package org.wso2.healthcare.integration.common.ehr.auth.signed;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.synapse.MessageContext;
import org.wso2.carbon.connector.core.AbstractConnector;
import org.wso2.carbon.connector.core.ConnectException;
import org.wso2.healthcare.integration.common.ehr.Constants;
import org.wso2.healthcare.integration.common.ehr.EHRConnectException;
import org.wso2.healthcare.integration.common.ehr.Utils;
import org.wso2.healthcare.integration.common.ehr.auth.Token;
import org.wso2.healthcare.integration.common.ehr.auth.TokenManager;

/* loaded from: input_file:org/wso2/healthcare/integration/common/ehr/auth/signed/ClientCredentialsWithJWTAccessTokenHandler.class */
public class ClientCredentialsWithJWTAccessTokenHandler extends AbstractConnector {
    private static final Log log = LogFactory.getLog(ClientCredentialsWithJWTAccessTokenHandler.class);
    private static final JsonParser parser = new JsonParser();

    public void connect(MessageContext messageContext) throws ConnectException {
        String str = (String) getParameter(messageContext, Constants.BASE);
        if (StringUtils.endsWith(str, "/")) {
            str = StringUtils.removeEnd(str, "/");
        }
        messageContext.setProperty("uri.var.base", str);
        if (StringUtils.isEmpty((String) messageContext.getProperty(Constants.PROPERTY_ACCESS_TOKEN))) {
            String str2 = (String) getParameter(messageContext, Constants.ACCESS_TOKEN);
            if (StringUtils.isEmpty(str2)) {
                String str3 = (String) messageContext.getProperty(Constants.PROPERTY_CLIENT_ID);
                String str4 = (String) messageContext.getProperty(Constants.PROPERTY_TOKEN_ENDPOINT);
                String str5 = (String) getParameter(messageContext, Constants.PRIVATE_KEY);
                String str6 = (String) getParameter(messageContext, Constants.KEY_STORE);
                String str7 = (String) getParameter(messageContext, Constants.PRIVATE_KEY_ALIAS);
                String str8 = (String) getParameter(messageContext, Constants.KEY_STORE_PASS);
                validateParameters(messageContext, str3, str4, str5, str6, str7, str8);
                if (log.isDebugEnabled()) {
                    log.debug("Retrieving access token from TokenManager.");
                }
                Token token = TokenManager.getToken(str3, str4);
                if (token == null || !token.isActive()) {
                    token = getAndAddNewToken(str3, str5 != null ? new PlaintextKeyCreator(str5) : new KeystoreKeyCreator(str6, str8.toCharArray(), str7), str4, messageContext);
                }
                str2 = token.getAccessToken();
            }
            messageContext.setProperty(Constants.PROPERTY_ACCESS_TOKEN, str2);
        }
    }

    private void validateParameters(MessageContext messageContext, String str, String str2, String str3, String str4, String str5, String str6) throws EHRConnectException {
        if (!StringUtils.isEmpty(str) && !StringUtils.isEmpty(str2)) {
            if (!StringUtils.isEmpty(str3)) {
                return;
            }
            if (!StringUtils.isEmpty(str4) && !StringUtils.isEmpty(str5) && !StringUtils.isEmpty(str6)) {
                return;
            }
        }
        StringBuilder sb = new StringBuilder("Following parameters are missing in init operation : ");
        if (str == null) {
            sb.append(" \"clientId\",");
        }
        if (str2 == null) {
            sb.append(" \"tokenEndpoint\",");
        }
        if (str4 != null || str5 != null) {
            if (str4 == null) {
                sb.append(" \"keyStore\",");
            }
            if (str5 == null) {
                sb.append(" \"privateKeyAlias\",");
            }
            if (str6 == null) {
                sb.append(" \"keyStorePass\",");
            }
        } else if (str3 == null) {
            sb.append(" \"privateKey\",");
        }
        String sb2 = sb.toString();
        ConnectException eHRConnectException = new EHRConnectException(sb2);
        Utils.setErrorResponse(messageContext, eHRConnectException, Constants.BAD_REQUEST_ERROR_CODE, sb2);
        throw eHRConnectException;
    }

    private synchronized Token getAndAddNewToken(String str, KeyCreator keyCreator, String str2, MessageContext messageContext) throws EHRConnectException {
        Token token = TokenManager.getToken(str, str2);
        if (token == null || !token.isActive()) {
            token = getAccessToken(messageContext, str2, generateJWT(str, keyCreator, str2, messageContext));
            TokenManager.addToken(str, str2, token);
        }
        return token;
    }

    private String generateJWT(String str, KeyCreator keyCreator, String str2, MessageContext messageContext) throws EHRConnectException {
        try {
            RSASSASigner rSASSASigner = new RSASSASigner((RSAPrivateKey) keyCreator.getKey(messageContext));
            long currentTimeMillis = System.currentTimeMillis();
            JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
            builder.issuer(str);
            builder.subject(str);
            builder.audience(str2);
            builder.jwtID(UUID.randomUUID().toString());
            builder.issueTime(new Date(currentTimeMillis));
            builder.notBeforeTime(new Date(currentTimeMillis));
            builder.expirationTime(new Date(currentTimeMillis + 300000));
            JWTClaimsSet build = builder.build();
            JWSHeader.Builder builder2 = new JWSHeader.Builder(new JWSAlgorithm(JWSAlgorithm.RS384.getName()));
            builder2.type(JOSEObjectType.JWT);
            SignedJWT signedJWT = new SignedJWT(builder2.build(), build);
            signedJWT.sign(rSASSASigner);
            return signedJWT.serialize();
        } catch (JOSEException e) {
            log.error("Error occurred while signing the JWT.", e);
            throw new EHRConnectException(e, "Error occurred while signing the JWT.");
        }
    }

    private static Token getAccessToken(MessageContext messageContext, String str, String str2) throws EHRConnectException {
        long currentTimeMillis = System.currentTimeMillis();
        HttpPost httpPost = new HttpPost(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "client_credentials"));
        arrayList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        arrayList.add(new BasicNameValuePair("client_assertion", str2));
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            try {
                CloseableHttpClient createDefault = HttpClients.createDefault();
                try {
                    CloseableHttpResponse execute = createDefault.execute(httpPost);
                    try {
                        HttpEntity entity = execute.getEntity();
                        if (entity == null) {
                            log.error("Failed to retrieve access token : No entity received.");
                            throw new EHRConnectException("Failed to retrieve access token : No entity received.");
                        }
                        int statusCode = execute.getStatusLine().getStatusCode();
                        String entityUtils = EntityUtils.toString(entity);
                        if (statusCode != 200) {
                            String str3 = "Error occurred while retrieving access token. Response: [Status : " + statusCode + " Message: " + entityUtils + "]";
                            log.error(str3);
                            ConnectException eHRConnectException = new EHRConnectException(str3);
                            Utils.setErrorResponse(messageContext, eHRConnectException, statusCode, str3);
                            throw eHRConnectException;
                        }
                        JsonObject asJsonObject = parser.parse(entityUtils).getAsJsonObject();
                        Token token = new Token(asJsonObject.get("access_token").getAsString(), Long.valueOf(currentTimeMillis), Long.valueOf(asJsonObject.get("expires_in").getAsLong() * 1000));
                        if (log.isDebugEnabled()) {
                            log.debug(token);
                        }
                        if (execute != null) {
                            execute.close();
                        }
                        if (createDefault != null) {
                            createDefault.close();
                        }
                        return token;
                    } catch (Throwable th) {
                        if (execute != null) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (createDefault != null) {
                        try {
                            createDefault.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                log.error("Error occurred while retrieving access token.", e);
                throw new EHRConnectException(e, "Error occurred while retrieving access token.");
            }
        } catch (UnsupportedEncodingException e2) {
            log.error("Error occurred while preparing access token request payload.");
            throw new EHRConnectException(e2, "Error occurred while preparing access token request payload.");
        }
    }
}
