package org.apache.camel.component.salesforce.internal;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.time.Clock;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.DestroyFailedException;
import org.apache.camel.CamelContext;
import org.apache.camel.component.salesforce.AuthenticationType;
import org.apache.camel.component.salesforce.SalesforceEndpointConfig;
import org.apache.camel.component.salesforce.SalesforceHttpClient;
import org.apache.camel.component.salesforce.SalesforceLoginConfig;
import org.apache.camel.component.salesforce.api.SalesforceException;
import org.apache.camel.component.salesforce.api.dto.RestError;
import org.apache.camel.component.salesforce.api.utils.JsonUtils;
import org.apache.camel.component.salesforce.internal.dto.LoginError;
import org.apache.camel.component.salesforce.internal.dto.LoginToken;
import org.apache.camel.support.jsse.KeyStoreParameters;
import org.apache.camel.support.service.ServiceSupport;
import org.apache.camel.util.ObjectHelper;
import org.eclipse.jetty.client.HttpConversation;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.client.util.FormContentProvider;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.util.Fields;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/salesforce/internal/SalesforceSession.class */
public class SalesforceSession extends ServiceSupport {
    private static final String JWT_SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final int JWT_CLAIM_WINDOW = 270;
    private static final String OAUTH2_REVOKE_PATH = "/services/oauth2/revoke?token=";
    private static final String OAUTH2_TOKEN_PATH = "/services/oauth2/token";
    private final SalesforceHttpClient httpClient;
    private final long timeout;
    private final SalesforceLoginConfig config;
    private final ObjectMapper objectMapper;
    private final Set<SalesforceSessionListener> listeners;
    private volatile String accessToken;
    private volatile String instanceUrl;
    private volatile String id;
    private volatile String orgId;
    private final CamelContext camelContext;
    private final AtomicBoolean loggingIn = new AtomicBoolean();
    private CountDownLatch latch = new CountDownLatch(1);
    private static final String JWT_HEADER = Base64.getUrlEncoder().encodeToString("{\"alg\":\"RS256\"}".getBytes(StandardCharsets.UTF_8));
    private static final Logger LOG = LoggerFactory.getLogger(SalesforceSession.class);

    /* loaded from: input_file:org/apache/camel/component/salesforce/internal/SalesforceSession$SalesforceSessionListener.class */
    public interface SalesforceSessionListener {
        void onLogin(String str, String str2);

        void onLogout();
    }

    public SalesforceSession(CamelContext camelContext, SalesforceHttpClient salesforceHttpClient, long j, SalesforceLoginConfig salesforceLoginConfig) {
        this.camelContext = camelContext;
        ObjectHelper.notNull(salesforceHttpClient, "httpClient");
        ObjectHelper.notNull(salesforceLoginConfig, "SalesforceLoginConfig");
        salesforceLoginConfig.validate();
        this.httpClient = salesforceHttpClient;
        this.timeout = j;
        this.config = salesforceLoginConfig;
        this.objectMapper = JsonUtils.createObjectMapper();
        this.listeners = new CopyOnWriteArraySet();
    }

    public void attemptLoginUntilSuccessful(long j, long j2) {
        if (!this.loggingIn.compareAndSet(false, true)) {
            LOG.debug("waiting on login from another thread");
            while (this.latch == null) {
                try {
                    Thread.sleep(100L);
                } catch (InterruptedException e) {
                    throw new RuntimeException("Failed to login.", e);
                }
            }
            this.latch.await();
            LOG.debug("done waiting");
            return;
        }
        LOG.debug("Attempting to login, no other threads logging in");
        this.latch = new CountDownLatch(1);
        long j3 = 0;
        while (!isStoppingOrStopped()) {
            try {
                try {
                    login(getAccessToken());
                    this.loggingIn.set(false);
                    this.latch.countDown();
                    return;
                } catch (SalesforceException e2) {
                    j3 += j;
                    if (j3 > j2) {
                        j3 = j2;
                    }
                    LOG.warn(String.format("Salesforce login failed. Pausing for %d milliseconds", Long.valueOf(j3)), e2);
                    try {
                        Thread.sleep(j3);
                    } catch (InterruptedException e3) {
                        throw new RuntimeException("Failed to login.", e3);
                    }
                }
            } finally {
                this.loggingIn.set(false);
                this.latch.countDown();
            }
        }
    }

    public synchronized String login(String str) throws SalesforceException {
        if (this.accessToken == null || this.accessToken.equals(str)) {
            this.accessToken = str;
            if (this.accessToken != null) {
                try {
                    logout();
                } catch (SalesforceException e) {
                    LOG.warn("Error revoking old access token: {}", e.getMessage(), e);
                }
                this.accessToken = null;
            }
            try {
                ContentResponse send = getLoginRequest(null).send();
                parseLoginResponse(send, send.getContentAsString());
            } catch (InterruptedException e2) {
                throw new SalesforceException("Login error: " + e2.getMessage(), e2);
            } catch (ExecutionException e3) {
                throw new SalesforceException("Unexpected login error: " + e3.getCause().getMessage(), e3.getCause());
            } catch (TimeoutException e4) {
                throw new SalesforceException("Login request timeout: " + e4.getMessage(), e4);
            }
        }
        return this.accessToken;
    }

    public Request getLoginRequest(HttpConversation httpConversation) {
        String str = (this.instanceUrl == null ? this.config.getLoginUrl() : this.instanceUrl) + "/services/oauth2/token";
        LOG.info("Login at Salesforce loginUrl: {}", str);
        Fields fields = new Fields(true);
        fields.put("client_id", this.config.getClientId());
        fields.put(SalesforceEndpointConfig.FORMAT, "json");
        AuthenticationType type = this.config.getType();
        switch (type) {
            case USERNAME_PASSWORD:
                fields.put("client_secret", this.config.getClientSecret());
                fields.put("grant_type", "password");
                fields.put("username", this.config.getUserName());
                fields.put("password", this.config.getPassword());
                break;
            case REFRESH_TOKEN:
                fields.put("client_secret", this.config.getClientSecret());
                fields.put("grant_type", "refresh_token");
                fields.put("refresh_token", this.config.getRefreshToken());
                break;
            case JWT:
                fields.put("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
                fields.put("assertion", generateJwtAssertion());
                break;
            case CLIENT_CREDENTIALS:
                fields.put("grant_type", "client_credentials");
                fields.put("client_secret", this.config.getClientSecret());
                break;
            default:
                throw new IllegalArgumentException("Unsupported login configuration type: " + type);
        }
        return (httpConversation == null ? this.httpClient.POST(str) : this.httpClient.newHttpRequest(httpConversation, URI.create(str)).method(HttpMethod.POST)).content(new FormContentProvider(fields)).timeout(this.timeout, TimeUnit.MILLISECONDS);
    }

    String generateJwtAssertion() {
        StringBuilder append = new StringBuilder(JWT_HEADER).append('.').append(Base64.getUrlEncoder().encodeToString(("{\"iss\":\"" + this.config.getClientId() + "\",\"sub\":\"" + this.config.getUserName() + "\",\"aud\":\"" + (this.config.getJwtAudience() != null ? this.config.getJwtAudience() : this.config.getLoginUrl()) + "\",\"exp\":\"" + ((Clock.systemUTC().millis() / 1000) + 270) + "\"}").getBytes(StandardCharsets.UTF_8)));
        KeyStoreParameters keystore = this.config.getKeystore();
        keystore.setCamelContext(this.camelContext);
        try {
            KeyStore createKeyStore = keystore.createKeyStore();
            Enumeration<String> aliases = createKeyStore.aliases();
            String str = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (createKeyStore.isKeyEntry(nextElement)) {
                    if (str != null) {
                        throw new IllegalArgumentException("The given keystore `" + keystore.getResource() + "` contains more than one key entry, expecting only one");
                    }
                    str = nextElement;
                }
            }
            PrivateKey privateKey = (PrivateKey) createKeyStore.getKey(str, keystore.getPassword().toCharArray());
            Signature signature = Signature.getInstance(JWT_SIGNATURE_ALGORITHM);
            signature.initSign(privateKey);
            signature.update(append.toString().getBytes(StandardCharsets.UTF_8));
            append.append('.').append(Base64.getUrlEncoder().encodeToString(signature.sign()));
            try {
                privateKey.destroy();
            } catch (DestroyFailedException e) {
                LOG.debug("Error destroying private key: {}", e.getMessage());
            }
            return append.toString();
        } catch (IOException | GeneralSecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public synchronized void parseLoginResponse(ContentResponse contentResponse, String str) throws SalesforceException {
        int status = contentResponse.getStatus();
        try {
            switch (status) {
                case 200:
                    LoginToken loginToken = (LoginToken) this.objectMapper.readValue(str, LoginToken.class);
                    LOG.info("Login successful");
                    this.accessToken = loginToken.getAccessToken();
                    this.instanceUrl = (String) Optional.ofNullable(this.config.getInstanceUrl()).orElse(loginToken.getInstanceUrl());
                    this.id = loginToken.getId();
                    this.orgId = this.id.substring(this.id.indexOf("id/") + 3, this.id.indexOf("id/") + 21);
                    int length = this.instanceUrl.length() - 1;
                    if (this.instanceUrl.charAt(length) == '/') {
                        this.instanceUrl = this.instanceUrl.substring(0, length);
                    }
                    for (SalesforceSessionListener salesforceSessionListener : this.listeners) {
                        try {
                            salesforceSessionListener.onLogin(this.accessToken, this.instanceUrl);
                        } catch (Exception e) {
                            LOG.warn("Unexpected error from listener {}: {}", salesforceSessionListener, e.getMessage());
                        }
                    }
                    return;
                case 400:
                    LoginError loginError = (LoginError) this.objectMapper.readValue(str, LoginError.class);
                    String error = loginError.getError();
                    String format = String.format("Login error code:[%s] description:[%s]", loginError.getError(), loginError.getErrorDescription());
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new RestError(error, format));
                    throw new SalesforceException(arrayList, 400);
                default:
                    throw new SalesforceException(String.format("Login error status:[%s] reason:[%s]", Integer.valueOf(status), contentResponse.getReason()), status);
            }
        } catch (IOException e2) {
            throw new SalesforceException("Login error: response parse exception " + e2.getMessage(), e2);
        }
        throw new SalesforceException("Login error: response parse exception " + e2.getMessage(), e2);
    }

    public synchronized void logout() throws SalesforceException {
        try {
            if (this.accessToken == null) {
                return;
            }
            try {
                if (this.httpClient.newRequest((this.instanceUrl == null ? this.config.getLoginUrl() : this.instanceUrl) + "/services/oauth2/revoke?token=" + this.accessToken).timeout(this.timeout, TimeUnit.MILLISECONDS).send().getStatus() == 200) {
                    LOG.debug("Logout successful");
                } else {
                    LOG.debug("Failed to revoke OAuth token. This is expected if the token is invalid or already expired");
                }
            } catch (InterruptedException e) {
                throw new SalesforceException("Logout error: " + e.getMessage(), e);
            } catch (ExecutionException e2) {
                Throwable cause = e2.getCause();
                throw new SalesforceException("Unexpected logout exception: " + cause.getMessage(), cause);
            } catch (TimeoutException e3) {
                throw new SalesforceException("Logout request TIMEOUT!", e3);
            }
        } finally {
            this.accessToken = null;
            this.instanceUrl = null;
            for (SalesforceSessionListener salesforceSessionListener : this.listeners) {
                try {
                    salesforceSessionListener.onLogout();
                } catch (Exception e4) {
                    LOG.warn("Unexpected error from listener {}: {}", salesforceSessionListener, e4.getMessage());
                }
            }
        }
    }

    public String getAccessToken() {
        return this.accessToken;
    }

    public String getInstanceUrl() {
        return this.instanceUrl;
    }

    public String getId() {
        return this.id;
    }

    public String getOrgId() {
        return this.orgId;
    }

    public boolean addListener(SalesforceSessionListener salesforceSessionListener) {
        return this.listeners.add(salesforceSessionListener);
    }

    public boolean removeListener(SalesforceSessionListener salesforceSessionListener) {
        return this.listeners.remove(salesforceSessionListener);
    }

    public void doStart() throws Exception {
        login(this.accessToken);
    }

    public void doStop() throws Exception {
        logout();
    }

    public long getTimeout() {
        return this.timeout;
    }
}
