package io.apicurio.rest.client.auth;

import com.fasterxml.jackson.core.JsonProcessingException;
import io.apicurio.rest.client.auth.request.TokenRequestsProvider;
import io.apicurio.rest.client.spi.ApicurioHttpClient;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:io/apicurio/rest/client/auth/OidcAuth.class */
public class OidcAuth implements Auth, AutoCloseable {
    private static final String BEARER = "Bearer ";
    private static final String CLIENT_CREDENTIALS_GRANT = "client_credentials";
    private static final String PASSWORD_GRANT = "password";
    private static final Duration DEFAULT_TOKEN_EXPIRATION_REDUCTION = Duration.ofSeconds(1);
    private final String clientId;
    private final String clientSecret;
    private final Duration tokenExpirationReduction;
    private String cachedAccessToken;
    private Instant cachedAccessTokenExp;
    private final ApicurioHttpClient apicurioHttpClient;

    public OidcAuth(ApicurioHttpClient apicurioHttpClient, String str, String str2) {
        this(apicurioHttpClient, str, str2, DEFAULT_TOKEN_EXPIRATION_REDUCTION);
    }

    public OidcAuth(ApicurioHttpClient apicurioHttpClient, String str, String str2, Duration duration) {
        this.clientId = str;
        this.clientSecret = str2;
        this.apicurioHttpClient = apicurioHttpClient;
        if (null == duration) {
            this.tokenExpirationReduction = DEFAULT_TOKEN_EXPIRATION_REDUCTION;
        } else {
            this.tokenExpirationReduction = duration;
        }
    }

    @Override // io.apicurio.rest.client.auth.Auth
    public void apply(Map<String, String> map) {
        if (isAccessTokenRequired()) {
            requestAccessToken();
        }
        map.put("Authorization", "Bearer " + this.cachedAccessToken);
    }

    private void requestAccessToken() {
        try {
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.apicurioHttpClient.sendRequest(TokenRequestsProvider.obtainAccessToken((String) Map.of("grant_type", CLIENT_CREDENTIALS_GRANT, "client_id", this.clientId, "client_secret", this.clientSecret).entrySet().stream().map(entry -> {
                return String.join("=", URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8), URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8));
            }).collect(Collectors.joining("&"))));
            this.cachedAccessToken = accessTokenResponse.getToken();
            Duration ofSeconds = Duration.ofSeconds(accessTokenResponse.getExpiresIn());
            if (ofSeconds.compareTo(this.tokenExpirationReduction) > 0) {
                ofSeconds = ofSeconds.minus(this.tokenExpirationReduction);
            }
            this.cachedAccessTokenExp = Instant.now().plus((TemporalAmount) ofSeconds);
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Error found while trying to request a new token");
        }
    }

    public String authenticate() {
        if (isAccessTokenRequired()) {
            requestAccessToken();
        }
        return this.cachedAccessToken;
    }

    public String obtainAccessTokenPasswordGrant(String str, String str2) {
        try {
            return ((AccessTokenResponse) this.apicurioHttpClient.sendRequest(TokenRequestsProvider.obtainAccessToken((String) Map.of("grant_type", PASSWORD_GRANT, "client_id", this.clientId, "client_secret", this.clientSecret, "username", str, PASSWORD_GRANT, str2).entrySet().stream().map(entry -> {
                return String.join("=", URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8), URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8));
            }).collect(Collectors.joining("&"))))).getToken();
        } catch (JsonProcessingException e) {
            throw new IllegalStateException("Error found while trying to request a new token");
        }
    }

    private boolean isAccessTokenRequired() {
        return null == this.cachedAccessToken || isTokenExpired();
    }

    private boolean isTokenExpired() {
        return Instant.now().isAfter(this.cachedAccessTokenExp);
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.apicurioHttpClient.close();
    }
}
