package com.github.damiansheldon.security.oauth2.client.endpoint;

import com.github.damiansheldon.security.oauth2.http.converter.WeworkOAuth2AccessTokenResponseConverter;
import java.time.Instant;
import java.util.Arrays;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.RequestEntity;
import org.springframework.http.converter.FormHttpMessageConverter;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/github/damiansheldon/security/oauth2/client/endpoint/WeworkAuthorizationCodeTokenResponseClient.class */
public class WeworkAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
    private static final Log log = LogFactory.getLog(WeworkAuthorizationCodeTokenResponseClient.class);
    private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
    private OAuth2AccessTokenResponse cachedOAuth2AccessTokenResponse;
    private Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>> requestEntityConverter = new WeworkOAuth2AuthorizationCodeGrantRequestEntityConverter();
    private RestOperations restOperations;

    public WeworkAuthorizationCodeTokenResponseClient() {
        HttpMessageConverter oAuth2AccessTokenResponseHttpMessageConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
        oAuth2AccessTokenResponseHttpMessageConverter.setTokenResponseConverter(new WeworkOAuth2AccessTokenResponseConverter());
        RestTemplate restTemplate = new RestTemplate(Arrays.asList(new FormHttpMessageConverter(), oAuth2AccessTokenResponseHttpMessageConverter));
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        this.restOperations = restTemplate;
    }

    public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest) {
        Assert.notNull(oAuth2AuthorizationCodeGrantRequest, "authorizationCodeGrantRequest cannot be null");
        if (this.cachedOAuth2AccessTokenResponse != null && !isOAuth2AccessTokenExpire(this.cachedOAuth2AccessTokenResponse)) {
            return this.cachedOAuth2AccessTokenResponse;
        }
        this.cachedOAuth2AccessTokenResponse = fetchNewOauth2AccessToken(oAuth2AuthorizationCodeGrantRequest);
        return this.cachedOAuth2AccessTokenResponse;
    }

    public OAuth2AccessTokenResponse fetchNewOauth2AccessToken(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest) {
        try {
            OAuth2AccessTokenResponse oAuth2AccessTokenResponse = (OAuth2AccessTokenResponse) this.restOperations.exchange((RequestEntity) this.requestEntityConverter.convert(oAuth2AuthorizationCodeGrantRequest), OAuth2AccessTokenResponse.class).getBody();
            if (CollectionUtils.isEmpty(oAuth2AccessTokenResponse.getAccessToken().getScopes())) {
                oAuth2AccessTokenResponse = OAuth2AccessTokenResponse.withResponse(oAuth2AccessTokenResponse).scopes(oAuth2AuthorizationCodeGrantRequest.getClientRegistration().getScopes()).build();
            }
            return oAuth2AccessTokenResponse;
        } catch (RestClientException e) {
            log.warn("获取 Access token 调用失败", e);
            throw new OAuth2AuthorizationException(new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + e.getMessage(), (String) null), e);
        }
    }

    private boolean isOAuth2AccessTokenExpire(OAuth2AccessTokenResponse oAuth2AccessTokenResponse) {
        if (oAuth2AccessTokenResponse == null || oAuth2AccessTokenResponse.getAccessToken() == null) {
            return true;
        }
        return oAuth2AccessTokenResponse.getAccessToken().getExpiresAt().isBefore(Instant.now());
    }
}
