package com.factset.sdk.utils.authentication;

import com.factset.sdk.utils.exceptions.AccessTokenException;
import com.factset.sdk.utils.exceptions.AuthServerMetadataContentException;
import com.factset.sdk.utils.exceptions.AuthServerMetadataException;
import com.factset.sdk.utils.exceptions.ConfigurationException;
import com.factset.sdk.utils.exceptions.SigningJwsException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.IOUtils;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.JWTID;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/factset/sdk/utils/authentication/ConfidentialClient.class */
public class ConfidentialClient implements OAuth2Client {
    private static final Logger LOGGER = LoggerFactory.getLogger(ConfidentialClient.class);
    private final Configuration config;
    private OIDCProviderMetadata providerMetadata;
    private final RequestOptions requestOptions;
    private TokenRequestBuilder tokenRequestBuilder;
    private long jwsIssuedAt;
    private long accessTokenExpireTime;
    private AccessToken accessToken;

    public ConfidentialClient(String str) throws AuthServerMetadataContentException, AuthServerMetadataException, ConfigurationException {
        this(new Configuration(str));
    }

    public ConfidentialClient(String str, RequestOptions requestOptions) throws AuthServerMetadataContentException, AuthServerMetadataException, ConfigurationException {
        this(new Configuration(str), requestOptions);
    }

    public ConfidentialClient(Configuration configuration) throws AuthServerMetadataContentException, AuthServerMetadataException {
        this(configuration, RequestOptions.builder().build());
    }

    public ConfidentialClient(Configuration configuration, RequestOptions requestOptions) throws AuthServerMetadataContentException, AuthServerMetadataException {
        Objects.requireNonNull(configuration, "Configuration object must not be null");
        this.config = configuration;
        LOGGER.debug("Finished initialising configuration");
        this.requestOptions = requestOptions == null ? RequestOptions.builder().build() : requestOptions;
        requestProviderMetadata();
    }

    protected ConfidentialClient(String str, TokenRequestBuilder tokenRequestBuilder) throws AuthServerMetadataContentException, AuthServerMetadataException, ConfigurationException {
        this(new Configuration(str));
        this.tokenRequestBuilder = tokenRequestBuilder.uri(this.providerMetadata.getTokenEndpointURI());
    }

    protected ConfidentialClient(Configuration configuration, TokenRequestBuilder tokenRequestBuilder) throws AuthServerMetadataContentException, AuthServerMetadataException {
        this(configuration);
        this.tokenRequestBuilder = tokenRequestBuilder.uri(this.providerMetadata.getTokenEndpointURI());
    }

    protected ConfidentialClient(Configuration configuration, TokenRequestBuilder tokenRequestBuilder, RequestOptions requestOptions) throws AuthServerMetadataContentException, AuthServerMetadataException {
        this(configuration, requestOptions);
        this.tokenRequestBuilder = tokenRequestBuilder.uri(this.providerMetadata.getTokenEndpointURI());
    }

    @Override // com.factset.sdk.utils.authentication.OAuth2Client
    public String getAccessToken() throws AccessTokenException, SigningJwsException {
        if (!isCachedTokenValid()) {
            return fetchAccessToken();
        }
        LOGGER.info("Retrieved access token which expires in: {} seconds", Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(this.accessTokenExpireTime - System.currentTimeMillis())));
        return this.accessToken.toString();
    }

    private void requestProviderMetadata() throws AuthServerMetadataContentException, AuthServerMetadataException {
        LOGGER.debug("Attempting to get response from Well Known URI");
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) this.config.getWellKnownUrl().openConnection(this.requestOptions.getProxy());
            if (httpURLConnection instanceof HttpsURLConnection) {
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
                httpsURLConnection.setHostnameVerifier(this.requestOptions.getHostnameVerifier());
                httpsURLConnection.setSSLSocketFactory(this.requestOptions.getSslSocketFactory());
            }
            this.providerMetadata = OIDCProviderMetadata.parse(IOUtils.readInputStreamToString(httpURLConnection.getInputStream()));
            LOGGER.debug("Response received from Well Known URI");
            this.tokenRequestBuilder = new TokenRequestBuilder().uri(this.providerMetadata.getTokenEndpointURI());
        } catch (ParseException e) {
            throw new AuthServerMetadataContentException("Content of WellKnownUri has errors: " + this.config.getWellKnownUrl().toString(), e);
        } catch (IOException e2) {
            throw new AuthServerMetadataException("Error retrieving contents from WellKnownUri: " + this.config.getWellKnownUrl().toString(), e2);
        }
    }

    private boolean isCachedTokenValid() {
        return this.accessToken != null && System.currentTimeMillis() < this.accessTokenExpireTime;
    }

    private String fetchAccessToken() throws AccessTokenException, SigningJwsException {
        LOGGER.debug("Fetching a new access token...");
        try {
            HTTPRequest hTTPRequest = this.tokenRequestBuilder.signedJwt(getSignedJwt()).build().toHTTPRequest();
            hTTPRequest.setProxy(this.requestOptions.getProxy());
            hTTPRequest.setHostnameVerifier(this.requestOptions.getHostnameVerifier());
            hTTPRequest.setSSLSocketFactory(this.requestOptions.getSslSocketFactory());
            logTokenRequest(hTTPRequest);
            HTTPResponse send = hTTPRequest.send();
            logTokenResponse(send);
            TokenResponse parse = TokenResponse.parse(send);
            if (parse.indicatesSuccess()) {
                this.accessToken = parse.toSuccessResponse().getTokens().getAccessToken();
                this.accessTokenExpireTime = this.jwsIssuedAt + TimeUnit.SECONDS.toMillis(this.accessToken.getLifetime());
                LOGGER.info("Fetched access token which expires in: {} seconds", Long.valueOf(this.accessToken.getLifetime()));
                return this.accessToken.toString();
            }
            if (parse.toErrorResponse().getErrorObject() == null || parse.toErrorResponse().getErrorObject().getDescription() == null) {
                throw new AccessTokenException("Unsuccessful token response: Failed to authenticate or parse the token");
            }
            throw new AccessTokenException("Unsuccessful token response: " + parse.toErrorResponse().getErrorObject().getDescription());
        } catch (IOException | ParseException e) {
            throw new AccessTokenException("Error attempting to get the access token", e);
        }
    }

    private void logTokenRequest(HTTPRequest hTTPRequest) {
        LOGGER.trace("Token Request: {} {} headers={} body={}", new Object[]{hTTPRequest.getMethod(), hTTPRequest.getURL(), hTTPRequest.getHeaderMap(), hTTPRequest.getQuery()});
    }

    private static void logTokenResponse(HTTPResponse hTTPResponse) {
        LOGGER.trace("Token Response: {} {} headers={} body={}", new Object[]{Integer.valueOf(hTTPResponse.getStatusCode()), hTTPResponse.getStatusMessage(), hTTPResponse.getHeaderMap(), hTTPResponse.getContent()});
    }

    protected SignedJWT getSignedJwt() throws SigningJwsException {
        LOGGER.debug("Signing the JWT...");
        RSAKey jwk = this.config.getJwk();
        try {
            RSASSASigner rSASSASigner = new RSASSASigner(jwk);
            JWSHeader build = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(jwk.getKeyID()).build();
            String[] strArr = {this.providerMetadata.getIssuer().toString()};
            ClientID clientID = new ClientID(this.config.getClientId());
            List create = Audience.create(strArr);
            this.jwsIssuedAt = System.currentTimeMillis();
            SignedJWT signedJWT = new SignedJWT(build, new JWTAuthenticationClaimsSet(clientID, create, new Date(this.jwsIssuedAt + TimeUnit.SECONDS.toMillis(300L)), new Date(this.jwsIssuedAt - TimeUnit.SECONDS.toMillis(5L)), new Date(this.jwsIssuedAt), new JWTID()).toJWTClaimsSet());
            try {
                signedJWT.sign(rSASSASigner);
                LOGGER.debug("JWT signed successfully");
                return signedJWT;
            } catch (IllegalStateException | JOSEException e) {
                throw new SigningJwsException("Failed signing of the JWS", e);
            }
        } catch (JOSEException e2) {
            throw new SigningJwsException("Unable to create signer", e2);
        }
    }
}
