package com.appiancorp.connectedsystems.http.oauth;

import com.appiancorp.connectedsystems.http.HttpPostBuilder;
import com.appiancorp.connectedsystems.http.execution.HttpStatusCodeExceptionHelper;
import com.appiancorp.connectedsystems.http.execution.IntegrationDesignerDiagnosticBuilder;
import com.appiancorp.connectedsystems.http.oauth.OAuthHttpRequestSender;
import com.appiancorp.connectedsystems.monitoring.OAuthSamlAuthGrantPrometheusMetrics;
import com.appiancorp.core.configuration.FeatureToggles;
import com.appiancorp.core.expr.portable.string.Strings;
import com.appiancorp.environments.core.DefaultFeatureToggleConfiguration;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.http.ProxyHttpClientBuilder;
import com.appiancorp.security.ssl.CertificateSslContextFactory;
import com.appiancorp.suite.cfg.ProxyConfiguration;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.apache.ApacheHttpTransport;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Consts;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/connectedsystems/http/oauth/BaseOAuthTokenRetriever.class */
public class BaseOAuthTokenRetriever implements OAuthTokenRetriever {
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String REDIRECT_URI = "redirect_uri";
    static final String ACCESS_TOKEN = "access_token";
    private static final String REFRESH_TOKEN = "refresh_token";
    private static final String EXPIRES_IN = "expires_in";
    private static final String GRANT_TYPE = "grant_type";
    private static final String CLIENT_CREDENTIALS_TYPE = "client_credentials";
    private static final String AUTHORIZATION_CODE_TYPE = "authorization_code";
    private static final String REFRESH_TOKEN_TYPE = "refresh_token";
    private static final String CONTENT_TYPE_URL_ENCODE = "application/x-www-form-urlencoded";
    private static final String CONTENT_TYPE_HEADER_NAME = "Content-Type";
    private static final String ACCEPT_HEADER_NAME = "Accept";
    private static final String ACCEPT_APPLICATION_JSON = "application/json";
    private static final String ASSERTION = "assertion";
    private static final String SAML_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:saml2-bearer";
    private final OAuthHttpRequestSender requestSender;
    private final FeatureToggles featureToggles;
    private final FeatureToggleClient featureToggleClient;
    private final ProxyHttpClientBuilder proxyHttpClientBuilder;
    private final ProxyConfiguration proxyConfiguration;
    private static final Logger LOG = LoggerFactory.getLogger(HttpOAuthTokenRetriever.class);
    static final List<Integer> UNAUTHORIZED_ERROR_STATUS_CODES = ImmutableList.of(Integer.valueOf(HttpStatusCodeExceptionHelper.UNAUTHORIZED_STATUS_CODE), Integer.valueOf(HttpStatusCodeExceptionHelper.FORBIDDEN_CODE), Integer.valueOf(HttpStatusCodeExceptionHelper.NOT_FOUND_CODE));

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:com/appiancorp/connectedsystems/http/oauth/BaseOAuthTokenRetriever$HttpResponseTokenParser.class */
    public interface HttpResponseTokenParser {
        OAuthTokenResponse parse(HttpResponse httpResponse) throws IOException, ParseException;
    }

    public BaseOAuthTokenRetriever(CertificateSslContextFactory certificateSslContextFactory, ProxyConfiguration proxyConfiguration, ProxyHttpClientBuilder proxyHttpClientBuilder, ScheduledExecutorService scheduledExecutorService, FeatureToggles featureToggles, FeatureToggleClient featureToggleClient) {
        this.featureToggles = featureToggles;
        this.proxyConfiguration = proxyConfiguration;
        this.proxyHttpClientBuilder = proxyHttpClientBuilder;
        this.requestSender = new OAuthHttpRequestSender(certificateSslContextFactory, proxyConfiguration, scheduledExecutorService, featureToggles);
        this.featureToggleClient = featureToggleClient;
    }

    BaseOAuthTokenRetriever(OAuthHttpRequestSender oAuthHttpRequestSender, FeatureToggleClient featureToggleClient, ProxyConfiguration proxyConfiguration, ProxyHttpClientBuilder proxyHttpClientBuilder) {
        this.requestSender = oAuthHttpRequestSender;
        this.featureToggles = new DefaultFeatureToggleConfiguration();
        this.featureToggleClient = featureToggleClient;
        this.proxyConfiguration = proxyConfiguration;
        this.proxyHttpClientBuilder = proxyHttpClientBuilder;
    }

    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse retrieveToken(OAuthConfiguration oAuthConfiguration, String str, String str2) throws UnsupportedEncodingException {
        String clientId = oAuthConfiguration.getClientId();
        String clientSecret = oAuthConfiguration.getClientSecret();
        String tokenRequestUrl = oAuthConfiguration.getTokenRequestUrl();
        String scope = oAuthConfiguration.getScope();
        LOG.debug("Retrieving token using Authentication header");
        OAuthTokenResponse executePost = executePost(buildTokenRequest(clientId, clientSecret, tokenRequestUrl, scope, str, str2));
        if (executePost.isSuccess()) {
            LOG.debug("Retrieved token using Authentication header");
            return executePost;
        }
        LOG.info("Error while retrieving token: {} trying alternate request format", executePost.getError());
        OAuthTokenResponse executePost2 = executePost(buildAlternateTokenRequest(clientId, clientSecret, tokenRequestUrl, scope, str, str2));
        if (executePost2.isSuccess()) {
            LOG.info("Retrieved token using body parameters");
            return executePost2;
        }
        LOG.error("Error while retrieving token using alternate request format, {}:{}", executePost2.getError(), executePost2.getErrorDescription());
        return executePost;
    }

    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse retrieveSystemToken(OAuthConfiguration oAuthConfiguration) throws UnsupportedEncodingException {
        String clientId = oAuthConfiguration.getClientId();
        String clientSecret = oAuthConfiguration.getClientSecret();
        String tokenRequestUrl = oAuthConfiguration.getTokenRequestUrl();
        String scope = oAuthConfiguration.getScope();
        LOG.debug("Retrieving token using Authentication header");
        try {
            URI uri = new URI(tokenRequestUrl);
            HttpResponseTokenParser httpResponseTokenParser = httpResponse -> {
                StatusLine statusLine = httpResponse.getStatusLine();
                return UNAUTHORIZED_ERROR_STATUS_CODES.contains(Integer.valueOf(statusLine.getStatusCode())) ? composeOAuthTokenResponseForError("unauthorized", statusLine.getReasonPhrase()) : composeOAuthTokenResponse(httpResponse);
            };
            OAuthTokenResponse executePost = executePost(buildSystemTokenRequest(clientId, clientSecret, uri, scope), httpResponseTokenParser);
            if (executePost.isSuccess()) {
                LOG.debug("Retrieved token using Authentication header");
            } else {
                LOG.info("Error while retrieving token: {} attempting to pass Authentication in body", executePost.getError());
                OAuthTokenResponse executePost2 = executePost(buildAlternateSystemTokenRequest(clientId, clientSecret, scope, uri), httpResponseTokenParser);
                if (executePost2.isSuccess()) {
                    LOG.debug("Retrieved token using Authentication in body");
                    return executePost2;
                }
                LOG.info("Error while retrieving token using auth in body: {}", executePost.getError());
            }
            return executePost;
        } catch (URISyntaxException e) {
            LOG.debug("Invalid URI entered", e);
            return composeOAuthTokenResponseForError("request_error", e.getMessage());
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0079: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:54:0x0079 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x007d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:56:0x007d */
    /* JADX WARN: Type inference failed for: r8v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse retrieveGsaToken(GSAConfiguration gSAConfiguration) {
        String str;
        OAuthTokenResponse oAuthTokenResponse = new OAuthTokenResponse();
        LOG.debug("Retrieving token using Authentication header");
        try {
            try {
                CloseableHttpClient serviceAccountCloseableHttpClient = getServiceAccountCloseableHttpClient();
                Throwable th = null;
                if (Strings.isNullOrEmpty(gSAConfiguration.getTokenRequestUrl()) || gSAConfiguration.getGsaPrivateKey() == null) {
                    throw new IOException("Error getting access token for service account");
                }
                ServiceAccountCredentials composeServiceAccountCredentials = composeServiceAccountCredentials(gSAConfiguration, serviceAccountCloseableHttpClient);
                checkTokenUriSyntax(composeServiceAccountCredentials);
                OAuthTokenResponse composeGsaOAuthTokenSuccessResponse = composeGsaOAuthTokenSuccessResponse(oAuthTokenResponse, composeServiceAccountCredentials);
                if (serviceAccountCloseableHttpClient != null) {
                    if (0 != 0) {
                        try {
                            serviceAccountCloseableHttpClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        serviceAccountCloseableHttpClient.close();
                    }
                }
                if (composeGsaOAuthTokenSuccessResponse.isSuccess()) {
                    LOG.debug("Retrieved token using Authentication header");
                } else {
                    LOG.info("Error while retrieving token: {} attempting to pass Authentication in body", composeGsaOAuthTokenSuccessResponse.getError());
                }
                return composeGsaOAuthTokenSuccessResponse;
            } finally {
            }
        } catch (IOException | URISyntaxException e) {
            LOG.error("Exception in generating Gsa OAuth token", e);
            if ((e.getCause() instanceof HttpResponseException) && ((HttpResponseException) e.getCause()).getContent() != null) {
                OAuthTokenResponse composeOAuthTokenResponseForHttpResponseException = composeOAuthTokenResponseForHttpResponseException((IOException) e);
                if (composeOAuthTokenResponseForHttpResponseException != null) {
                    return composeOAuthTokenResponseForHttpResponseException;
                }
            } else if (e instanceof JsonParseException) {
                return composeOAuthTokenResponseForError("request_error", "Not a valid token URI");
            }
            String message = e.getMessage();
            if (message != null) {
                str = message.trim();
                if (str.endsWith(":")) {
                    str = str.substring(0, str.length() - 1);
                }
            } else {
                str = "";
            }
            return composeOAuthTokenResponseForError("request_error", str);
        }
    }

    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse retrieveSAMLToken(OAuthConfiguration oAuthConfiguration, String str) throws UnsupportedEncodingException {
        try {
            HttpPost buildSAMLGrantTokenRequest = buildSAMLGrantTokenRequest(oAuthConfiguration.getClientId(), oAuthConfiguration.getClientSecret(), oAuthConfiguration.getScope(), oAuthConfiguration.getHeaders(), str, new URI(oAuthConfiguration.getTokenRequestUrl()));
            long currentTimeMillis = System.currentTimeMillis();
            OAuthTokenResponse executePost = executePost(buildSAMLGrantTokenRequest, oAuthConfiguration.getConnectionTimeoutInMs());
            if (executePost.isSuccess()) {
                LOG.debug("Retrieved token using SAML assertion");
                OAuthSamlAuthGrantPrometheusMetrics.logSuccessfulTokenReqHttpRespTime(System.currentTimeMillis() - currentTimeMillis);
            } else {
                LOG.info("Error while retrieving token: {} attempting to pass SAML assertion in body", executePost.getError());
                OAuthSamlAuthGrantPrometheusMetrics.logFailedTokenReqHttpRespTime(System.currentTimeMillis() - currentTimeMillis);
                if ("request_timeout".equals(executePost.getError())) {
                    OAuthSamlAuthGrantPrometheusMetrics.incTokenReqTimeoutCount();
                }
            }
            return executePost;
        } catch (URISyntaxException e) {
            LOG.debug("Invalid URI entered", e);
            return composeOAuthTokenResponseForError("request_error", e.getMessage());
        }
    }

    private void checkTokenUriSyntax(ServiceAccountCredentials serviceAccountCredentials) throws IOException {
        URI tokenServerUri = serviceAccountCredentials.getTokenServerUri();
        if (tokenServerUri.getHost() == null || tokenServerUri.getScheme() == null) {
            throw new IOException("Error getting access token for service account");
        }
    }

    ServiceAccountCredentials composeServiceAccountCredentials(GSAConfiguration gSAConfiguration, CloseableHttpClient closeableHttpClient) throws URISyntaxException {
        ServiceAccountCredentials.Builder serviceAccountUser = ServiceAccountCredentials.newBuilder().setPrivateKey(gSAConfiguration.getGsaPrivateKey()).setClientEmail(gSAConfiguration.getGsaClientEmail()).setClientId(gSAConfiguration.getClientId()).setTokenServerUri(new URI(gSAConfiguration.getTokenRequestUrl())).setPrivateKeyId(gSAConfiguration.getGsaPrivateKeyId()).setProjectId(gSAConfiguration.getGsaProjectId()).setScopes(gSAConfiguration.getGsaScopes()).setServiceAccountUser(gSAConfiguration.getGsaUserEmail());
        if (closeableHttpClient != null) {
            serviceAccountUser = serviceAccountUser.setHttpTransportFactory(() -> {
                return new ApacheHttpTransport(closeableHttpClient);
            });
        }
        return serviceAccountUser.build();
    }

    private CloseableHttpClient getServiceAccountCloseableHttpClient() {
        if (!this.proxyConfiguration.isEnabled()) {
            return null;
        }
        LOG.debug("Proxy enabled for GSA Token Retrieval.");
        return this.proxyHttpClientBuilder.build();
    }

    OAuthTokenResponse composeGsaOAuthTokenSuccessResponse(OAuthTokenResponse oAuthTokenResponse, ServiceAccountCredentials serviceAccountCredentials) throws IOException {
        AccessToken refreshAccessToken = serviceAccountCredentials.refreshAccessToken();
        oAuthTokenResponse.setAccessToken(refreshAccessToken.getTokenValue());
        oAuthTokenResponse.setExpiresIn(refreshAccessToken.getExpirationTime().toString());
        return oAuthTokenResponse;
    }

    private HttpPost buildSystemTokenRequest(String str, String str2, URI uri, String str3) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(uri).addToBody("scope", str3).addToBody(GRANT_TYPE, CLIENT_CREDENTIALS_TYPE).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).addToHeader(IntegrationDesignerDiagnosticBuilder.AUTHORIZATION_KEY, basicAuthValue(str, str2)).build();
    }

    private HttpPost buildAlternateSystemTokenRequest(String str, String str2, String str3, URI uri) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(uri).addToBody(CLIENT_ID, str).addToBody(CLIENT_SECRET, str2).addToBody("scope", str3).addToBody(GRANT_TYPE, CLIENT_CREDENTIALS_TYPE).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).build();
    }

    private HttpPost buildTokenRequest(String str, String str2, String str3, String str4, String str5, String str6) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(str3).addToBody("code", str5).addToBody(REDIRECT_URI, str6).addToBody("scope", str4).addToBody(GRANT_TYPE, AUTHORIZATION_CODE_TYPE).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).addToHeader(IntegrationDesignerDiagnosticBuilder.AUTHORIZATION_KEY, basicAuthValue(str, str2)).build();
    }

    private HttpPost buildSAMLGrantTokenRequest(String str, String str2, String str3, List<CustomHeader> list, String str4, URI uri) throws UnsupportedEncodingException {
        String encodeToString = Base64.getUrlEncoder().encodeToString(str4.getBytes(StandardCharsets.UTF_8));
        HttpPostBuilder addToHeader = HttpPostBuilder.builder(uri).addToBody("scope", str3).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToBody(ASSERTION, encodeToString).addToBody(GRANT_TYPE, SAML_GRANT_TYPE).addToHeader(IntegrationDesignerDiagnosticBuilder.AUTHORIZATION_KEY, basicAuthValue(str, str2));
        addCustomHeaders(str, list, addToHeader);
        return addToHeader.build();
    }

    private HttpPost buildAlternateTokenRequest(String str, String str2, String str3, String str4, String str5, String str6) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(str3).addToBody("code", str5).addToBody(CLIENT_ID, str).addToBody(CLIENT_SECRET, str2).addToBody(REDIRECT_URI, str6).addToBody("scope", str4).addToBody(GRANT_TYPE, AUTHORIZATION_CODE_TYPE).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).build();
    }

    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse refreshToken(OAuthConfiguration oAuthConfiguration, String str) throws UnsupportedEncodingException {
        String clientId = oAuthConfiguration.getClientId();
        String clientSecret = oAuthConfiguration.getClientSecret();
        String tokenRequestUrl = oAuthConfiguration.getTokenRequestUrl();
        HttpPost buildRefreshTokenRequest = buildRefreshTokenRequest(str, clientId, clientSecret, tokenRequestUrl);
        LOG.debug("Entering refresh token logic");
        LOG.debug("Using refresh token inside the authentication header");
        OAuthTokenResponse executePost = executePost(buildRefreshTokenRequest);
        if (executePost.isSuccess()) {
            LOG.debug("Refreshed token using Authentication header");
            return executePost;
        }
        LOG.info("Error while refreshing token: {} using alternate request", executePost.getError());
        HttpPost buildAlternateRefreshTokenRequest = buildAlternateRefreshTokenRequest(str, clientId, clientSecret, tokenRequestUrl);
        LOG.debug("Using refresh token inside body parameters");
        OAuthTokenResponse executePost2 = executePost(buildAlternateRefreshTokenRequest);
        if (executePost2.isSuccess()) {
            LOG.info("Refreshed token using body parameters");
            return executePost2;
        }
        LOG.debug("Error while refreshing token using alternate request format: {}", executePost2.getError());
        return executePost;
    }

    @Override // com.appiancorp.connectedsystems.http.oauth.OAuthTokenRetriever
    public OAuthTokenResponse refreshSAMLToken(OAuthConfiguration oAuthConfiguration, String str) throws UnsupportedEncodingException {
        String clientId = oAuthConfiguration.getClientId();
        String clientSecret = oAuthConfiguration.getClientSecret();
        List<CustomHeader> headers = oAuthConfiguration.getHeaders();
        String tokenRequestUrl = oAuthConfiguration.getTokenRequestUrl();
        String refreshTokenRequestUrl = oAuthConfiguration.getRefreshTokenRequestUrl();
        if (refreshTokenRequestUrl == null || refreshTokenRequestUrl.isEmpty()) {
            refreshTokenRequestUrl = tokenRequestUrl;
        }
        HttpPost buildSAMLRefreshRequest = buildSAMLRefreshRequest(clientId, clientSecret, headers, str, refreshTokenRequestUrl);
        LOG.debug("Entering SAML refresh token logic");
        OAuthTokenResponse executePost = executePost(buildSAMLRefreshRequest, oAuthConfiguration.getConnectionTimeoutInMs());
        if (executePost.isSuccess()) {
            LOG.debug("Successfully refreshed SAML token");
        } else {
            LOG.debug("Failed to refresh SAML token");
        }
        return executePost;
    }

    private HttpPost buildSAMLRefreshRequest(String str, String str2, List<CustomHeader> list, String str3, String str4) throws UnsupportedEncodingException {
        HttpPostBuilder addToHeader = HttpPostBuilder.builder(str4).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToBody(GRANT_TYPE, "refresh_token").addToBody("refresh_token", str3).addToHeader(IntegrationDesignerDiagnosticBuilder.AUTHORIZATION_KEY, basicAuthValue(str, str2));
        addCustomHeaders(str, list, addToHeader);
        return addToHeader.build();
    }

    private HttpPost buildRefreshTokenRequest(String str, String str2, String str3, String str4) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(str4).addToBody(GRANT_TYPE, "refresh_token").addToBody("refresh_token", str).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).addToHeader(IntegrationDesignerDiagnosticBuilder.AUTHORIZATION_KEY, basicAuthValue(str2, str3)).build();
    }

    private HttpPost buildAlternateRefreshTokenRequest(String str, String str2, String str3, String str4) throws UnsupportedEncodingException {
        return HttpPostBuilder.builder(str4).addToBody(CLIENT_ID, str2).addToBody(CLIENT_SECRET, str3).addToBody(GRANT_TYPE, "refresh_token").addToBody("refresh_token", str).addToHeader("Content-Type", CONTENT_TYPE_URL_ENCODE).addToHeader(ACCEPT_HEADER_NAME, ACCEPT_APPLICATION_JSON).build();
    }

    private String basicAuthValue(String str, String str2) {
        return "Basic " + new org.apache.commons.codec.binary.Base64(0).encodeToString((str + ":" + str2).getBytes(Consts.ASCII));
    }

    private OAuthTokenResponse executePost(HttpPost httpPost) {
        return executePost(httpPost, this::composeOAuthTokenResponse, null);
    }

    private OAuthTokenResponse executePost(HttpPost httpPost, Integer num) {
        return executePost(httpPost, this::composeOAuthTokenResponse, num);
    }

    private OAuthTokenResponse executePost(HttpPost httpPost, HttpResponseTokenParser httpResponseTokenParser) {
        return executePost(httpPost, httpResponseTokenParser, null);
    }

    private OAuthTokenResponse executePost(HttpPost httpPost, HttpResponseTokenParser httpResponseTokenParser, Integer num) {
        String str;
        String message;
        HttpResponse httpResponse = null;
        OAuthHttpRequestSender.HttpRequestWatcher httpRequestWatcher = new OAuthHttpRequestSender.HttpRequestWatcher();
        if (num != null) {
            try {
                if (num.intValue() > 0) {
                    httpResponse = this.requestSender.sendRequest(httpPost, num, httpRequestWatcher);
                    return httpResponseTokenParser.parse(httpResponse);
                }
            } catch (ParseException e) {
                str = "bad_response";
                message = httpResponse.getStatusLine().getReasonPhrase();
                return composeOAuthTokenResponseForError(str, message);
            } catch (Exception e2) {
                str = "request_error";
                if (httpRequestWatcher.didTimerRunOut()) {
                    str = "request_timeout";
                    message = String.format("Token request execution time for uri, %s, exceeded the configured timeout of %s ms. Error: %s", httpPost.getURI(), num, e2.getMessage());
                    LOG.error(message, e2);
                } else {
                    message = e2.getMessage();
                    LOG.error("Error while trying to get access token", e2);
                }
                return composeOAuthTokenResponseForError(str, message);
            }
        }
        httpResponse = this.requestSender.sendRequest(httpPost);
        return httpResponseTokenParser.parse(httpResponse);
    }

    private OAuthTokenResponse composeOAuthTokenResponse(HttpResponse httpResponse) throws IOException, ParseException {
        String entityUtils = EntityUtils.toString(httpResponse.getEntity());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Printing token request status line: {}", httpResponse.getStatusLine());
            LOG.debug("Printing token request headers: {}", Arrays.toString(httpResponse.getAllHeaders()));
            LOG.debug("Printing token request body: {}", entityUtils);
        }
        JSONObject jSONObject = new JSONObject(entityUtils);
        String stringFromJson = getStringFromJson(jSONObject, ACCESS_TOKEN);
        String stringFromJson2 = getStringFromJson(jSONObject, "refresh_token");
        String stringFromJson3 = getStringFromJson(jSONObject, EXPIRES_IN);
        String stringFromJson4 = getStringFromJson(jSONObject, "error");
        return (StringUtils.isBlank(stringFromJson) && StringUtils.isBlank(stringFromJson4)) ? composeOAuthTokenResponseForError("request_error", httpResponse.getStatusLine().toString()) : new OAuthTokenResponse().setAccessToken(stringFromJson).setRefreshToken(stringFromJson2).setExpiresIn(stringFromJson3).setError(stringFromJson4).setErrorDescription(getStringFromJson(jSONObject, "error_description")).setErrorUri(getStringFromJson(jSONObject, "error_uri"));
    }

    private OAuthTokenResponse composeOAuthTokenResponseForError(String str, String str2) {
        return new OAuthTokenResponse().setAccessToken("").setRefreshToken("").setExpiresIn("").setError(str).setErrorDescription(str2).setErrorUri("");
    }

    private OAuthTokenResponse composeOAuthTokenResponseForHttpResponseException(IOException iOException) {
        try {
            JsonNode readTree = new ObjectMapper().readTree(iOException.getCause().getContent());
            JsonNode findValue = readTree.findValue("error");
            JsonNode findValue2 = readTree.findValue("error_description");
            if (findValue == null || findValue2 == null) {
                return null;
            }
            String asText = findValue.asText();
            String asText2 = findValue2.asText();
            if (Strings.isNullOrEmpty(asText) || Strings.isNullOrEmpty(asText2)) {
                return null;
            }
            return composeOAuthTokenResponseForError(asText, asText2);
        } catch (IOException e) {
            LOG.debug("Exception in composing OAuth token response for HTTP requests", e);
            return null;
        }
    }

    private String getStringFromJson(JSONObject jSONObject, String str) {
        if (jSONObject.has(str)) {
            return jSONObject.getString(str);
        }
        return null;
    }

    private HttpPostBuilder addCustomHeaders(String str, List<CustomHeader> list, HttpPostBuilder httpPostBuilder) {
        boolean z = false;
        if (this.featureToggleClient.isFeatureEnabled("ae.data-integrations.sbaf-custom-headers")) {
            for (CustomHeader customHeader : list) {
                if (this.featureToggleClient.isFeatureEnabled("ae.data-integrations.canada-life") && "Consumer-Key".equalsIgnoreCase(customHeader.getName())) {
                    z = true;
                }
                httpPostBuilder.addToHeader(customHeader.getName(), customHeader.getValue());
            }
        }
        if (!z && this.featureToggleClient.isFeatureEnabled("ae.data-integrations.canada-life")) {
            httpPostBuilder.addToHeader("Consumer-Key", str);
        }
        return httpPostBuilder;
    }
}
