package io.apicurio.rest.client.auth;

import com.fasterxml.jackson.core.JsonProcessingException;
import io.apicurio.rest.client.auth.exception.AuthErrorHandler;
import io.apicurio.rest.client.auth.request.TokenRequestsProvider;
import io.apicurio.rest.client.error.RestClientErrorHandler;
import io.apicurio.rest.client.spi.ApicurioHttpClient;
import io.apicurio.rest.client.spi.ApicurioHttpClientProvider;
import io.apicurio.rest.client.spi.ApicurioHttpClientServiceLoader;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;

/* loaded from: input_file:io/apicurio/rest/client/auth/OidcAuth.class */
public class OidcAuth implements Auth {
    private static final String BEARER = "Bearer ";
    private static final String CLIENT_CREDENTIALS_GRANT = "client_credentials";
    private static final String PASSWORD_GRANT = "password";
    private static final ApicurioHttpClientServiceLoader serviceLoader = new ApicurioHttpClientServiceLoader();
    private static final AtomicReference<ApicurioHttpClientProvider> providerReference = new AtomicReference<>();
    private final String tokenEndpoint;
    private final String clientId;
    private final String clientSecret;
    private String cachedAccessToken;
    private long cachedAccessTokenExp;
    private final ApicurioHttpClient apicurioHttpClient;

    public OidcAuth(String str, String str2, String str3, Optional<RestClientErrorHandler> optional) {
        this.tokenEndpoint = str.endsWith("/") ? str : str + "/";
        this.clientId = str2;
        this.clientSecret = str3;
        this.apicurioHttpClient = resolveApicurioHttpClient(optional.orElse(new AuthErrorHandler()));
    }

    public OidcAuth(ApicurioHttpClientProvider apicurioHttpClientProvider, String str, String str2, String str3, Optional<RestClientErrorHandler> optional) {
        str = str.endsWith("/") ? str : str + "/";
        this.tokenEndpoint = str;
        this.clientId = str2;
        this.clientSecret = str3;
        this.apicurioHttpClient = apicurioHttpClientProvider.create(str, Collections.emptyMap(), null, optional.orElse(new AuthErrorHandler()));
    }

    private static ApicurioHttpClientProvider resolveProviderInstance() {
        return serviceLoader.providers(true).next();
    }

    private ApicurioHttpClient resolveApicurioHttpClient(RestClientErrorHandler restClientErrorHandler) {
        ApicurioHttpClientProvider apicurioHttpClientProvider = providerReference.get();
        if (apicurioHttpClientProvider == null) {
            providerReference.compareAndSet(null, resolveProviderInstance());
            apicurioHttpClientProvider = providerReference.get();
        }
        return apicurioHttpClientProvider.create(this.tokenEndpoint, Collections.emptyMap(), null, restClientErrorHandler);
    }

    public static boolean setProvider(ApicurioHttpClientProvider apicurioHttpClientProvider) {
        return providerReference.compareAndSet(null, apicurioHttpClientProvider);
    }

    @Override // io.apicurio.rest.client.auth.Auth
    public void apply(Map<String, String> map) {
        if (isAccessTokenRequired()) {
            requestAccessToken();
        }
        map.put("Authorization", "Bearer " + this.cachedAccessToken);
    }

    private void requestAccessToken() {
        try {
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.apicurioHttpClient.sendRequest(TokenRequestsProvider.obtainAccessToken((String) Map.of("grant_type", CLIENT_CREDENTIALS_GRANT, "client_id", this.clientId, "client_secret", this.clientSecret).entrySet().stream().map(entry -> {
                return String.join("=", URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8), URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8));
            }).collect(Collectors.joining("&"))));
            this.cachedAccessToken = accessTokenResponse.getToken();
            this.cachedAccessTokenExp = (System.currentTimeMillis() / 1000) + accessTokenResponse.getExpiresIn();
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Error found while trying to request a new token");
        }
    }

    public String authenticate() {
        if (isAccessTokenRequired()) {
            requestAccessToken();
        }
        return this.cachedAccessToken;
    }

    public String obtainAccessTokenWithBasicCredentials(String str, String str2) {
        try {
            return ((AccessTokenResponse) this.apicurioHttpClient.sendRequest(TokenRequestsProvider.obtainAccessToken((String) Map.of("grant_type", PASSWORD_GRANT, "client_id", this.clientId, "client_secret", this.clientSecret, "username", str, PASSWORD_GRANT, str2).entrySet().stream().map(entry -> {
                return String.join("=", URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8), URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8));
            }).collect(Collectors.joining("&"))))).getToken();
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Error found while trying to request a new token");
        }
    }

    private boolean isAccessTokenRequired() {
        return null == this.cachedAccessToken || isTokenExpired();
    }

    private boolean isTokenExpired() {
        return ((long) ((int) (System.currentTimeMillis() / 1000))) > this.cachedAccessTokenExp;
    }

    public void close() {
        this.apicurioHttpClient.close();
    }
}
