package raw.sources.bytestream.http.oauth2clients;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.module.scala.JavaTypeable$;
import com.typesafe.scalalogging.Logger;
import com.typesafe.scalalogging.StrictLogging;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.util.Base64;
import pdi.jwt.Jwt$;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtClaim$;
import raw.creds.api.CredentialsException;
import raw.creds.api.CredentialsException$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Tuple2;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: GoogleApiKeyOAuth2Client.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00193A\u0001B\u0003\u0001!!)Q\u0005\u0001C\u0001M!)\u0001\u0006\u0001C!S!)q\b\u0001C!\u0001\nAri\\8hY\u0016\f\u0005/[&fs>\u000bU\u000f\u001e53\u00072LWM\u001c;\u000b\u0005\u00199\u0011!D8bkRD'g\u00197jK:$8O\u0003\u0002\t\u0013\u0005!\u0001\u000e\u001e;q\u0015\tQ1\"\u0001\u0006csR,7\u000f\u001e:fC6T!\u0001D\u0007\u0002\u000fM|WO]2fg*\ta\"A\u0002sC^\u001c\u0001a\u0005\u0003\u0001#]Y\u0002C\u0001\n\u0016\u001b\u0005\u0019\"\"\u0001\u000b\u0002\u000bM\u001c\u0017\r\\1\n\u0005Y\u0019\"AB!osJ+g\r\u0005\u0002\u001935\tQ!\u0003\u0002\u001b\u000b\taq*Q;uQJ\u001aE.[3oiB\u0011AdI\u0007\u0002;)\u0011adH\u0001\rg\u000e\fG.\u00197pO\u001eLgn\u001a\u0006\u0003A\u0005\n\u0001\u0002^=qKN\fg-\u001a\u0006\u0002E\u0005\u00191m\\7\n\u0005\u0011j\"!D*ue&\u001cG\u000fT8hO&tw-\u0001\u0004=S:LGO\u0010\u000b\u0002OA\u0011\u0001\u0004A\u0001\u001f]\u0016<\u0018iY2fgN$vn[3o\rJ|WNU3ge\u0016\u001c\b\u000eV8lK:$2AK\u0017;!\tA2&\u0003\u0002-\u000b\t\u0011\"+\u001a8fo\u0016$\u0017iY2fgN$vn[3o\u0011\u0015q#\u00011\u00010\u00031\u0011XM\u001a:fg\"$vn[3o!\t\u0001tG\u0004\u00022kA\u0011!gE\u0007\u0002g)\u0011AgD\u0001\u0007yI|w\u000e\u001e \n\u0005Y\u001a\u0012A\u0002)sK\u0012,g-\u0003\u00029s\t11\u000b\u001e:j]\u001eT!AN\n\t\u000bm\u0012\u0001\u0019\u0001\u001f\u0002\u000f=\u0004H/[8ogB!\u0001'P\u00180\u0013\tq\u0014HA\u0002NCB\f1E\\3x\u0003\u000e\u001cWm]:U_.,gN\u0012:p[\u000ec\u0017.\u001a8u\u0007J,G-\u001a8uS\u0006d7\u000f\u0006\u0003+\u0003\u000e+\u0005\"\u0002\"\u0004\u0001\u0004y\u0013\u0001C2mS\u0016tG/\u00133\t\u000b\u0011\u001b\u0001\u0019A\u0018\u0002\u0019\rd\u0017.\u001a8u'\u0016\u001c'/\u001a;\t\u000bm\u001a\u0001\u0019\u0001\u001f")
/* loaded from: input_file:raw/sources/bytestream/http/oauth2clients/GoogleApiKeyOAuth2Client.class */
public class GoogleApiKeyOAuth2Client implements OAuth2Client, StrictLogging {
    private final Logger logger;

    public Logger logger() {
        return this.logger;
    }

    public void com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger logger) {
        this.logger = logger;
    }

    @Override // raw.sources.bytestream.http.oauth2clients.OAuth2Client
    public RenewedAccessToken newAccessTokenFromRefreshToken(String str, Map<String, String> map) {
        throw new UnsupportedOperationException("Google-api refresh tokens are not supported.");
    }

    @Override // raw.sources.bytestream.http.oauth2clients.OAuth2Client
    public RenewedAccessToken newAccessTokenFromClientCredentials(String str, String str2, Map<String, String> map) {
        String option$1 = getOption$1("client_email", map);
        String option$12 = getOption$1("token_uri", map);
        String option$13 = getOption$1("scope", map);
        URI uri = new URI(option$12);
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str2.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
            long epochSecond = Instant.now().getEpochSecond();
            HttpRequest build = HttpRequest.newBuilder().timeout(OAuth2Client$.MODULE$.readTimeout()).uri(uri).header("Content-Type", "application/x-www-form-urlencoded").POST(OAuth2Client$.MODULE$.ofFormData(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), "urn:ietf:params:oauth:grant-type:jwt-bearer"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("assertion"), Jwt$.MODULE$.encode(JwtClaim$.MODULE$.apply(JwtClaim$.MODULE$.apply$default$1(), JwtClaim$.MODULE$.apply$default$2(), JwtClaim$.MODULE$.apply$default$3(), JwtClaim$.MODULE$.apply$default$4(), JwtClaim$.MODULE$.apply$default$5(), JwtClaim$.MODULE$.apply$default$6(), JwtClaim$.MODULE$.apply$default$7(), JwtClaim$.MODULE$.apply$default$8()).by(option$1).to(option$12).issuedAt(epochSecond).expiresAt(epochSecond + 3600).$plus("scope", option$13), generatePrivate, JwtAlgorithm$RS256$.MODULE$))})))).build();
            if (logger().underlying().isDebugEnabled()) {
                logger().underlying().debug("Sending request to {}", new Object[]{build.uri()});
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            HttpResponse send = OAuth2Client$.MODULE$.httpClient().send(build, HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));
            if (logger().underlying().isDebugEnabled()) {
                logger().underlying().debug("Response status: {}", new Object[]{BoxesRunTime.boxToInteger(send.statusCode())});
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            if (send.statusCode() != 200) {
                throw new CredentialsException(new StringBuilder(30).append("unexpected response: ").append(send.statusCode()).append(". Error: ").append(send.body()).toString(), CredentialsException$.MODULE$.$lessinit$greater$default$2());
            }
            GoogleAuth2TokenResponse googleAuth2TokenResponse = (GoogleAuth2TokenResponse) OAuth2Client$.MODULE$.mapper().readValue((String) send.body(), JavaTypeable$.MODULE$.gen0JavaTypeable(ClassTag$.MODULE$.apply(GoogleAuth2TokenResponse.class)));
            return new RenewedAccessToken(googleAuth2TokenResponse.accessToken(), Instant.now().plusSeconds(googleAuth2TokenResponse.expiresIn()), Nil$.MODULE$, googleAuth2TokenResponse.refreshToken());
        } catch (JsonProcessingException e) {
            throw new CredentialsException(new StringBuilder(56).append("error processing json response while getting token from ").append(uri).toString(), e);
        } catch (IOException e2) {
            throw new CredentialsException(new StringBuilder(36).append("error getting google api token from ").append(uri).toString(), e2);
        } catch (InvalidKeySpecException e3) {
            throw new CredentialsException("error trying to get google-api access token: invalid private key", e3);
        }
    }

    private static final String getOption$1(String str, Map map) {
        return (String) map.getOrElse(str, () -> {
            throw new CredentialsException(new StringBuilder(21).append("missing \"").append(str).append("\" in options").toString(), CredentialsException$.MODULE$.$lessinit$greater$default$2());
        });
    }

    public GoogleApiKeyOAuth2Client() {
        StrictLogging.$init$(this);
    }
}
