package com.sap.cds.repackaged.audit.client.impl;

import com.sap.cds.repackaged.audit.api.exception.InvalidTokenIssuerException;
import com.sap.cloud.security.config.CredentialType;
import com.sap.cloud.security.config.OAuth2ServiceConfiguration;
import com.sap.cloud.security.config.OAuth2ServiceConfigurationBuilder;
import com.sap.cloud.security.config.Service;
import com.sap.xs.audit.message.ValidationError;
import java.net.URI;
import java.net.URISyntaxException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cds/repackaged/audit/client/impl/OAuth2ServiceConfigurationFactory.class */
public class OAuth2ServiceConfigurationFactory {
    private static final String SUBSCRIBER_TOKEN_ISSUER_IS_INVALID = "Subscriber token issuer is invalid!";
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2ServiceConfigurationFactory.class);

    public OAuth2ServiceConfiguration getOAuth2ServiceConfiguration(OAuthCredentials oAuthCredentials) throws InvalidTokenIssuerException {
        return oAuthCredentials.getCerturl() == null ? getOAuth2Config(oAuthCredentials) : getOAuth2ConfigX509(oAuthCredentials);
    }

    private OAuth2ServiceConfiguration getOAuth2ConfigX509(OAuthCredentials oAuthCredentials) throws InvalidTokenIssuerException {
        return OAuth2ServiceConfigurationBuilder.forService(Service.XSUAA).withClientId(oAuthCredentials.getClientid()).withCertUrl(decideOnUrl(oAuthCredentials.getCerturl(), oAuthCredentials.getSubscriberTokenIssuer())).withCertificate(oAuthCredentials.getCertificate()).withPrivateKey(oAuthCredentials.getKey()).withCredentialType(CredentialType.X509).build();
    }

    private OAuth2ServiceConfiguration getOAuth2Config(OAuthCredentials oAuthCredentials) throws InvalidTokenIssuerException {
        return OAuth2ServiceConfigurationBuilder.forService(Service.XSUAA).withClientId(oAuthCredentials.getClientid()).withClientSecret(oAuthCredentials.getClientsecret()).withUrl(decideOnUrl(oAuthCredentials.getUrl(), oAuthCredentials.getSubscriberTokenIssuer())).build();
    }

    private String decideOnUrl(String str, String str2) throws InvalidTokenIssuerException {
        if (str2 == null) {
            return str;
        }
        LOGGER.debug("Subscriber token issuer is present: {}", str2);
        try {
            validateSubscriberTokenIssuer(str, str2);
            return str2;
        } catch (ValidationError e) {
            throw new InvalidTokenIssuerException(Utils.INVALID_SUBSCRIBER_TOKEN_ISSUER_ERROR, e);
        }
    }

    private void validateSubscriberTokenIssuer(String str, String str2) throws ValidationError {
        if (!extractDomain(str2).equals(extractDomain(str))) {
            throw new ValidationError(SUBSCRIBER_TOKEN_ISSUER_IS_INVALID);
        }
    }

    private String extractDomain(String str) throws ValidationError {
        try {
            String host = new URI(str).getHost();
            return host.substring(host.indexOf("."));
        } catch (URISyntaxException e) {
            throw new ValidationError(SUBSCRIBER_TOKEN_ISSUER_IS_INVALID);
        }
    }
}
