package au.csiro.fhir.auth;

import au.csiro.http.JsonResponseHandler;
import ca.uhn.fhir.rest.api.Constants;
import java.io.IOException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.message.BasicNameValuePair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:au/csiro/fhir/auth/ClientAuthMethod.class */
public abstract class ClientAuthMethod {
    private static final Logger log = LoggerFactory.getLogger(ClientAuthMethod.class);
    public static final String PARAM_SCOPE = "scope";
    public static final String PARAM_GRANT_TYPE = "grant_type";
    public static final String GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";

    /* loaded from: input_file:au/csiro/fhir/auth/ClientAuthMethod$AccessScope.class */
    public static final class AccessScope {

        @Nonnull
        private final String tokenEndpoint;

        @Nonnull
        private final String clientId;

        @Nullable
        private final String scope;

        public AccessScope(@Nonnull String str, @Nonnull String str2, @Nullable String str3) {
            if (str == null) {
                throw new NullPointerException("tokenEndpoint is marked non-null but is null");
            }
            if (str2 == null) {
                throw new NullPointerException("clientId is marked non-null but is null");
            }
            this.tokenEndpoint = str;
            this.clientId = str2;
            this.scope = str3;
        }

        @Nonnull
        public String getTokenEndpoint() {
            return this.tokenEndpoint;
        }

        @Nonnull
        public String getClientId() {
            return this.clientId;
        }

        @Nullable
        public String getScope() {
            return this.scope;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AccessScope)) {
                return false;
            }
            AccessScope accessScope = (AccessScope) obj;
            String tokenEndpoint = getTokenEndpoint();
            String tokenEndpoint2 = accessScope.getTokenEndpoint();
            if (tokenEndpoint == null) {
                if (tokenEndpoint2 != null) {
                    return false;
                }
            } else if (!tokenEndpoint.equals(tokenEndpoint2)) {
                return false;
            }
            String clientId = getClientId();
            String clientId2 = accessScope.getClientId();
            if (clientId == null) {
                if (clientId2 != null) {
                    return false;
                }
            } else if (!clientId.equals(clientId2)) {
                return false;
            }
            String scope = getScope();
            String scope2 = accessScope.getScope();
            return scope == null ? scope2 == null : scope.equals(scope2);
        }

        public int hashCode() {
            String tokenEndpoint = getTokenEndpoint();
            int hashCode = (1 * 59) + (tokenEndpoint == null ? 43 : tokenEndpoint.hashCode());
            String clientId = getClientId();
            int hashCode2 = (hashCode * 59) + (clientId == null ? 43 : clientId.hashCode());
            String scope = getScope();
            return (hashCode2 * 59) + (scope == null ? 43 : scope.hashCode());
        }

        public String toString() {
            return "ClientAuthMethod.AccessScope(tokenEndpoint=" + getTokenEndpoint() + ", clientId=" + getClientId() + ", scope=" + getScope() + ")";
        }
    }

    @Nonnull
    public ClientCredentialsResponse requestClientCredentials(@Nonnull HttpClient httpClient) throws IOException {
        log.debug("Performing client credentials grant using token endpoint: {}", getTokenEndpoint());
        return ensureValidResponse((ClientCredentialsResponse) httpClient.execute(createClientCredentialsRequest(), JsonResponseHandler.lowerCaseWithUnderscore(ClientCredentialsResponse.class)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static ClientAuthMethod create(@Nonnull String str, @Nonnull AuthConfig authConfig) {
        return Objects.nonNull(authConfig.getPrivateKeyJWK()) ? AsymmetricClientAuthMethod.builder().tokenEndpoint(str).clientId((String) Objects.requireNonNull(authConfig.getClientId())).privateKeyJWK((String) Objects.requireNonNull(authConfig.getPrivateKeyJWK())).scope(authConfig.getScope()).build() : SymmetricClientAuthMethod.builder().tokenEndpoint(str).clientId((String) Objects.requireNonNull(authConfig.getClientId())).clientSecret((String) Objects.requireNonNull(authConfig.getClientSecret())).scope(authConfig.getScope()).sendClientCredentialsInBody(authConfig.isUseFormForBasicAuth()).build();
    }

    @Nonnull
    public AccessScope getAccessScope() {
        return new AccessScope(getTokenEndpoint(), getClientId(), getScope());
    }

    @Nonnull
    abstract String getClientId();

    @Nonnull
    abstract String getTokenEndpoint();

    @Nullable
    abstract String getScope();

    @Nonnull
    protected List<Header> getAuthHeaders() {
        return Collections.emptyList();
    }

    @Nonnull
    protected List<BasicNameValuePair> getAuthParams() {
        return getAuthParams(Instant.now());
    }

    @Nonnull
    protected abstract List<BasicNameValuePair> getAuthParams(@Nonnull Instant instant);

    @Nonnull
    protected HttpUriRequest createClientCredentialsRequest() {
        HttpPost httpPost = new HttpPost(getTokenEndpoint());
        httpPost.addHeader("Accept", "application/json");
        httpPost.addHeader("Cache-Control", Constants.CACHE_CONTROL_NO_CACHE);
        List<Header> authHeaders = getAuthHeaders();
        Objects.requireNonNull(httpPost);
        authHeaders.forEach(httpPost::addHeader);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(PARAM_GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS));
        if (getScope() != null) {
            arrayList.add(new BasicNameValuePair("scope", getScope()));
        }
        arrayList.addAll(getAuthParams());
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Consts.UTF_8));
        return httpPost;
    }

    @Nonnull
    private ClientCredentialsResponse ensureValidResponse(@Nonnull ClientCredentialsResponse clientCredentialsResponse) throws IOException {
        if (clientCredentialsResponse.getAccessToken() == null) {
            throw new ClientProtocolException("Client credentials grant does not contain access token");
        }
        return clientCredentialsResponse;
    }
}
