package com.hazelcast.gcp;

import com.hazelcast.core.HazelcastException;
import com.hazelcast.internal.json.Json;
import com.hazelcast.internal.json.JsonObject;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/hazelcast-5.1.5.jar:com/hazelcast/gcp/GcpAuthenticator.class
 */
/* loaded from: input_file:BOOT-INF/lib/hazelcast-all-4.2.4.jar:com/hazelcast/gcp/GcpAuthenticator.class */
class GcpAuthenticator {
    private static final String GOOGLE_AUTH_ENDPOINT = "https://www.googleapis.com/oauth2/v4/token";
    private static final String SCOPE = "https://www.googleapis.com/auth/cloud-platform";
    private final String endpoint;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GcpAuthenticator() {
        this(GOOGLE_AUTH_ENDPOINT);
    }

    GcpAuthenticator(String str) {
        this.endpoint = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String refreshAccessToken(String str) {
        return refreshAccessToken(str, System.currentTimeMillis());
    }

    String refreshAccessToken(String str, long j) {
        try {
            return parseResponse(callService(createBody(str, j)));
        } catch (FileNotFoundException e) {
            throw new HazelcastException(String.format("Private key json file not found. Please ensure you have stored the json file at the specified file path: %s", str), e);
        } catch (Exception e2) {
            throw new HazelcastException("Error while fetching access token from Google API", e2);
        }
    }

    private String createBody(String str, long j) throws Exception {
        JsonObject asObject = Json.parse(new InputStreamReader(new FileInputStream(str), "UTF-8")).asObject();
        String asString = asObject.get("private_key").asString();
        String asString2 = asObject.get("client_email").asString();
        String base64encodeUrlSafe = base64encodeUrlSafe(header());
        String base64encodeUrlSafe2 = base64encodeUrlSafe(claimSet(asString2, j));
        return body(base64encodeUrlSafe, base64encodeUrlSafe2, sign(base64encodeUrlSafe, base64encodeUrlSafe2, asString));
    }

    private static String header() {
        return "{\"alg\":\"RS256\",\"typ\":\"JWT\"}";
    }

    private String claimSet(String str, long j) {
        long j2 = j / 1000;
        return String.format("{\"iss\":\"%s\",\"scope\":\"%s\",\"aud\":\"%s\",\"iat\":%s,\"exp\":%s}", str, SCOPE, this.endpoint, Long.valueOf(j2), Long.valueOf(j2 + 3600));
    }

    private static String body(String str, String str2, String str3) {
        return String.format("grant_type=%s&assertion=%s", "urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer", String.format("%s.%s.%s", str, str2, str3));
    }

    private static String sign(String str, String str2, String str3) throws Exception {
        String format = String.format("%s.%s", str, str2);
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(clear(str3).getBytes("UTF-8")));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(keyFactory.generatePrivate(pKCS8EncodedKeySpec));
        signature.update(format.getBytes("UTF-8"));
        return new String(base64encodeUrlSafe(signature.sign()), "UTF-8");
    }

    private static String clear(String str) {
        return str.replaceAll("-----END PRIVATE KEY-----", "").replaceAll("-----BEGIN PRIVATE KEY-----", "").replaceAll("\\\\n", "");
    }

    private static String base64encodeUrlSafe(String str) throws UnsupportedEncodingException {
        return new String(base64encodeUrlSafe(str.getBytes("UTF-8")), "UTF-8");
    }

    private static byte[] base64encodeUrlSafe(byte[] bArr) {
        byte[] encode = Base64.getEncoder().encode(bArr);
        for (int i = 0; i < encode.length; i++) {
            if (encode[i] == 43) {
                encode[i] = 45;
            } else if (encode[i] == 47) {
                encode[i] = 95;
            }
        }
        return encode;
    }

    private String callService(String str) {
        return RestClient.create(this.endpoint).withBody(str).post();
    }

    private static String parseResponse(String str) {
        return Json.parse(str).asObject().get(OAuth2ParameterNames.ACCESS_TOKEN).asString();
    }
}
