package com.here.account.oauth2;

import com.here.account.auth.NoAuthorizer;
import com.here.account.client.Client;
import com.here.account.http.HttpConstants;
import com.here.account.http.HttpProvider;
import com.here.account.oauth2.bo.TimestampResponse;
import com.here.account.oauth2.retry.NoRetryPolicy;
import com.here.account.oauth2.retry.RetryPolicy;
import com.here.account.olp.OlpHttpMessage;
import com.here.account.util.Clock;
import com.here.account.util.JacksonSerializer;
import com.here.account.util.RefreshableResponseProvider;
import com.here.account.util.Serializer;
import com.here.account.util.SettableClock;
import com.here.account.util.SettableSystemClock;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.URL;
import java.util.Map;
import java.util.function.Supplier;
import java.util.logging.Logger;

/* loaded from: input_file:com/here/account/oauth2/HereAccount.class */
public class HereAccount {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/here/account/oauth2/HereAccount$TokenEndpointImpl.class */
    public static class TokenEndpointImpl implements TokenEndpoint {
        private static final Logger LOGGER = Logger.getLogger(TokenEndpointImpl.class.getName());

        @Deprecated
        public static final String HTTP_METHOD_POST = "POST";
        private final boolean currentTimeMillisSettable;
        private final Clock clock;
        private final SettableClock settableClock;
        private final String timestampUrl;
        private final boolean requestTokenFromFile;
        private final Client client;
        private final HttpProvider httpProvider;
        private final HttpConstants.HttpMethods httpMethod;
        private final String url;
        private final String scope;
        private final HttpProvider.HttpRequestAuthorizer clientAuthorizer;
        private final Serializer serializer;
        private static final String FILE_URL_START = "file://";
        private static final int CLOCK_SKEW_STATUS_CODE = 401;
        private static final int CLOCK_SKEW_ERROR_CODE = 401204;
        private static final long CONVERT_SECONDS_TO_MILLISECONDS = 1000;
        private static final String SLASH_TOKEN = "/oauth2/token";
        private static final String SLASH_TIMESTAMP = "/timestamp";
        private final NoAuthorizer noAuthorizer;

        private TokenEndpointImpl(Clock clock, HttpProvider httpProvider, ClientAuthorizationRequestProvider clientAuthorizationRequestProvider, Serializer serializer, RetryPolicy retryPolicy) {
            this.noAuthorizer = new NoAuthorizer();
            this.clock = clock;
            this.url = clientAuthorizationRequestProvider.getTokenEndpointUrl();
            this.clientAuthorizer = clientAuthorizationRequestProvider.getClientAuthorizer();
            this.httpMethod = clientAuthorizationRequestProvider.getHttpMethod();
            this.scope = clientAuthorizationRequestProvider.getScope();
            this.client = Client.builder().withHttpProvider(httpProvider).withClientAuthorizer(this.clientAuthorizer).withSerializer(serializer).withRetryPolicy(retryPolicy).build();
            this.httpProvider = httpProvider;
            this.serializer = serializer;
            this.requestTokenFromFile = null != this.url && this.url.startsWith(FILE_URL_START);
            boolean z = (clock instanceof SettableClock) && null != this.url && this.url.endsWith(SLASH_TOKEN);
            this.currentTimeMillisSettable = z;
            if (z) {
                this.settableClock = (SettableClock) clock;
                this.timestampUrl = this.url.substring(0, this.url.length() - SLASH_TOKEN.length()) + SLASH_TIMESTAMP;
            } else {
                this.settableClock = null;
                this.timestampUrl = null;
            }
        }

        protected AccessTokenResponse requestTokenFromFile() throws RequestExecutionException {
            try {
                InputStream openStream = new URL(this.url).openStream();
                Throwable th = null;
                try {
                    AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.serializer.jsonToPojo(openStream, FileAccessTokenResponse.class);
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                    return accessTokenResponse;
                } finally {
                }
            } catch (IOException e) {
                throw new RequestExecutionException(e);
            }
        }

        @Override // com.here.account.oauth2.TokenEndpoint
        public AccessTokenResponse requestToken(AccessTokenRequest accessTokenRequest) throws AccessTokenException, RequestExecutionException, ResponseParsingException {
            return this.requestTokenFromFile ? requestTokenFromFile() : requestTokenHttp(accessTokenRequest, 1);
        }

        protected AccessTokenResponse requestTokenHttp(AccessTokenRequest accessTokenRequest, int i) throws AccessTokenException, RequestExecutionException, ResponseParsingException {
            String method = this.httpMethod.getMethod();
            if (null != this.scope && null == accessTokenRequest.getScope()) {
                accessTokenRequest.setScope(this.scope);
            }
            HttpProvider.HttpRequest request = this.httpProvider.getRequest(this.clientAuthorizer, method, this.url, accessTokenRequest.toFormParams());
            addAdditionalHeaders(request, accessTokenRequest);
            try {
                return (AccessTokenResponse) this.client.sendMessage(request, AccessTokenResponse.class, ErrorResponse.class, (num, errorResponse) -> {
                    return new AccessTokenException(num.intValue(), errorResponse);
                });
            } catch (AccessTokenException e) {
                return handleFixableErrors(accessTokenRequest, i, e);
            }
        }

        private void addAdditionalHeaders(HttpProvider.HttpRequest httpRequest, AccessTokenRequest accessTokenRequest) {
            Map<String, String> additionalHeaders = accessTokenRequest.getAdditionalHeaders();
            if (null != additionalHeaders) {
                for (Map.Entry<String, String> entry : additionalHeaders.entrySet()) {
                    httpRequest.addHeader(entry.getKey(), entry.getValue());
                }
            }
            String correlationId = accessTokenRequest.getCorrelationId();
            if (null != correlationId) {
                httpRequest.addHeader(OlpHttpMessage.X_CORRELATION_ID, correlationId);
            }
        }

        protected boolean canFixClockSkew(int i, AccessTokenException accessTokenException) {
            ErrorResponse errorResponse;
            return this.currentTimeMillisSettable && i > 0 && null != accessTokenException && CLOCK_SKEW_STATUS_CODE == accessTokenException.getStatusCode() && null != (errorResponse = accessTokenException.getErrorResponse()) && CLOCK_SKEW_ERROR_CODE == errorResponse.getErrorCode().intValue();
        }

        protected TimestampResponse getServerTimestamp() {
            return (TimestampResponse) this.client.sendMessage(this.httpProvider.getRequest(this.noAuthorizer, HttpConstants.HttpMethods.GET.getMethod(), this.timestampUrl, (String) null), TimestampResponse.class, ErrorResponse.class, (num, errorResponse) -> {
                return new AccessTokenException(num.intValue(), errorResponse);
            });
        }

        protected AccessTokenResponse handleFixableErrors(AccessTokenRequest accessTokenRequest, int i, AccessTokenException accessTokenException) {
            if (!canFixClockSkew(i, accessTokenException)) {
                throw accessTokenException;
            }
            try {
                this.settableClock.setCurrentTimeMillis(getServerTimestamp().getTimestamp().longValue() * CONVERT_SECONDS_TO_MILLISECONDS);
                return requestTokenHttp(accessTokenRequest, i - 1);
            } catch (Exception e) {
                LOGGER.warning(() -> {
                    return "correcting clock skew, trouble getting timestamp: " + e;
                });
                throw accessTokenException;
            }
        }

        @Override // com.here.account.oauth2.TokenEndpoint
        public Fresh<AccessTokenResponse> requestAutoRefreshingToken(Supplier<AccessTokenRequest> supplier) throws AccessTokenException, RequestExecutionException, ResponseParsingException {
            final RefreshableResponseProvider refreshableClientTokenProvider = HereAccount.getRefreshableClientTokenProvider(this.clock, this, supplier);
            return new Fresh<AccessTokenResponse>() { // from class: com.here.account.oauth2.HereAccount.TokenEndpointImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.here.account.oauth2.Fresh
                public AccessTokenResponse get() {
                    return (AccessTokenResponse) refreshableClientTokenProvider.getUnexpiredResponse();
                }

                @Override // java.io.Closeable, java.lang.AutoCloseable
                public void close() throws IOException {
                    refreshableClientTokenProvider.shutdown();
                }
            };
        }

        @Override // com.here.account.oauth2.TokenEndpoint
        public Fresh<AccessTokenResponse> requestAutoRefreshingToken(AccessTokenRequest accessTokenRequest) throws AccessTokenException, RequestExecutionException, ResponseParsingException {
            return requestAutoRefreshingToken(() -> {
                return new ClientCredentialsGrantRequest().setExpiresIn(accessTokenRequest.getExpiresIn()).setScope(accessTokenRequest.getScope());
            });
        }
    }

    private HereAccount() {
    }

    public static TokenEndpoint getTokenEndpoint(HttpProvider httpProvider, ClientCredentialsProvider clientCredentialsProvider) {
        return new TokenEndpointImpl(reuseClock(clientCredentialsProvider), httpProvider, clientCredentialsProvider, new JacksonSerializer(), new NoRetryPolicy());
    }

    public static TokenEndpoint getTokenEndpoint(HttpProvider httpProvider, ClientAuthorizationRequestProvider clientAuthorizationRequestProvider) {
        return getTokenEndpoint(reuseClock(clientAuthorizationRequestProvider), httpProvider, clientAuthorizationRequestProvider, new JacksonSerializer(), new NoRetryPolicy());
    }

    private static Clock reuseClock(ClientAuthorizationRequestProvider clientAuthorizationRequestProvider) {
        Clock clock = null;
        if (null != clientAuthorizationRequestProvider) {
            clock = clientAuthorizationRequestProvider.getClock();
        }
        if (null == clock) {
            clock = new SettableSystemClock();
        }
        return clock;
    }

    private static Clock reuseClock(ClientCredentialsProvider clientCredentialsProvider) {
        Clock clock = null;
        if (null != clientCredentialsProvider) {
            clock = clientCredentialsProvider.getClock();
        }
        if (null == clock) {
            clock = new SettableSystemClock();
        }
        return clock;
    }

    @Deprecated
    public static TokenEndpoint getTokenEndpoint(HttpProvider httpProvider, ClientAuthorizationRequestProvider clientAuthorizationRequestProvider, Serializer serializer) {
        return getTokenEndpoint(reuseClock(clientAuthorizationRequestProvider), httpProvider, clientAuthorizationRequestProvider, serializer, new NoRetryPolicy());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TokenEndpoint getTokenEndpoint(HttpProvider httpProvider, ClientAuthorizationRequestProvider clientAuthorizationRequestProvider, Serializer serializer, RetryPolicy retryPolicy) {
        return getTokenEndpoint(reuseClock(clientAuthorizationRequestProvider), httpProvider, clientAuthorizationRequestProvider, serializer, retryPolicy);
    }

    private static TokenEndpoint getTokenEndpoint(Clock clock, HttpProvider httpProvider, ClientAuthorizationRequestProvider clientAuthorizationRequestProvider, Serializer serializer, RetryPolicy retryPolicy) {
        return new TokenEndpointImpl(clock, httpProvider, clientAuthorizationRequestProvider, serializer, retryPolicy);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RefreshableResponseProvider<AccessTokenResponse> getRefreshableClientTokenProvider(Clock clock, TokenEndpoint tokenEndpoint, Supplier<AccessTokenRequest> supplier) throws AccessTokenException, RequestExecutionException, ResponseParsingException {
        return new RefreshableResponseProvider<>(clock, null, tokenEndpoint.requestToken(supplier.get()), accessTokenResponse -> {
            try {
                return tokenEndpoint.requestToken((AccessTokenRequest) supplier.get());
            } catch (AccessTokenException | RequestExecutionException | ResponseParsingException e) {
                throw new RuntimeException("trouble refresh: " + e, e);
            }
        }, RefreshableResponseProvider.getScheduledExecutorServiceSize1());
    }

    @Deprecated
    static void nullSafeCloseThrowingUnchecked(Closeable closeable) {
        if (null != closeable) {
            try {
                closeable.close();
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }
}
