package au.csiro.fhir.auth;

import au.csiro.fhir.auth.ClientAuthMethod;
import au.csiro.http.Token;
import java.io.IOException;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.annotation.Nonnull;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:au/csiro/fhir/auth/AuthTokenProvider.class */
public class AuthTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(AuthTokenProvider.class);

    @Nonnull
    private final HttpClient httpClient;
    private final long tokenExpiryTolerance;

    @Nonnull
    private final Map<ClientAuthMethod.AccessScope, AccessContext> accessContexts = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:au/csiro/fhir/auth/AuthTokenProvider$AccessContext.class */
    public static final class AccessContext {

        @Nonnull
        private final Token accessToken;

        @Nonnull
        private final Instant expiryTime;

        public AccessContext(@Nonnull Token token, @Nonnull Instant instant) {
            if (token == null) {
                throw new NullPointerException("accessToken is marked non-null but is null");
            }
            if (instant == null) {
                throw new NullPointerException("expiryTime is marked non-null but is null");
            }
            this.accessToken = token;
            this.expiryTime = instant;
        }

        @Nonnull
        public Token getAccessToken() {
            return this.accessToken;
        }

        @Nonnull
        public Instant getExpiryTime() {
            return this.expiryTime;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AccessContext)) {
                return false;
            }
            AccessContext accessContext = (AccessContext) obj;
            Token accessToken = getAccessToken();
            Token accessToken2 = accessContext.getAccessToken();
            if (accessToken == null) {
                if (accessToken2 != null) {
                    return false;
                }
            } else if (!accessToken.equals(accessToken2)) {
                return false;
            }
            Instant expiryTime = getExpiryTime();
            Instant expiryTime2 = accessContext.getExpiryTime();
            return expiryTime == null ? expiryTime2 == null : expiryTime.equals(expiryTime2);
        }

        public int hashCode() {
            Token accessToken = getAccessToken();
            int hashCode = (1 * 59) + (accessToken == null ? 43 : accessToken.hashCode());
            Instant expiryTime = getExpiryTime();
            return (hashCode * 59) + (expiryTime == null ? 43 : expiryTime.hashCode());
        }

        public String toString() {
            return "AuthTokenProvider.AccessContext(accessToken=" + getAccessToken() + ", expiryTime=" + getExpiryTime() + ")";
        }
    }

    public AuthTokenProvider(@Nonnull HttpClient httpClient, long j) {
        this.httpClient = httpClient;
        this.tokenExpiryTolerance = j;
    }

    @Nonnull
    public Token getToken(@Nonnull ClientAuthMethod clientAuthMethod) {
        try {
            AccessContext ensureAccessContext = ensureAccessContext(clientAuthMethod, this.tokenExpiryTolerance);
            log.debug("Using access context: {}", ensureAccessContext);
            return ensureAccessContext.getAccessToken();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Nonnull
    private AccessContext ensureAccessContext(@Nonnull ClientAuthMethod clientAuthMethod, long j) throws IOException {
        AccessContext accessContext;
        synchronized (this.accessContexts) {
            ClientAuthMethod.AccessScope accessScope = clientAuthMethod.getAccessScope();
            AccessContext accessContext2 = this.accessContexts.get(accessScope);
            if (accessContext2 == null || accessContext2.getExpiryTime().isBefore(Instant.now().plusSeconds(j))) {
                log.debug("Getting new token for: {}", accessScope);
                accessContext2 = getNewAccessContext(clientAuthMethod, j);
                this.accessContexts.put(accessScope, accessContext2);
            }
            accessContext = accessContext2;
        }
        return accessContext;
    }

    @Nonnull
    private AccessContext getNewAccessContext(@Nonnull ClientAuthMethod clientAuthMethod, long j) throws IOException {
        ClientCredentialsResponse clientCredentialsGrant = clientCredentialsGrant(clientAuthMethod, j);
        AccessContext accessContext = new AccessContext(Token.of((String) Objects.requireNonNull(clientCredentialsGrant.getAccessToken())), getExpiryTime(clientCredentialsGrant));
        log.debug("New access context created: {}", accessContext);
        return accessContext;
    }

    @Nonnull
    private ClientCredentialsResponse clientCredentialsGrant(@Nonnull ClientAuthMethod clientAuthMethod, long j) throws IOException {
        ClientCredentialsResponse requestClientCredentials = clientAuthMethod.requestClientCredentials(this.httpClient);
        log.debug("New token obtained: {}", requestClientCredentials);
        if (requestClientCredentials.getExpiresIn() < j) {
            throw new ClientProtocolException("Client credentials grant expiry is less than the tolerance: " + requestClientCredentials.getExpiresIn());
        }
        return requestClientCredentials;
    }

    private static Instant getExpiryTime(@Nonnull ClientCredentialsResponse clientCredentialsResponse) {
        return Instant.now().plusSeconds(clientCredentialsResponse.getExpiresIn());
    }

    public void clearAccessContexts() {
        synchronized (this.accessContexts) {
            this.accessContexts.clear();
        }
    }
}
