package no.unit.nva.auth;

import com.fasterxml.jackson.jr.ob.JSON;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import nva.commons.core.JacocoGenerated;
import nva.commons.core.attempt.Try;
import nva.commons.core.paths.UriWrapper;

/* loaded from: input_file:no/unit/nva/auth/AuthorizedBackendClient.class */
public class AuthorizedBackendClient {
    public static final String CONTENT_TYPE = "Content-Type";
    public static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    public static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String JWT_TOKEN_FIELD = "access_token";
    public static final Map<String, String> GRANT_TYPE_CLIENT_CREDENTIALS = Map.of("grant_type", "client_credentials");
    private final HttpClient httpClient;
    private final CognitoCredentials cognitoCredentials;
    private final boolean bearerTokenIsNotInjectedDirectly;
    private String bearerToken;

    protected AuthorizedBackendClient(HttpClient httpClient, String str, CognitoCredentials cognitoCredentials) {
        this.httpClient = httpClient;
        this.bearerToken = str;
        this.cognitoCredentials = cognitoCredentials;
        this.bearerTokenIsNotInjectedDirectly = Objects.isNull(str);
    }

    @JacocoGenerated
    public static AuthorizedBackendClient prepareWithCognitoCredentials(CognitoCredentials cognitoCredentials) {
        return prepareWithCognitoCredentials(HttpClient.newHttpClient(), cognitoCredentials);
    }

    public static AuthorizedBackendClient prepareWithCognitoCredentials(HttpClient httpClient, CognitoCredentials cognitoCredentials) {
        return new AuthorizedBackendClient(httpClient, null, cognitoCredentials);
    }

    @JacocoGenerated
    public static AuthorizedBackendClient prepareWithBearerToken(String str) {
        return prepareWithBearerToken(HttpClient.newHttpClient(), str);
    }

    public static AuthorizedBackendClient prepareWithBearerToken(HttpClient httpClient, String str) {
        return new AuthorizedBackendClient(httpClient, str, null);
    }

    @JacocoGenerated
    public static AuthorizedBackendClient prepareWithBearerTokenAndCredentials(HttpClient httpClient, String str, CognitoCredentials cognitoCredentials) {
        return new AuthorizedBackendClient(httpClient, str, cognitoCredentials);
    }

    @JacocoGenerated
    protected String getBearerToken() {
        return this.bearerToken;
    }

    public <T> HttpResponse<T> send(HttpRequest.Builder builder, HttpResponse.BodyHandler<T> bodyHandler) throws IOException, InterruptedException {
        refreshToken();
        return this.httpClient.send(builder.setHeader("Authorization", this.bearerToken).build(), bodyHandler);
    }

    public <T> CompletableFuture<HttpResponse<T>> sendAsync(HttpRequest.Builder builder, HttpResponse.BodyHandler<T> bodyHandler) {
        refreshToken();
        return this.httpClient.sendAsync(builder.setHeader("Authorization", this.bearerToken).build(), bodyHandler);
    }

    private static URI standardOauth2TokenEndpoint(URI uri) {
        return UriWrapper.fromUri(uri).addChild(new String[]{"oauth2"}).addChild(new String[]{"token"}).getUri();
    }

    private static HttpRequest.BodyPublisher clientCredentialsAuthType() {
        return HttpRequest.BodyPublishers.ofString(UriWrapper.fromHost("notimportant").addQueryParameters(GRANT_TYPE_CLIENT_CREDENTIALS).getUri().getRawQuery());
    }

    private String formatBasicAuthenticationHeader() {
        return (String) Try.attempt(this::formatAuthenticationHeaderValue).map(str -> {
            return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
        }).map(str2 -> {
            return "Basic " + str2;
        }).orElseThrow();
    }

    private String formatAuthenticationHeaderValue() {
        return String.format("%s:%s", this.cognitoCredentials.getCognitoAppClientId(), this.cognitoCredentials.getCognitoAppClientSecret());
    }

    private void refreshToken() {
        if (this.bearerTokenIsNotInjectedDirectly) {
            this.bearerToken = sendRequestAndExtractToken(formatRequestForJwtToken(standardOauth2TokenEndpoint(this.cognitoCredentials.getCognitoOAuthServerUri())));
        }
    }

    private String createBearerToken(String str) {
        return "Bearer " + str;
    }

    private String sendRequestAndExtractToken(HttpRequest httpRequest) {
        Try map = Try.attempt(() -> {
            return this.httpClient.send(httpRequest, HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));
        }).map((v0) -> {
            return v0.body();
        });
        JSON json = JSON.std;
        Objects.requireNonNull(json);
        return (String) map.map((v1) -> {
            return r1.mapFrom(v1);
        }).map(map2 -> {
            return map2.get(JWT_TOKEN_FIELD);
        }).map(Objects::toString).map(this::createBearerToken).orElseThrow();
    }

    private HttpRequest formatRequestForJwtToken(URI uri) {
        return HttpRequest.newBuilder(uri).setHeader("Authorization", formatBasicAuthenticationHeader()).setHeader(CONTENT_TYPE, APPLICATION_X_WWW_FORM_URLENCODED).POST(clientCredentialsAuthType()).build();
    }
}
