package com.mulesoft.connectors.salesforce.composite.internal.connection.provider;

import com.mulesoft.connectors.salesforce.composite.internal.connection.SalesforceCompositeConnection;
import com.mulesoft.connectors.salesforce.composite.internal.connection.param.OAuthJWTParams;
import com.mulesoft.connectors.salesforce.composite.internal.error.CompositeErrorType;
import com.mulesoft.connectors.salesforce.composite.internal.model.AuthParams;
import com.mulesoft.connectors.salesforce.composite.internal.service.connection.oauth.SignerService;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Optional;
import java.util.concurrent.TimeoutException;
import org.apache.commons.codec.binary.Base64;
import org.mule.connectors.commons.template.connection.ConnectorConnection;
import org.mule.runtime.api.connection.CachedConnectionProvider;
import org.mule.runtime.api.connection.ConnectionException;
import org.mule.runtime.api.connection.ConnectionValidationResult;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.param.ParameterGroup;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.annotation.param.display.Placement;
import org.mule.runtime.extension.api.exception.ModuleException;
import org.mule.runtime.http.api.HttpConstants;

@DisplayName("OAuth JWT")
@Alias("oauth-jwt")
/* loaded from: input_file:com/mulesoft/connectors/salesforce/composite/internal/connection/provider/OAuthJWTConnectionProvider.class */
public class OAuthJWTConnectionProvider extends AbstractOAuthBearerConnectionProvider implements CachedConnectionProvider<SalesforceCompositeConnection> {

    @Placement(order = 2)
    @ParameterGroup(name = "Connection")
    private OAuthJWTParams oAuthJWTParams;

    @Override // com.mulesoft.connectors.salesforce.composite.internal.connection.provider.AbstractOAuthBearerConnectionProvider
    protected InputStream preAuthorize() throws TimeoutException {
        try {
            InputStream keyStoreResourceStream = getKeyStoreResourceStream(this.oAuthJWTParams.getKeyStore());
            Throwable th = null;
            try {
                StringBuilder sb = new StringBuilder();
                sb.append(Base64.encodeBase64URLSafeString("{\"alg\":\"RS256\"}".getBytes(StandardCharsets.UTF_8)));
                sb.append(".");
                sb.append(Base64.encodeBase64URLSafeString(new MessageFormat("'{'\"iss\": \"{0}\", \"prn\": \"{1}\", \"aud\": \"{2}\", \"exp\": \"{3}\"'}'").format(new String[]{this.oAuthJWTParams.getConsumerKey(), this.oAuthJWTParams.getPrincipal(), (String) Optional.ofNullable(this.oAuthJWTParams.getAudienceUrl()).orElseGet(() -> {
                    return computeBaseUrl(this.oAuthJWTParams.getTokenEndpoint());
                }), Long.toString((System.currentTimeMillis() / 1000) + 300)}).getBytes(StandardCharsets.UTF_8)));
                String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(new SignerService().signPayload("SHA256WithRSA", sb.toString().getBytes(StandardCharsets.UTF_8), keyStoreResourceStream, KeyStore.getDefaultType(), this.oAuthJWTParams.getStorePassword().toCharArray(), this.oAuthJWTParams.getCertificateAlias()));
                sb.append(".");
                sb.append(encodeBase64URLSafeString);
                InputStream sendAuthorizationRequestAndParseResponse = sendAuthorizationRequestAndParseResponse(this.oAuthJWTParams.getTokenEndpoint(), "urn:ietf:params:oauth:grant-type:jwt-bearer", sb.toString());
                if (keyStoreResourceStream != null) {
                    if (0 != 0) {
                        try {
                            keyStoreResourceStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        keyStoreResourceStream.close();
                    }
                }
                return sendAuthorizationRequestAndParseResponse;
            } catch (Throwable th3) {
                if (keyStoreResourceStream != null) {
                    if (0 != 0) {
                        try {
                            keyStoreResourceStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        keyStoreResourceStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | KeyManagementException | NoSuchAlgorithmException e) {
            throw new ModuleException("Failed generating JWT token", CompositeErrorType.CONNECTIVITY, e);
        }
    }

    protected InputStream sendAuthorizationRequestAndParseResponse(String str, String str2, String str3) throws IOException, TimeoutException {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        hashMap.put("charset", StandardCharsets.UTF_8.name());
        hashMap.put("Accept-Encoding", "gzip, deflate, sdch");
        HashMap hashMap2 = new HashMap();
        hashMap2.put(AuthParams.GRANT_TYPE, str2);
        hashMap2.put("assertion", str3);
        return getHttpClientService().sendRequest(str, HttpConstants.Method.POST, this.mapToInputStreamTransformer.transform(hashMap2), hashMap).getContent();
    }

    public /* bridge */ /* synthetic */ ConnectionValidationResult validate(Object obj) {
        return super.validate((ConnectorConnection) obj);
    }

    public /* bridge */ /* synthetic */ void disconnect(Object obj) {
        super.disconnect((ConnectorConnection) obj);
    }

    public /* bridge */ /* synthetic */ Object connect() throws ConnectionException {
        return super.connect();
    }
}
