package org.apache.kafka.common.security.oauthbearer.internals.secured;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import javax.ws.rs.HttpMethod;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/secured/HttpAccessTokenRetriever.class */
public class HttpAccessTokenRetriever implements AccessTokenRetriever {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) HttpAccessTokenRetriever.class);
    private static final Set<Integer> UNRETRYABLE_HTTP_CODES = new HashSet();
    private static final int MAX_RESPONSE_BODY_LENGTH = 1000;
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private final String clientId;
    private final String clientSecret;
    private final String scope;
    private final SSLSocketFactory sslSocketFactory;
    private final String tokenEndpointUrl;
    private final long loginRetryBackoffMs;
    private final long loginRetryBackoffMaxMs;
    private final Integer loginConnectTimeoutMs;
    private final Integer loginReadTimeoutMs;
    private final boolean urlencodeHeader;

    public HttpAccessTokenRetriever(String str, String str2, String str3, SSLSocketFactory sSLSocketFactory, String str4, long j, long j2, Integer num, Integer num2, boolean z) {
        this.clientId = (String) Objects.requireNonNull(str);
        this.clientSecret = (String) Objects.requireNonNull(str2);
        this.scope = str3;
        this.sslSocketFactory = sSLSocketFactory;
        this.tokenEndpointUrl = (String) Objects.requireNonNull(str4);
        this.loginRetryBackoffMs = j;
        this.loginRetryBackoffMaxMs = j2;
        this.loginConnectTimeoutMs = num;
        this.loginReadTimeoutMs = num2;
        this.urlencodeHeader = z;
    }

    @Override // org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever
    public String retrieve() throws IOException {
        String formatAuthorizationHeader = formatAuthorizationHeader(this.clientId, this.clientSecret, this.urlencodeHeader);
        String formatRequestBody = formatRequestBody(this.scope);
        Retry retry = new Retry(this.loginRetryBackoffMs, this.loginRetryBackoffMaxMs);
        Map singletonMap = Collections.singletonMap("Authorization", formatAuthorizationHeader);
        try {
            return parseAccessToken((String) retry.execute(() -> {
                HttpURLConnection httpURLConnection = null;
                try {
                    try {
                        httpURLConnection = (HttpURLConnection) new URL(this.tokenEndpointUrl).openConnection();
                        if (this.sslSocketFactory != null && (httpURLConnection instanceof HttpsURLConnection)) {
                            ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.sslSocketFactory);
                        }
                        String post = post(httpURLConnection, singletonMap, formatRequestBody, this.loginConnectTimeoutMs, this.loginReadTimeoutMs);
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return post;
                    } catch (IOException e) {
                        throw new ExecutionException(e);
                    }
                } catch (Throwable th) {
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    throw th;
                }
            }));
        } catch (ExecutionException e) {
            if (e.getCause() instanceof IOException) {
                throw ((IOException) e.getCause());
            }
            throw new KafkaException(e.getCause());
        }
    }

    public static String post(HttpURLConnection httpURLConnection, Map<String, String> map, String str, Integer num, Integer num2) throws IOException, UnretryableException {
        handleInput(httpURLConnection, map, str, num, num2);
        return handleOutput(httpURLConnection);
    }

    private static void handleInput(HttpURLConnection httpURLConnection, Map<String, String> map, String str, Integer num, Integer num2) throws IOException, UnretryableException {
        log.debug("handleInput - starting post for {}", httpURLConnection.getURL());
        httpURLConnection.setRequestMethod(HttpMethod.POST);
        httpURLConnection.setRequestProperty("Accept", "application/json");
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                httpURLConnection.setRequestProperty(entry.getKey(), entry.getValue());
            }
        }
        httpURLConnection.setRequestProperty("Cache-Control", "no-cache");
        if (str != null) {
            httpURLConnection.setRequestProperty("Content-Length", String.valueOf(str.length()));
            httpURLConnection.setDoOutput(true);
        }
        httpURLConnection.setUseCaches(false);
        if (num != null) {
            httpURLConnection.setConnectTimeout(num.intValue());
        }
        if (num2 != null) {
            httpURLConnection.setReadTimeout(num2.intValue());
        }
        log.debug("handleInput - preparing to connect to {}", httpURLConnection.getURL());
        httpURLConnection.connect();
        if (str != null) {
            OutputStream outputStream = httpURLConnection.getOutputStream();
            Throwable th = null;
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
                log.debug("handleInput - preparing to write request body to {}", httpURLConnection.getURL());
                copy(byteArrayInputStream, outputStream);
                if (outputStream != null) {
                    if (0 == 0) {
                        outputStream.close();
                        return;
                    }
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                throw th3;
            }
        }
    }

    static String handleOutput(HttpURLConnection httpURLConnection) throws IOException {
        InputStream errorStream;
        Throwable th;
        InputStream inputStream;
        Throwable th2;
        int responseCode = httpURLConnection.getResponseCode();
        log.debug("handleOutput - responseCode: {}", Integer.valueOf(responseCode));
        String str = null;
        String str2 = null;
        try {
            inputStream = httpURLConnection.getInputStream();
            th2 = null;
        } catch (Exception e) {
            try {
                errorStream = httpURLConnection.getErrorStream();
                th = null;
            } catch (Exception e2) {
                log.warn("handleOutput - error retrieving error information", (Throwable) e2);
                log.warn("handleOutput - error retrieving data", (Throwable) e);
                if (responseCode == 200) {
                }
                log.debug("handleOutput - responseCode: {}, error response: {}", Integer.valueOf(responseCode), str2);
                if (str != null) {
                }
                throw new IOException(String.format("The token endpoint response was unexpectedly empty despite response code %d from %s and error message %s", Integer.valueOf(responseCode), httpURLConnection.getURL(), formatErrorMessage(str2)));
            }
            try {
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    log.debug("handleOutput - preparing to read error response body from {}", httpURLConnection.getURL());
                    copy(errorStream, byteArrayOutputStream);
                    str2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8.name());
                    if (errorStream != null) {
                        if (0 != 0) {
                            try {
                                errorStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            errorStream.close();
                        }
                    }
                    log.warn("handleOutput - error retrieving data", (Throwable) e);
                } finally {
                }
            } finally {
            }
        }
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                log.debug("handleOutput - preparing to read response body from {}", httpURLConnection.getURL());
                copy(inputStream, byteArrayOutputStream2);
                str = byteArrayOutputStream2.toString(StandardCharsets.UTF_8.name());
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th2.addSuppressed(th4);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                if (responseCode == 200 && responseCode != 201) {
                    log.warn("handleOutput - error response code: {}, error response body: {}", Integer.valueOf(responseCode), formatErrorMessage(str2));
                    if (UNRETRYABLE_HTTP_CODES.contains(Integer.valueOf(responseCode))) {
                        throw new UnretryableException(new IOException(String.format("The response code %s and error response %s was encountered reading the token endpoint response; will not attempt further retries", Integer.valueOf(responseCode), formatErrorMessage(str2))));
                    }
                    throw new IOException(String.format("The unexpected response code %s and error message %s was encountered reading the token endpoint response", Integer.valueOf(responseCode), formatErrorMessage(str2)));
                }
                log.debug("handleOutput - responseCode: {}, error response: {}", Integer.valueOf(responseCode), str2);
                if (str != null || str.isEmpty()) {
                    throw new IOException(String.format("The token endpoint response was unexpectedly empty despite response code %d from %s and error message %s", Integer.valueOf(responseCode), httpURLConnection.getURL(), formatErrorMessage(str2)));
                }
                return str;
            } finally {
            }
        } finally {
        }
    }

    static void copy(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[4096];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    static String formatErrorMessage(String str) {
        if (str == null || str.trim().isEmpty()) {
            return "{}";
        }
        try {
            JsonNode readTree = new ObjectMapper().readTree(str);
            return !readTree.at("/error").isMissingNode() ? String.format("{%s - %s}", readTree.at("/error"), readTree.at("/error_description")) : !readTree.at("/errorCode").isMissingNode() ? String.format("{%s - %s}", readTree.at("/errorCode"), readTree.at("/errorSummary")) : str;
        } catch (Exception e) {
            log.warn("Error parsing error response", (Throwable) e);
            return String.format("{%s}", str);
        }
    }

    static String parseAccessToken(String str) throws IOException {
        JsonNode at = new ObjectMapper().readTree(str).at("/access_token");
        if (at != null) {
            return sanitizeString("the token endpoint response's access_token JSON attribute", at.textValue());
        }
        String str2 = str;
        if (str2.length() > 1000) {
            str2 = String.format("%s (trimmed to first %d characters out of %d total)", str.substring(0, 1000), 1000, Integer.valueOf(str.length()));
        }
        throw new IOException(String.format("The token endpoint response did not contain an access_token value. Response: (%s)", str2));
    }

    static String formatAuthorizationHeader(String str, String str2, boolean z) throws UnsupportedEncodingException {
        String sanitizeString = sanitizeString("the token endpoint request client ID parameter", str);
        String sanitizeString2 = sanitizeString("the token endpoint request client secret parameter", str2);
        if (z) {
            sanitizeString = URLEncoder.encode(sanitizeString, StandardCharsets.UTF_8.name());
            sanitizeString2 = URLEncoder.encode(sanitizeString2, StandardCharsets.UTF_8.name());
        }
        return String.format("Basic %s", Base64.getEncoder().encodeToString(Utils.utf8(String.format("%s:%s", sanitizeString, sanitizeString2))));
    }

    static String formatRequestBody(String str) throws IOException {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append("grant_type=client_credentials");
            if (str != null && !str.trim().isEmpty()) {
                sb.append("&scope=").append(URLEncoder.encode(str.trim(), StandardCharsets.UTF_8.name()));
            }
            return sb.toString();
        } catch (UnsupportedEncodingException e) {
            throw new IOException(String.format("Encoding %s not supported", StandardCharsets.UTF_8.name()));
        }
    }

    private static String sanitizeString(String str, String str2) {
        if (str2 == null) {
            throw new IllegalArgumentException(String.format("The value for %s must be non-null", str));
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException(String.format("The value for %s must be non-empty", str));
        }
        String trim = str2.trim();
        if (trim.isEmpty()) {
            throw new IllegalArgumentException(String.format("The value for %s must not contain only whitespace", str));
        }
        return trim;
    }

    static {
        UNRETRYABLE_HTTP_CODES.add(400);
        UNRETRYABLE_HTTP_CODES.add(401);
        UNRETRYABLE_HTTP_CODES.add(402);
        UNRETRYABLE_HTTP_CODES.add(403);
        UNRETRYABLE_HTTP_CODES.add(404);
        UNRETRYABLE_HTTP_CODES.add(405);
        UNRETRYABLE_HTTP_CODES.add(406);
        UNRETRYABLE_HTTP_CODES.add(407);
        UNRETRYABLE_HTTP_CODES.add(409);
        UNRETRYABLE_HTTP_CODES.add(410);
        UNRETRYABLE_HTTP_CODES.add(411);
        UNRETRYABLE_HTTP_CODES.add(412);
        UNRETRYABLE_HTTP_CODES.add(413);
        UNRETRYABLE_HTTP_CODES.add(414);
        UNRETRYABLE_HTTP_CODES.add(415);
        UNRETRYABLE_HTTP_CODES.add(501);
        UNRETRYABLE_HTTP_CODES.add(505);
    }
}
