken.JwtBuilder) r3
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            com.okta.sdk.impl.config.ClientConfiguration r5 = r7.tokenClientConfiguration
            java.lang.String r5 = r5.getBaseUrl()
            r4.append(r5)
            java.lang.String r5 = "/oauth2/v1/token"
            r4.append(r5)
            java.lang.String r4 = r4.toString()
            io.jsonwebtoken.JwtBuilder r3 = r3.setAudience(r4)
            java.util.Date r4 = java.util.Date.from(r2)
            io.jsonwebtoken.JwtBuilder r3 = r3.setIssuedAt(r4)
            r4 = 50
            java.time.temporal.ChronoUnit r6 = java.time.temporal.ChronoUnit.MINUTES
            java.time.Instant r2 = r2.plus(r4, r6)
            java.util.Date r2 = java.util.Date.from(r2)
            io.jsonwebtoken.JwtBuilder r2 = r3.setExpiration(r2)
            io.jsonwebtoken.JwtBuilder r2 = r2.setIssuer(r0)
            io.jsonwebtoken.JwtBuilder r0 = r2.setSubject(r0)
            java.util.UUID r2 = java.util.UUID.randomUUID()
            java.lang.String r2 = r2.toString()
            java.lang.String r3 = "jti"
            io.jsonwebtoken.JwtBuilder r0 = r0.claim(r3, r2)
            io.jsonwebtoken.JwtBuilder r0 = r0.signWith(r1)
            com.okta.sdk.impl.config.ClientConfiguration r1 = r7.tokenClientConfiguration
            java.lang.String r1 = r1.getKid()
            boolean r1 = com.okta.commons.lang.Strings.hasText(r1)
            if (r1 == 0) goto Lb6
            com.okta.sdk.impl.config.ClientConfiguration r1 = r7.tokenClientConfiguration
            java.lang.String r1 = r1.getKid()
            java.lang.String r2 = "kid"
            r0.setHeaderParam(r2, r1)
        Lb6:
            java.lang.String r0 = r0.compact()
            return r0
        Lbb:
            r0 = move-exception
            io.jsonwebtoken.lang.InstantiationException r1 = new io.jsonwebtoken.lang.InstantiationException
            java.lang.String r2 = "Unable to instantiate class ["
            java.lang.StringBuilder r2 = com.android.tools.r8.GeneratedOutlineSupport.outline77(r2)
            java.lang.String r3 = "]"
            java.lang.String r2 = com.android.tools.r8.GeneratedOutlineSupport.outline33(r4, r2, r3)
            r1.<init>(r2, r0)
            throw r1
        Lce:
            java.lang.String r0 = "Unable to load class named ["
            java.lang.String r1 = "] from the thread context, current, or "
            java.lang.String r2 = "system/application ClassLoaders.  All heuristics have been exhausted.  Class could not be found."
            java.lang.String r0 = com.android.tools.r8.GeneratedOutlineSupport.outline52(r0, r5, r1, r2)
            java.lang.String r1 = "  Have you remembered to include the jjwt-impl.jar in your runtime classpath?"
            java.lang.String r0 = com.android.tools.r8.GeneratedOutlineSupport.outline49(r0, r1)
            io.jsonwebtoken.lang.UnknownClassException r1 = new io.jsonwebtoken.lang.UnknownClassException
            r1.<init>(r0)
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.sdk.impl.oauth2.AccessTokenRetrieverServiceImpl.createSignedJWT():java.lang.String");
    }

    @Override // com.okta.sdk.impl.oauth2.AccessTokenRetrieverService
    public OAuth2AccessToken getOAuth2AccessToken() throws IOException, InvalidKeyException, OAuth2TokenRetrieverException {
        Logger logger = log;
        logger.debug("Attempting to get OAuth2 access token for client id {} from {}", this.tokenClientConfiguration.getClientId(), this.tokenClientConfiguration.getBaseUrl() + TOKEN_URI);
        try {
            ExtensibleResource extensibleResource = (ExtensibleResource) this.tokenClient.http().addHeaderParameter("Accept", "application/json").addHeaderParameter(ConnectionParameters.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE).addQueryParameter("grant_type", "client_credentials").addQueryParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer").addQueryParameter("client_assertion", createSignedJWT()).addQueryParameter(OAuth2AccessToken.SCOPE_KEY, AccessTokenRetrieverServiceImpl$$ExternalSynthetic0.m0(" ", this.tokenClientConfiguration.getScopes())).post(TOKEN_URI, ExtensibleResource.class);
            OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken();
            oAuth2AccessToken.setTokenType(extensibleResource.getString(OAuth2AccessToken.TOKEN_TYPE_KEY));
            oAuth2AccessToken.setExpiresIn(extensibleResource.getInteger(OAuth2AccessToken.EXPIRES_IN_KEY));
            oAuth2AccessToken.setAccessToken(extensibleResource.getString("access_token"));
            oAuth2AccessToken.setScope(extensibleResource.getString(OAuth2AccessToken.SCOPE_KEY));
            logger.debug("Got OAuth2 access token for client id {} from {}", this.tokenClientConfiguration.getClientId(), this.tokenClientConfiguration.getBaseUrl() + TOKEN_URI);
            return oAuth2AccessToken;
        } catch (ResourceException e) {
            DefaultError defaultError = (DefaultError) e.getError();
            defaultError.setMessage(defaultError.getString("error") + " - " + defaultError.getString("error_description"));
            throw new OAuth2HttpException(defaultError, e, e.getStatus() == 401);
        } catch (Exception e2) {
            StringBuilder outline77 = GeneratedOutlineSupport.outline77("Exception while trying to get OAuth2 access token for client id ");
            outline77.append(this.tokenClientConfiguration.getClientId());
            throw new OAuth2TokenRetrieverException(outline77.toString(), e2);
        }
    }

    public PrivateKey getPrivateKeyFromPEM(Reader reader) throws IOException {
        PrivateKey privateKey;
        PEMParser pEMParser = new PEMParser(reader);
        try {
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                throw new IllegalArgumentException("Invalid Private Key PEM file");
            }
            if (readObject instanceof PEMKeyPair) {
                privateKey = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate();
            } else {
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new IllegalArgumentException("Unsupported Private Key format '" + readObject.getClass().getSimpleName() + '\"');
                }
                privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
            }
            pEMParser.close();
            return privateKey;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    pEMParser.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public PrivateKey parsePrivateKey(Reader reader) throws IOException, InvalidKeyException {
        PrivateKey privateKeyFromPEM = getPrivateKeyFromPEM(reader);
        String algorithm = privateKeyFromPEM.getAlgorithm();
        if (algorithm.equals("RSA") || algorithm.equals("EC")) {
            return privateKeyFromPEM;
        }
        throw new InvalidKeyException(GeneratedOutlineSupport.outline49("Supplied privateKey is not an RSA or EC key - ", algorithm));
    }
}
