package com.adobe.acs.commons.adobeio.service.impl;

import acscommons.com.google.common.collect.Lists;
import acscommons.io.jsonwebtoken.Claims;
import acscommons.io.jsonwebtoken.Jwts;
import acscommons.io.jsonwebtoken.SignatureAlgorithm;
import acscommons.io.jsonwebtoken.gson.io.GsonSerializer;
import acscommons.io.jsonwebtoken.security.InvalidKeyException;
import com.adobe.acs.commons.adobeio.service.IntegrationService;
import com.adobe.acs.commons.util.ResourceDataUtil;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = IntegrationConfiguration.class)
@Component(service = {IntegrationService.class, Runnable.class}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"scheduler.expression=0 0 0/1 1/1 * ? *"})
/* loaded from: input_file:com/adobe/acs/commons/adobeio/service/impl/IntegrationServiceImpl.class */
public class IntegrationServiceImpl implements IntegrationService, Runnable {
    private static final Logger LOGGER = LoggerFactory.getLogger(IntegrationServiceImpl.class);
    private static final Base64.Decoder DECODER = Base64.getMimeDecoder();

    @Reference
    private AdobeioHelper helper;
    private String accessToken = null;
    protected IntegrationConfiguration jwtServiceConfig;

    @Activate
    @Modified
    protected void activate(IntegrationConfiguration integrationConfiguration) {
        this.jwtServiceConfig = integrationConfiguration;
    }

    @Override // java.lang.Runnable
    public void run() {
        this.accessToken = fetchAccessToken();
        LOGGER.info("access token in run()-method {}", this.accessToken);
    }

    @Override // com.adobe.acs.commons.adobeio.service.IntegrationService
    public String getAccessToken() {
        if (StringUtils.isEmpty(this.accessToken)) {
            this.accessToken = fetchAccessToken();
        }
        return this.accessToken;
    }

    @Override // com.adobe.acs.commons.adobeio.service.IntegrationService
    public String getApiKey() {
        return this.jwtServiceConfig.clientId();
    }

    @Override // com.adobe.acs.commons.adobeio.service.IntegrationService
    public int getTimeoutinMilliSeconds() {
        return this.jwtServiceConfig.timeoutInMilliSeocnds();
    }

    private String fetchAccessToken() {
        String str = "";
        try {
            CloseableHttpClient httpClient = this.helper.getHttpClient(getTimeoutinMilliSeconds());
            try {
                HttpPost httpPost = new HttpPost(this.jwtServiceConfig.endpoint());
                httpPost.addHeader(AdobeioConstants.CACHE_CONTRL, AdobeioConstants.NO_CACHE);
                httpPost.addHeader("content-type", AdobeioConstants.CONTENT_TYPE_URL_ENCODED);
                ArrayList newArrayList = Lists.newArrayList();
                newArrayList.add(new BasicNameValuePair(AdobeioConstants.CLIENT_ID, this.jwtServiceConfig.clientId()));
                newArrayList.add(new BasicNameValuePair(AdobeioConstants.CLIENT_SECRET, this.jwtServiceConfig.clientSecret()));
                newArrayList.add(new BasicNameValuePair(AdobeioConstants.JWT_TOKEN, getJwtToken()));
                httpPost.setEntity(new UrlEncodedFormEntity(newArrayList));
                CloseableHttpResponse execute = httpClient.execute(httpPost);
                if (execute.getStatusLine().getStatusCode() != 200) {
                    LOGGER.info("response code {} ", Integer.valueOf(execute.getStatusLine().getStatusCode()));
                }
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), ResourceDataUtil.ENCODING_UTF_8);
                LOGGER.info("JSON Response : {}", iOUtils);
                JsonObject asJsonObject = new JsonParser().parse(iOUtils).getAsJsonObject();
                if (asJsonObject.has(AdobeioConstants.JSON_ACCESS_TOKEN)) {
                    str = asJsonObject.get(AdobeioConstants.JSON_ACCESS_TOKEN).getAsString();
                } else {
                    LOGGER.error("JSON does not contain an access_token");
                }
                if (httpClient != null) {
                    httpClient.close();
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error("Unable to fetch the access token", e);
        }
        LOGGER.info("JWT Access Token : {}", str);
        return str;
    }

    protected String getJwtToken() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        String compact = Jwts.builder().setClaims(getJwtClaims()).signWith(getPrivateKey(), SignatureAlgorithm.RS256).serializeToJsonWith(new GsonSerializer()).compact();
        LOGGER.info("JWT Token : \n {}", compact);
        return compact;
    }

    private PrivateKey getPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(buildPkcs8Key(this.jwtServiceConfig.privateKey())));
    }

    protected static byte[] buildPkcs8Key(String str) {
        if (str.contains("--BEGIN PRIVATE KEY--")) {
            return DECODER.decode(str.replaceAll("-----\\w+ PRIVATE KEY-----", ""));
        }
        if (!str.contains("--BEGIN RSA PRIVATE KEY--")) {
            LOGGER.error("Invalid cert format: {}", str);
            return "".getBytes();
        }
        byte[] decode = DECODER.decode(str.replaceAll("-----\\w+ RSA PRIVATE KEY-----", ""));
        byte[] bArr = new byte[decode.length + 26];
        System.arraycopy(DECODER.decode("MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKY="), 0, bArr, 0, 26);
        System.arraycopy(BigInteger.valueOf(bArr.length - 4).toByteArray(), 0, bArr, 2, 2);
        System.arraycopy(BigInteger.valueOf(decode.length).toByteArray(), 0, bArr, 24, 2);
        System.arraycopy(decode, 0, bArr, 26, decode.length);
        return bArr;
    }

    private Map getJwtClaims() {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.ISSUER, this.jwtServiceConfig.amcOrgId());
        hashMap.put(Claims.SUBJECT, this.jwtServiceConfig.techAccountId());
        hashMap.put(Claims.EXPIRATION, Long.valueOf(getExpirationDate()));
        hashMap.put(Claims.AUDIENCE, String.format("%s%s", this.jwtServiceConfig.loginEndpoint(), this.jwtServiceConfig.clientId()));
        String[] adobeLoginClaimKey = this.jwtServiceConfig.adobeLoginClaimKey();
        if (adobeLoginClaimKey != null && adobeLoginClaimKey.length > 0) {
            for (String str : adobeLoginClaimKey) {
                hashMap.put(str, Boolean.TRUE);
            }
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(new Gson().toJson(hashMap));
        }
        return hashMap;
    }

    private long getExpirationDate() {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date());
        calendar.add(13, this.jwtServiceConfig.expirationTimeInSeconds());
        return calendar.getTime().getTime();
    }
}
