package org.apache.causeway.viewer.restfulobjects.client.auth.oauth2.azure;

import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.client.Entity;
import jakarta.ws.rs.core.Form;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.time.ZonedDateTime;
import org.apache.causeway.commons.functional.Railway;
import org.apache.causeway.viewer.restfulobjects.client.auth.oauth2.Oauth2Creds;
import org.apache.causeway.viewer.restfulobjects.client.auth.oauth2.azure.TokenParser;

/* loaded from: input_file:org/apache/causeway/viewer/restfulobjects/client/auth/oauth2/azure/TokenCache.class */
public class TokenCache {
    private final Oauth2Creds creds;
    private final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
    private String jwtToken;
    private ZonedDateTime jwtTokenExpiresAt;

    public TokenCache(Oauth2Creds oauth2Creds) {
        this.creds = oauth2Creds;
    }

    public Railway<Exception, String> getToken() {
        if (isTokenValid()) {
            return Railway.success(this.jwtToken);
        }
        Response invoke = this.clientBuilder.build().target(UriBuilder.fromUri(String.format("https://login.microsoftonline.com/%s/oauth2/v2.0/token", this.creds.getTenantId()))).request().header("Content-Type", "application/x-www-form-urlencoded").header("Accept", "application/json").buildPost(Entity.entity(new Form().param("scope", String.format("%s/.default", this.creds.getClientId())).param("client_id", this.creds.getClientId()).param("client_secret", this.creds.getClientSecret()).param("grant_type", "client_credentials"), MediaType.APPLICATION_FORM_URLENCODED_TYPE)).invoke();
        String str = (String) invoke.readEntity(String.class);
        if (invoke.getStatus() != 200) {
            this.jwtToken = null;
            this.jwtTokenExpiresAt = null;
            return Railway.failure(new RuntimeException(str));
        }
        Railway<IOException, TokenParser.TokenSuccessResponse> parseTokenEntity = new TokenParser().parseTokenEntity(str);
        if (parseTokenEntity.isFailure()) {
            this.jwtToken = null;
            this.jwtTokenExpiresAt = null;
            return Railway.failure((Exception) parseTokenEntity.getFailureElseFail());
        }
        TokenParser.TokenSuccessResponse tokenSuccessResponse = (TokenParser.TokenSuccessResponse) parseTokenEntity.getSuccessElseFail();
        int expires_in = tokenSuccessResponse.getExpires_in();
        this.jwtToken = tokenSuccessResponse.getAccess_token();
        this.jwtTokenExpiresAt = now().plusMinutes(expires_in);
        return Railway.success(this.jwtToken);
    }

    private boolean isTokenValid() {
        if (this.jwtTokenExpiresAt == null) {
            return false;
        }
        return this.jwtTokenExpiresAt.isBefore(now().plusMinutes(2L));
    }

    private static ZonedDateTime now() {
        return ZonedDateTime.now();
    }
}
