package com.networknt.proxy.mras;

import com.networknt.client.ClientConfig;
import com.networknt.client.Http2Client;
import com.networknt.client.oauth.TokenResponse;
import com.networknt.client.ssl.ClientX509ExtendedTrustManager;
import com.networknt.common.ContentType;
import com.networknt.config.Config;
import com.networknt.config.JsonMapper;
import com.networknt.config.TlsUtil;
import com.networknt.handler.AuditAttachmentUtil;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.handler.config.UrlRewriteRule;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.metrics.AbstractMetricsHandler;
import com.networknt.monad.Failure;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.status.Status;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpHeaders;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:com/networknt/proxy/mras/MrasHandler.class */
public class MrasHandler implements MiddlewareHandler {
    private static final Logger logger = LoggerFactory.getLogger(MrasHandler.class);
    private static final String TLS_TRUSTSTORE_ERROR = "ERR10055";
    private static final String OAUTH_SERVER_URL_ERROR = "ERR10056";
    private static final String ESTABLISH_CONNECTION_ERROR = "ERR10053";
    private static final String GET_TOKEN_ERROR = "ERR10052";
    private static final String METHOD_NOT_ALLOWED = "ERR10008";
    private static AbstractMetricsHandler metricsHandler;
    private volatile HttpHandler next;
    private static MrasConfig config;
    private String accessToken;
    private String microsoft;
    private long accessTokenExpiration = 0;
    private long microsoftExpiration = 0;
    private HttpClient clientMicrosoft;

    public MrasHandler() {
        config = MrasConfig.load();
        if (config.isMetricsInjection()) {
            metricsHandler = AbstractMetricsHandler.lookupMetricsHandler();
        }
        if (logger.isInfoEnabled()) {
            logger.info("MrasHandler is loaded.");
        }
    }

    public HttpHandler getNext() {
        return this.next;
    }

    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    public boolean isEnabled() {
        return config.isEnabled();
    }

    public void register() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MrasConfig.KEY_STORE_PASS);
        arrayList.add(MrasConfig.KEY_PASS);
        arrayList.add(MrasConfig.TRUST_STORE_PASS);
        arrayList.add("password");
        ModuleRegistry.registerModule(MrasConfig.CONFIG_NAME, MrasHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(MrasConfig.CONFIG_NAME), arrayList);
    }

    public void reload() {
        config.reload();
        if (config.isMetricsInjection()) {
            metricsHandler = AbstractMetricsHandler.lookupMetricsHandler();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(MrasConfig.KEY_STORE_PASS);
        arrayList.add(MrasConfig.KEY_PASS);
        arrayList.add(MrasConfig.TRUST_STORE_PASS);
        arrayList.add("password");
        ModuleRegistry.registerModule(MrasConfig.CONFIG_NAME, MrasHandler.class.getName(), Config.getNoneDecryptedInstance().getJsonMapConfigNoCache(MrasConfig.CONFIG_NAME), arrayList);
        if (logger.isInfoEnabled()) {
            logger.info("MrasHandler is reloaded.");
        }
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("MrasHandler.handleRequest starts.");
        }
        long nanoTime = System.nanoTime();
        String requestPath = httpServerExchange.getRequestPath();
        if (logger.isTraceEnabled()) {
            logger.trace("original requestPath = " + requestPath);
        }
        for (String str : config.getPathPrefixAuth().keySet()) {
            if (requestPath.startsWith(str)) {
                String str2 = str + "@" + httpServerExchange.getRequestMethod().toString().toLowerCase();
                if (logger.isTraceEnabled()) {
                    logger.trace("endpoint = " + str2);
                }
                if (config.getUrlRewriteRules() == null || config.getUrlRewriteRules().size() <= 0) {
                    requestPath = httpServerExchange.getRequestPath();
                } else {
                    boolean z = false;
                    Iterator<UrlRewriteRule> it = config.getUrlRewriteRules().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        UrlRewriteRule next = it.next();
                        Matcher matcher = next.getPattern().matcher(requestPath);
                        if (matcher.matches()) {
                            z = true;
                            requestPath = matcher.replaceAll(next.getReplace());
                            if (logger.isTraceEnabled()) {
                                logger.trace("rewritten requestPath = " + requestPath);
                            }
                        }
                    }
                    if (!z) {
                        requestPath = httpServerExchange.getRequestPath();
                    }
                }
                Object obj = config.getPathPrefixAuth().get(str);
                MrasConfig mrasConfig = config;
                if (obj.equals(MrasConfig.ACCESS_TOKEN)) {
                    if (System.currentTimeMillis() >= this.accessTokenExpiration - 5000) {
                        if (logger.isTraceEnabled()) {
                            Logger logger2 = logger;
                            long currentTimeMillis = System.currentTimeMillis();
                            long j = this.accessTokenExpiration;
                            logger2.trace("accessToken is about or already expired. current time = " + currentTimeMillis + " expiration = " + logger2);
                        }
                        Result<TokenResponse> accessToken = getAccessToken();
                        if (!accessToken.isSuccess()) {
                            setExchangeStatus(httpServerExchange, accessToken.getError());
                            if (logger.isDebugEnabled()) {
                                logger.debug("MrasHandler.handleRequest ends with an error.");
                                return;
                            }
                            return;
                        }
                        this.accessTokenExpiration = System.currentTimeMillis() + 300000;
                        this.accessToken = ((TokenResponse) accessToken.getResult()).getAccessToken();
                    }
                    AuditAttachmentUtil.populateAuditAttachmentField(httpServerExchange, "endpoint", str2);
                    Map<String, Object> accessToken2 = config.getAccessToken();
                    MrasConfig mrasConfig2 = config;
                    invokeApi(httpServerExchange, (String) accessToken2.get("serviceHost"), requestPath, "Bearer " + this.accessToken, nanoTime, str2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("MrasHandler.handleRequest ends.");
                        return;
                    }
                    return;
                }
                Object obj2 = config.getPathPrefixAuth().get(str);
                MrasConfig mrasConfig3 = config;
                if (obj2.equals(MrasConfig.BASIC_AUTH)) {
                    Map<String, Object> basicAuth = config.getBasicAuth();
                    MrasConfig mrasConfig4 = config;
                    Map<String, Object> basicAuth2 = config.getBasicAuth();
                    MrasConfig mrasConfig5 = config;
                    String str3 = (String) basicAuth2.get("username");
                    Map<String, Object> basicAuth3 = config.getBasicAuth();
                    MrasConfig mrasConfig6 = config;
                    invokeApi(httpServerExchange, (String) basicAuth.get("serviceHost"), requestPath, "Basic " + encodeCredentials(str3, (String) basicAuth3.get("password")), nanoTime, str2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("MrasHandler.handleRequest ends.");
                        return;
                    }
                    return;
                }
                Object obj3 = config.getPathPrefixAuth().get(str);
                MrasConfig mrasConfig7 = config;
                if (obj3.equals(MrasConfig.ANONYMOUS)) {
                    Map<String, Object> anonymous = config.getAnonymous();
                    MrasConfig mrasConfig8 = config;
                    invokeApi(httpServerExchange, (String) anonymous.get("serviceHost"), requestPath, null, nanoTime, str2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("MrasHandler.handleRequest ends.");
                        return;
                    }
                    return;
                }
                Object obj4 = config.getPathPrefixAuth().get(str);
                MrasConfig mrasConfig9 = config;
                if (obj4.equals(MrasConfig.MICROSOFT)) {
                    if (System.currentTimeMillis() >= this.microsoftExpiration - 50000) {
                        if (logger.isTraceEnabled()) {
                            Logger logger3 = logger;
                            long currentTimeMillis2 = System.currentTimeMillis();
                            long j2 = this.microsoftExpiration;
                            logger3.trace("microsoft token is about or already expired. current time = " + currentTimeMillis2 + " expiration = " + logger3);
                        }
                        Result<TokenResponse> microsoftToken = getMicrosoftToken();
                        if (!microsoftToken.isSuccess()) {
                            setExchangeStatus(httpServerExchange, microsoftToken.getError());
                            if (logger.isDebugEnabled()) {
                                logger.debug("MrasHandler.handleRequest ends with an error.");
                                return;
                            }
                            return;
                        }
                        this.microsoftExpiration = System.currentTimeMillis() + (((TokenResponse) microsoftToken.getResult()).getExpiresIn() * 1000);
                        this.microsoft = ((TokenResponse) microsoftToken.getResult()).getAccessToken();
                    }
                    Map<String, Object> microsoft = config.getMicrosoft();
                    MrasConfig mrasConfig10 = config;
                    invokeApi(httpServerExchange, (String) microsoft.get("serviceHost"), requestPath, "Bearer " + this.microsoft, nanoTime, str2);
                    if (logger.isDebugEnabled()) {
                        logger.debug("MrasHandler.handleRequest ends.");
                        return;
                    }
                    return;
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("MrasHandler.handleRequest ends.");
        }
        Handler.next(httpServerExchange, this.next);
    }

    private void invokeApi(HttpServerExchange httpServerExchange, String str, String str2, String str3, long j, String str4) throws Exception {
        HttpRequest build;
        String httpString = httpServerExchange.getRequestMethod().toString();
        String queryString = httpServerExchange.getQueryString();
        String first = httpServerExchange.getRequestHeaders().getFirst(Headers.CONTENT_TYPE);
        if (first == null) {
            first = ContentType.APPLICATION_JSON.value();
        }
        if (logger.isTraceEnabled()) {
            logger.trace("Access MRAS API with method = " + httpString + " requestHost = " + str + " queryString = " + queryString + " contentType = " + first);
        }
        if (httpString.equalsIgnoreCase("GET")) {
            HttpRequest.Builder GET = HttpRequest.newBuilder().uri(new URI(str + str2 + "?" + queryString)).GET();
            if (str3 != null) {
                GET.headers(new String[]{"Authorization", str3, "Content-Type", first});
            } else {
                GET.header("Content-Type", first);
            }
            build = GET.build();
        } else if (httpString.equalsIgnoreCase("DELETE")) {
            HttpRequest.Builder DELETE = HttpRequest.newBuilder().uri(new URI(str + str2 + "?" + queryString)).DELETE();
            if (str3 != null) {
                DELETE.headers(new String[]{"Authorization", str3, "Content-Type", first});
            } else {
                DELETE.header("Content-Type", first);
            }
            build = DELETE.build();
        } else if (httpString.equalsIgnoreCase("POST")) {
            String str5 = (String) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY_STRING);
            if (str5 == null && logger.isDebugEnabled()) {
                logger.debug("The request body is null and the request path might be missing in request-injection.appliedBodyInjectionPathPrefixes.");
            }
            HttpRequest.Builder POST = HttpRequest.newBuilder().uri(new URI(str + str2)).POST(str5 == null ? HttpRequest.BodyPublishers.noBody() : HttpRequest.BodyPublishers.ofString(str5));
            if (str3 != null) {
                POST.headers(new String[]{"Authorization", str3, "Content-Type", first});
            } else {
                POST.header("Content-Type", first);
            }
            build = POST.build();
        } else if (httpString.equalsIgnoreCase("PUT")) {
            String str6 = (String) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY_STRING);
            if (str6 == null && logger.isDebugEnabled()) {
                logger.debug("The request body is null and the request path might be missing in request-injection.appliedBodyInjectionPathPrefixes.");
            }
            HttpRequest.Builder PUT = HttpRequest.newBuilder().uri(new URI(str + str2)).PUT(str6 == null ? HttpRequest.BodyPublishers.noBody() : HttpRequest.BodyPublishers.ofString(str6));
            if (str3 != null) {
                PUT.headers(new String[]{"Authorization", str3, "Content-Type", first});
            } else {
                PUT.header("Content-Type", first);
            }
            build = PUT.build();
        } else {
            if (!httpString.equalsIgnoreCase("PATCH")) {
                logger.error("wrong http method " + httpString + " for request path " + str2);
                setExchangeStatus(httpServerExchange, METHOD_NOT_ALLOWED, new Object[]{httpString, str2});
                return;
            }
            String str7 = (String) httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY_STRING);
            if (str7 == null && logger.isDebugEnabled()) {
                logger.debug("The request body is null and the request path might be missing in request-injection.appliedBodyInjectionPathPrefixes.");
            }
            HttpRequest.Builder method = HttpRequest.newBuilder().uri(new URI(str + str2)).method("PATCH", str7 == null ? HttpRequest.BodyPublishers.noBody() : HttpRequest.BodyPublishers.ofString(str7));
            if (str3 != null) {
                method.headers(new String[]{"Authorization", str3, "Content-Type", first});
            } else {
                method.header("Content-Type", first);
            }
            build = method.build();
        }
        try {
            HttpClient.Builder sslContext = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofMillis(ClientConfig.get().getTimeout())).sslContext(createSSLContext());
            if (config.getProxyHost() != null) {
                sslContext.proxy(ProxySelector.of(new InetSocketAddress(config.getProxyHost(), config.getProxyPort() == 0 ? 443 : config.getProxyPort())));
            }
            if (config.isEnableHttp2()) {
                sslContext.version(HttpClient.Version.HTTP_2);
            } else {
                sslContext.version(HttpClient.Version.HTTP_1_1);
            }
            Map map = (Map) ClientConfig.get().getMappedConfig().get("tls");
            Properties properties = System.getProperties();
            if (map != null && !Boolean.TRUE.equals(map.get("verifyHostname"))) {
                properties.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
            }
            properties.setProperty("jdk.httpclient.keepalive.timeout", "10");
            properties.setProperty("jdk.httpclient.connectionPoolSize", "10");
            HttpResponse send = sslContext.build().send(build, HttpResponse.BodyHandlers.ofByteArray());
            HttpHeaders headers = send.headers();
            byte[] bArr = (byte[]) send.body();
            httpServerExchange.setStatusCode(send.statusCode());
            for (Map.Entry entry : headers.map().entrySet()) {
                if (entry.getKey() != null && !((String) entry.getKey()).startsWith(":") && ((List) entry.getValue()).get(0) != null) {
                    for (String str8 : (List) entry.getValue()) {
                        if (logger.isTraceEnabled()) {
                            logger.trace("copy response header key = " + ((String) entry.getKey()) + " value = " + str8);
                        }
                        httpServerExchange.getResponseHeaders().add(new HttpString((String) entry.getKey()), str8);
                    }
                }
            }
            httpServerExchange.getResponseSender().send(ByteBuffer.wrap(bArr));
            if (config.isMetricsInjection()) {
                if (metricsHandler == null) {
                    metricsHandler = AbstractMetricsHandler.lookupMetricsHandler();
                }
                if (metricsHandler != null) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("Inject metrics for {}", config.getMetricsName());
                    }
                    metricsHandler.injectMetrics(httpServerExchange, j, config.getMetricsName(), str4);
                }
            }
        } catch (IOException e) {
            logger.error("Cannot create HttpClient:", e);
            setExchangeStatus(httpServerExchange, TLS_TRUSTSTORE_ERROR, new Object[0]);
        }
    }

    private Result<TokenResponse> getAccessToken() throws Exception {
        try {
            HttpClient.Builder sslContext = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofMillis(ClientConfig.get().getTimeout())).sslContext(createSSLContext());
            if (config.getProxyHost() != null) {
                sslContext.proxy(ProxySelector.of(new InetSocketAddress(config.getProxyHost(), config.getProxyPort() == 0 ? 443 : config.getProxyPort())));
            }
            if (config.isEnableHttp2()) {
                sslContext.version(HttpClient.Version.HTTP_2);
            } else {
                sslContext.version(HttpClient.Version.HTTP_1_1);
            }
            Map map = (Map) ClientConfig.get().getMappedConfig().get("tls");
            Properties properties = System.getProperties();
            if (map != null && !Boolean.TRUE.equals(map.get("verifyHostname"))) {
                properties.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
            }
            properties.setProperty("jdk.httpclient.keepalive.timeout", "10");
            properties.setProperty("jdk.httpclient.connectionPoolSize", "10");
            HttpClient build = sslContext.build();
            try {
                Map<String, Object> accessToken = config.getAccessToken();
                MrasConfig mrasConfig = config;
                String str = (String) accessToken.get("tokenUrl");
                if (str == null) {
                    return Failure.of(new Status(OAUTH_SERVER_URL_ERROR, new Object[]{"accessToken.tokenUrl"}));
                }
                HashMap hashMap = new HashMap();
                hashMap.put("grant_type", "client_credentials");
                String str2 = (String) hashMap.entrySet().stream().map(entry -> {
                    return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
                }).collect(Collectors.joining("&"));
                HttpRequest.Builder uri = HttpRequest.newBuilder().uri(URI.create(str));
                Map<String, Object> accessToken2 = config.getAccessToken();
                MrasConfig mrasConfig2 = config;
                String str3 = (String) accessToken2.get("username");
                Map<String, Object> accessToken3 = config.getAccessToken();
                MrasConfig mrasConfig3 = config;
                HttpRequest build2 = uri.headers(new String[]{"Content-Type", "application/x-www-form-urlencoded", "Authorization", "BASIC " + encodeCredentials(str3, (String) accessToken3.get("password"))}).POST(HttpRequest.BodyPublishers.ofString(str2)).build();
                if (logger.isTraceEnabled()) {
                    logger.trace("request url = " + str + "request body = " + str2 + " request headers = " + build2.headers().toString());
                }
                HttpResponse send = build.send(build2, HttpResponse.BodyHandlers.ofString());
                if (logger.isTraceEnabled()) {
                    logger.trace(send.statusCode() + " " + send.body().toString());
                }
                if (send.statusCode() != 200) {
                    logger.error("Error in getting the token with status code " + send.statusCode() + " and body " + send.body().toString());
                    return Failure.of(new Status(GET_TOKEN_ERROR, new Object[]{send.body().toString()}));
                }
                Map string2Map = JsonMapper.string2Map(send.body().toString());
                if (string2Map == null) {
                    return Failure.of(new Status(GET_TOKEN_ERROR, new Object[]{"response body is not a JSON"}));
                }
                TokenResponse tokenResponse = new TokenResponse();
                tokenResponse.setAccessToken((String) string2Map.get("access_token"));
                tokenResponse.setTokenType((String) string2Map.get("token_type"));
                tokenResponse.setScope((String) string2Map.get("scope"));
                return Success.of(tokenResponse);
            } catch (Exception e) {
                logger.error("Exception:", e);
                Map<String, Object> accessToken4 = config.getAccessToken();
                MrasConfig mrasConfig4 = config;
                return Failure.of(new Status(ESTABLISH_CONNECTION_ERROR, new Object[]{accessToken4.get("tokenUrl")}));
            }
        } catch (IOException e2) {
            logger.error("Cannot create HttpClient:", e2);
            return Failure.of(new Status(TLS_TRUSTSTORE_ERROR, new Object[0]));
        }
    }

    private Result<TokenResponse> getMicrosoftToken() throws Exception {
        if (this.clientMicrosoft == null) {
            if (logger.isTraceEnabled()) {
                logger.trace("clientMicrosoft is null. Creating new HTTP2Client with sslContext for MRAS Microsoft.");
            }
            try {
                HttpClient.Builder sslContext = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofMillis(ClientConfig.get().getTimeout())).sslContext(Http2Client.createSSLContext());
                if (config.getProxyHost() != null) {
                    sslContext.proxy(ProxySelector.of(new InetSocketAddress(config.getProxyHost(), config.getProxyPort() == 0 ? 443 : config.getProxyPort())));
                }
                if (config.isEnableHttp2()) {
                    sslContext.version(HttpClient.Version.HTTP_2);
                } else {
                    sslContext.version(HttpClient.Version.HTTP_1_1);
                }
                Map map = (Map) ClientConfig.get().getMappedConfig().get("tls");
                Properties properties = System.getProperties();
                if (map != null && !Boolean.TRUE.equals(map.get("verifyHostname"))) {
                    properties.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
                }
                properties.setProperty("jdk.httpclient.keepalive.timeout", "10");
                properties.setProperty("jdk.httpclient.connectionPoolSize", "10");
                this.clientMicrosoft = sslContext.build();
            } catch (IOException e) {
                logger.error("Cannot create HttpClient:", e);
                return Failure.of(new Status(TLS_TRUSTSTORE_ERROR, new Object[0]));
            }
        }
        try {
            Map<String, Object> microsoft = config.getMicrosoft();
            MrasConfig mrasConfig = config;
            String str = (String) microsoft.get("tokenUrl");
            if (str == null) {
                return Failure.of(new Status(OAUTH_SERVER_URL_ERROR, new Object[]{"microsoft.tokenUrl"}));
            }
            HashMap hashMap = new HashMap();
            hashMap.put("grant_type", "client_credentials");
            Map<String, Object> microsoft2 = config.getMicrosoft();
            MrasConfig mrasConfig2 = config;
            hashMap.put(MrasConfig.RESOURCE, (String) microsoft2.get(MrasConfig.RESOURCE));
            Map<String, Object> microsoft3 = config.getMicrosoft();
            MrasConfig mrasConfig3 = config;
            hashMap.put("client_id", (String) microsoft3.get("clientId"));
            Map<String, Object> microsoft4 = config.getMicrosoft();
            MrasConfig mrasConfig4 = config;
            hashMap.put("client_secret", (String) microsoft4.get("clientSecret"));
            HttpResponse send = this.clientMicrosoft.send(HttpRequest.newBuilder().uri(URI.create(str)).headers(new String[]{"Content-Type", "application/x-www-form-urlencoded"}).POST(HttpRequest.BodyPublishers.ofString((String) hashMap.entrySet().stream().map(entry -> {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8);
            }).collect(Collectors.joining("&")))).build(), HttpResponse.BodyHandlers.ofString());
            if (logger.isTraceEnabled()) {
                logger.trace(send.statusCode() + " " + send.body().toString());
            }
            if (send.statusCode() != 200) {
                logger.error("Error in getting the token with status code " + send.statusCode() + " and body " + send.body().toString());
                return Failure.of(new Status(GET_TOKEN_ERROR, new Object[]{send.body().toString()}));
            }
            Map string2Map = JsonMapper.string2Map(send.body().toString());
            if (string2Map == null) {
                return Failure.of(new Status(GET_TOKEN_ERROR, new Object[]{"response body is not a JSON"}));
            }
            TokenResponse tokenResponse = new TokenResponse();
            tokenResponse.setAccessToken((String) string2Map.get("access_token"));
            tokenResponse.setTokenType((String) string2Map.get("token_type"));
            tokenResponse.setExpiresIn(Long.valueOf((String) string2Map.get("expires_in")).longValue());
            return Success.of(tokenResponse);
        } catch (Exception e2) {
            logger.error("Exception:", e2);
            Map<String, Object> microsoft5 = config.getMicrosoft();
            MrasConfig mrasConfig5 = config;
            return Failure.of(new Status(ESTABLISH_CONNECTION_ERROR, new Object[]{microsoft5.get("tokenUrl")}));
        }
    }

    private static String encodeCredentialsFullFormat(String str, String str2, String str3) {
        return new String(Base64.encodeBase64((str2 != null ? str + str3 + str2 : str).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    private static String encodeCredentials(String str, String str2) {
        return encodeCredentialsFullFormat(str, str2, ":");
    }

    private SSLContext createSSLContext() throws IOException {
        KeyManager[] keyManagerArr = null;
        try {
            String keyStoreName = config.getKeyStoreName();
            String keyStorePass = config.getKeyStorePass();
            String keyPass = config.getKeyPass();
            if (logger.isTraceEnabled()) {
                logger.trace("keyStoreName = " + keyStoreName + " keyStorePass = " + (keyStorePass == null ? null : keyStorePass.substring(0, 4)) + " keyPass = " + (keyPass == null ? null : keyPass.substring(0, 4)));
            }
            if (keyStoreName != null && keyStorePass != null && keyPass != null) {
                KeyStore loadKeyStore = TlsUtil.loadKeyStore(keyStoreName, keyStorePass.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(loadKeyStore, keyPass.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            TrustManager[] trustManagerArr = null;
            ArrayList arrayList = new ArrayList();
            try {
                String keyStoreName2 = config.getKeyStoreName();
                String keyStorePass2 = config.getKeyStorePass();
                if (logger.isTraceEnabled()) {
                    logger.trace("trustStoreName = " + keyStoreName2 + " trustStorePass = " + (keyStorePass2 == null ? null : keyStorePass2.substring(0, 4)));
                }
                if (keyStoreName2 != null && keyStorePass2 != null) {
                    KeyStore loadKeyStore2 = TlsUtil.loadKeyStore(keyStoreName2, keyStorePass2.toCharArray());
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(loadKeyStore2);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                }
                if (trustManagerArr != null && trustManagerArr.length > 0) {
                    arrayList.addAll(Arrays.asList(trustManagerArr));
                }
                try {
                    SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
                    if (trustManagerArr == null || trustManagerArr.length == 0) {
                        logger.error("No trust store is loaded. Please check client.yml");
                    } else {
                        sSLContext.init(keyManagerArr, new TrustManager[]{new ClientX509ExtendedTrustManager(arrayList)}, null);
                    }
                    return sSLContext;
                } catch (KeyManagementException | NoSuchAlgorithmException e) {
                    logger.error("Exception:", e);
                    throw new IOException("Unable to create and initialise the SSLContext", e);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException e2) {
                logger.error("Exception:", e2);
                throw new IOException("Unable to initialise TrustManager[]", e2);
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
            logger.error("Exception:", e3);
            throw new IOException("Unable to initialise KeyManager[]", e3);
        }
    }
}
