package com.okta.sdk.impl.oauth2;

import com.adobe.marketing.mobile.services.NetworkingConstants;
import com.okta.commons.http.authc.DisabledAuthenticator;
import com.okta.commons.lang.Assert;
import com.okta.sdk.authc.credentials.ClientCredentials;
import com.okta.sdk.client.AuthenticationScheme;
import com.okta.sdk.client.AuthorizationMode;
import com.okta.sdk.impl.api.DefaultClientCredentialsResolver;
import com.okta.sdk.impl.config.ClientConfiguration;
import com.okta.sdk.impl.error.DefaultError;
import com.okta.sdk.resource.ExtensibleResource;
import com.okta.sdk.resource.ResourceException;
import ei.f;
import j$.util.Optional;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.Reader;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.Set;
import tj.a;
import tj.b;
import wi.C8343a;
import wi.d;

/* loaded from: classes4.dex */
public class AccessTokenRetrieverServiceImpl implements AccessTokenRetrieverService {
    private static final String TOKEN_URI = "/oauth2/v1/token";
    private static final a log = b.d(AccessTokenRetrieverServiceImpl.class);
    private final OAuth2TokenClient tokenClient;
    private final ClientConfiguration tokenClientConfiguration;

    public AccessTokenRetrieverServiceImpl(ClientConfiguration clientConfiguration) {
        Assert.notNull(clientConfiguration, "apiClientConfiguration must not be null.");
        ClientConfiguration constructTokenClientConfig = constructTokenClientConfig(clientConfiguration);
        this.tokenClient = new OAuth2TokenClient(constructTokenClientConfig);
        this.tokenClientConfiguration = constructTokenClientConfig;
    }

    public AccessTokenRetrieverServiceImpl(ClientConfiguration clientConfiguration, OAuth2TokenClient oAuth2TokenClient) {
        Assert.notNull(clientConfiguration, "apiClientConfiguration must not be null.");
        Assert.notNull(oAuth2TokenClient, "tokenClient must not be null.");
        this.tokenClient = oAuth2TokenClient;
        this.tokenClientConfiguration = constructTokenClientConfig(clientConfiguration);
    }

    public static /* synthetic */ Object lambda$constructTokenClientConfig$0() {
        return Optional.empty();
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [com.okta.sdk.authc.credentials.ClientCredentials, java.lang.Object] */
    public ClientConfiguration constructTokenClientConfig(ClientConfiguration clientConfiguration) {
        ClientConfiguration clientConfiguration2 = new ClientConfiguration();
        clientConfiguration2.setClientCredentialsResolver(new DefaultClientCredentialsResolver((ClientCredentials) new Object()));
        clientConfiguration2.setRequestAuthenticator(new DisabledAuthenticator());
        clientConfiguration2.setCacheManagerEnabled(false);
        if (clientConfiguration.getBaseUrlResolver() != null) {
            clientConfiguration2.setBaseUrlResolver(clientConfiguration.getBaseUrlResolver());
        }
        if (clientConfiguration.getProxy() != null) {
            clientConfiguration2.setProxy(clientConfiguration.getProxy());
        }
        clientConfiguration2.setAuthenticationScheme(AuthenticationScheme.NONE);
        clientConfiguration2.setAuthorizationMode(AuthorizationMode.get(clientConfiguration2.getAuthenticationScheme()));
        clientConfiguration2.setClientId(clientConfiguration.getClientId());
        clientConfiguration2.setScopes(clientConfiguration.getScopes());
        clientConfiguration2.setPrivateKey(clientConfiguration.getPrivateKey());
        clientConfiguration2.setRetryMaxElapsed(0);
        clientConfiguration2.setRetryMaxAttempts(1);
        return clientConfiguration2;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x00a6  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0051 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x003f A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x002b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String createSignedJWT() throws java.security.InvalidKeyException, java.io.IOException {
        /*
            r5 = this;
            com.okta.sdk.impl.config.ClientConfiguration r0 = r5.tokenClientConfiguration
            r0.getClientId()
            com.okta.sdk.impl.config.ClientConfiguration r0 = r5.tokenClientConfiguration
            java.lang.String r0 = r0.getPrivateKey()
            r5.parsePrivateKey(r0)
            j$.time.Instant r0 = j$.time.Instant.now()
            r1 = 0
            java.lang.Thread r2 = java.lang.Thread.currentThread()     // Catch: java.lang.Throwable -> L1c
            java.lang.ClassLoader r2 = r2.getContextClassLoader()     // Catch: java.lang.Throwable -> L1c
            goto L1e
        L1c:
            r2 = r1
        L1e:
            java.lang.String r3 = "io.jsonwebtoken.impl.DefaultJwtBuilder"
            if (r2 == 0) goto L28
            java.lang.Class r2 = r2.loadClass(r3)     // Catch: java.lang.ClassNotFoundException -> L27
            goto L29
        L27:
        L28:
            r2 = r1
        L29:
            if (r2 != 0) goto L3d
            java.lang.Class<fd.a> r2 = fd.C6119a.class
            java.lang.ClassLoader r2 = r2.getClassLoader()     // Catch: java.lang.Throwable -> L32
            goto L34
        L32:
            r2 = r1
        L34:
            if (r2 == 0) goto L3c
            java.lang.Class r2 = r2.loadClass(r3)     // Catch: java.lang.ClassNotFoundException -> L3b
            goto L3d
        L3b:
        L3c:
            r2 = r1
        L3d:
            if (r2 != 0) goto L4f
            java.lang.ClassLoader r2 = java.lang.ClassLoader.getSystemClassLoader()     // Catch: java.lang.Throwable -> L44
            goto L46
        L44:
            r2 = r1
        L46:
            if (r2 == 0) goto L4e
            java.lang.Class r1 = r2.loadClass(r3)     // Catch: java.lang.ClassNotFoundException -> L4d
            goto L4e
        L4d:
        L4e:
            r2 = r1
        L4f:
            if (r2 == 0) goto La6
            java.lang.Object r1 = r2.newInstance()     // Catch: java.lang.Exception -> L92
            ed.a r1 = (ed.InterfaceC5939a) r1
            com.okta.sdk.impl.config.ClientConfiguration r2 = r5.tokenClientConfiguration
            r2.getBaseUrl()
            ed.a r1 = r1.e()
            j$.util.DesugarDate.from(r0)
            ed.a r1 = r1.g()
            r2 = 1
            j$.time.temporal.ChronoUnit r4 = j$.time.temporal.ChronoUnit.HOURS
            j$.time.Instant r0 = r0.e(r2, r4)
            j$.util.DesugarDate.from(r0)
            ed.a r0 = r1.a()
            ed.a r0 = r0.b()
            ed.a r0 = r0.f()
            java.util.UUID r1 = java.util.UUID.randomUUID()
            r1.toString()
            ed.a r0 = r0.claim()
            ed.a r0 = r0.d()
            java.lang.String r0 = r0.c()
            return r0
        L92:
            r0 = move-exception
            fd.b r1 = new fd.b
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            java.lang.String r4 = "Unable to instantiate class ["
            r3.<init>(r4)
            java.lang.String r4 = "]"
            java.lang.String r2 = D.a.b(r2, r3, r4)
            r1.<init>(r2, r0)
            throw r1
        La6:
            fd.c r0 = new fd.c
            java.lang.String r1 = "Unable to load class named [io.jsonwebtoken.impl.DefaultJwtBuilder] from the thread context, current, or system/application ClassLoaders.  All heuristics have been exhausted.  Class could not be found.  Have you remembered to include the jjwt-impl.jar in your runtime classpath?"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.sdk.impl.oauth2.AccessTokenRetrieverServiceImpl.createSignedJWT():java.lang.String");
    }

    @Override // com.okta.sdk.impl.oauth2.AccessTokenRetrieverService
    public OAuth2AccessToken getOAuth2AccessToken() throws IOException, InvalidKeyException, OAuth2TokenRetrieverException {
        log.n("Attempting to get OAuth2 access token for client id {} from {}", this.tokenClientConfiguration.getClientId(), this.tokenClientConfiguration.getBaseUrl() + TOKEN_URI);
        String createSignedJWT = createSignedJWT();
        Set<String> scopes = this.tokenClientConfiguration.getScopes();
        StringBuilder sb2 = new StringBuilder();
        Iterator<T> it = scopes.iterator();
        if (it.hasNext()) {
            while (true) {
                sb2.append((CharSequence) it.next());
                if (!it.hasNext()) {
                    break;
                }
                sb2.append((CharSequence) " ");
            }
        }
        try {
            ExtensibleResource extensibleResource = (ExtensibleResource) this.tokenClient.http().addHeaderParameter(NetworkingConstants.Headers.ACCEPT, "application/json").addHeaderParameter("Content-Type", "application/x-www-form-urlencoded").addQueryParameter("grant_type", "client_credentials").addQueryParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer").addQueryParameter("client_assertion", createSignedJWT).addQueryParameter(OAuth2AccessToken.SCOPE_KEY, sb2.toString()).post(TOKEN_URI, ExtensibleResource.class);
            OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken();
            oAuth2AccessToken.setTokenType(extensibleResource.getString(OAuth2AccessToken.TOKEN_TYPE_KEY));
            oAuth2AccessToken.setExpiresIn(extensibleResource.getInteger(OAuth2AccessToken.EXPIRES_IN_KEY));
            oAuth2AccessToken.setAccessToken(extensibleResource.getString("access_token"));
            oAuth2AccessToken.setScope(extensibleResource.getString(OAuth2AccessToken.SCOPE_KEY));
            log.n("Got OAuth2 access token for client id {} from {}", this.tokenClientConfiguration.getClientId(), this.tokenClientConfiguration.getBaseUrl() + TOKEN_URI);
            return oAuth2AccessToken;
        } catch (ResourceException e4) {
            DefaultError defaultError = (DefaultError) e4.getError();
            defaultError.setMessage(defaultError.getString("error") + " - " + defaultError.getString("error_description"));
            throw new OAuth2HttpException(defaultError, e4, e4.getStatus() == 401);
        } catch (Exception e10) {
            throw new OAuth2TokenRetrieverException("Exception while trying to get OAuth2 access token for client id " + this.tokenClientConfiguration.getClientId(), e10);
        }
    }

    /* JADX WARN: Type inference failed for: r2v0, types: [com.google.android.gms.internal.measurement.c0, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v2, types: [java.lang.Object, xi.a] */
    public PrivateKey getPrivateKeyFromPEM(Reader reader) throws IOException {
        PrivateKey generatePrivate;
        d dVar = new d(reader);
        try {
            ?? obj = new Object();
            obj.f62529a = new Object();
            Object readObject = dVar.readObject();
            if (readObject == null) {
                throw new IllegalArgumentException("Invalid Private Key PEM file");
            }
            if (readObject instanceof wi.b) {
                generatePrivate = obj.b((wi.b) readObject).getPrivate();
            } else {
                if (!(readObject instanceof f)) {
                    throw new IllegalArgumentException("Unsupported Private Key format '" + readObject.getClass().getSimpleName() + '\"');
                }
                f fVar = (f) readObject;
                try {
                    generatePrivate = obj.a(fVar.f45915b).generatePrivate(new PKCS8EncodedKeySpec(fVar.j()));
                } catch (Exception e4) {
                    throw new C8343a(com.adobe.marketing.mobile.assurance.d.a(e4, new StringBuilder("unable to convert key pair: ")), e4);
                }
            }
            dVar.close();
            return generatePrivate;
        } catch (Throwable th2) {
            try {
                throw th2;
            } catch (Throwable th3) {
                try {
                    dVar.close();
                } catch (Throwable th4) {
                    th2.addSuppressed(th4);
                }
                throw th3;
            }
        }
    }

    public PrivateKey parsePrivateKey(String str) throws IOException, InvalidKeyException {
        Path path;
        BufferedReader newBufferedReader;
        Assert.notNull(str, "privateKeyFilePath may not be null");
        path = Paths.get(str, new String[0]);
        newBufferedReader = Files.newBufferedReader(path, Charset.defaultCharset());
        PrivateKey privateKeyFromPEM = getPrivateKeyFromPEM(newBufferedReader);
        String algorithm = privateKeyFromPEM.getAlgorithm();
        if (algorithm.equals("RSA") || algorithm.equals("EC")) {
            return privateKeyFromPEM;
        }
        throw new InvalidKeyException("Supplied privateKey is not an RSA or EC key - ".concat(algorithm));
    }
}
