package no.unit.nva.auth;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.jr.ob.JSON;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Objects;
import nva.commons.core.attempt.Try;
import nva.commons.core.paths.UriWrapper;

/* loaded from: input_file:no/unit/nva/auth/CognitoAuthenticator.class */
public class CognitoAuthenticator {
    public static final String OAUTH2_PATH_SEGMENT = "oauth2";
    public static final String TOKEN_PATH_SEGMENT = "token";
    public static final String BASIC_AUTH_CREDENTIALS_TEMPLATE = "%s:%s";
    public static final String BASIC_AUTH_HEADER_TEMPLATE = "%s %s";
    public static final String AUTHORIZATION_ERROR_MESSAGE = "Could not authorizer client";
    public static final String GRANT_TYPE_CLIENT_CREDENTIALS = "grant_type=client_credentials";
    public static final String JWT_TOKEN_FIELD = "access_token";
    private final CognitoCredentials credentials;
    private final HttpClient httpClient;

    public CognitoAuthenticator(HttpClient httpClient, CognitoCredentials cognitoCredentials) {
        this.httpClient = httpClient;
        this.credentials = cognitoCredentials;
    }

    public DecodedJWT fetchBearerToken() {
        HttpResponse<String> fetchTokenResponse = fetchTokenResponse();
        Try map = Try.attempt(() -> {
            return fetchTokenResponse;
        }).map((v0) -> {
            return v0.body();
        });
        JSON json = JSON.std;
        Objects.requireNonNull(json);
        return (DecodedJWT) map.map((v1) -> {
            return r1.mapFrom(v1);
        }).map(map2 -> {
            return map2.get("access_token");
        }).toOptional().map(Objects::toString).map(JWT::decode).orElseThrow();
    }

    private static URI standardOauth2TokenEndpoint(URI uri) {
        return UriWrapper.fromUri(uri).addChild(new String[]{OAUTH2_PATH_SEGMENT}).addChild(new String[]{TOKEN_PATH_SEGMENT}).getUri();
    }

    private static HttpRequest.BodyPublisher clientCredentialsAuthType() {
        return HttpRequest.BodyPublishers.ofString(GRANT_TYPE_CLIENT_CREDENTIALS);
    }

    private String formatAuthenticationHeaderValue() {
        return String.format(BASIC_AUTH_CREDENTIALS_TEMPLATE, this.credentials.getCognitoAppClientId(), this.credentials.getCognitoAppClientSecret());
    }

    private String formatBasicAuthenticationHeader() {
        return (String) Try.attempt(this::formatAuthenticationHeaderValue).map(str -> {
            return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
        }).map(str2 -> {
            return String.format(BASIC_AUTH_HEADER_TEMPLATE, "Basic", str2);
        }).orElseThrow();
    }

    private HttpRequest createTokenRequest() {
        return formatRequestForJwtToken(standardOauth2TokenEndpoint(this.credentials.getCognitoOAuthServerUri()));
    }

    private HttpResponse<String> fetchTokenResponse() {
        return (HttpResponse) Try.attempt(() -> {
            return this.httpClient.send(createTokenRequest(), HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));
        }).map(this::responseIsSuccessful).orElseThrow();
    }

    private HttpResponse<String> responseIsSuccessful(HttpResponse<String> httpResponse) {
        if (200 != httpResponse.statusCode()) {
            throw new RuntimeException(AUTHORIZATION_ERROR_MESSAGE);
        }
        return httpResponse;
    }

    private HttpRequest formatRequestForJwtToken(URI uri) {
        return HttpRequest.newBuilder(uri).setHeader("Authorization", formatBasicAuthenticationHeader()).setHeader(AuthorizedBackendClient.CONTENT_TYPE, AuthorizedBackendClient.APPLICATION_X_WWW_FORM_URLENCODED).POST(clientCredentialsAuthType()).build();
    }
}
