package com.finbourne.identity.extensions.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.finbourne.identity.extensions.ApiConfiguration;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.util.Map;
import java.util.Optional;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/finbourne/identity/extensions/auth/HttpFinbourneTokenProvider.class */
public class HttpFinbourneTokenProvider {
    private static final String SCOPE = "openid client groups offline_access";
    private static final MediaType FORM = MediaType.parse("application/x-www-form-urlencoded");
    private final ApiConfiguration apiConfiguration;
    private final OkHttpClient httpClient;

    public HttpFinbourneTokenProvider(ApiConfiguration apiConfiguration, OkHttpClient okHttpClient) {
        this.apiConfiguration = apiConfiguration;
        this.httpClient = okHttpClient;
    }

    public FinbourneToken get(Optional<String> optional) throws FinbourneTokenException {
        return callAndMapResponseToToken(this.httpClient, createAccessTokenRequest(optional));
    }

    private FinbourneToken callAndMapResponseToToken(OkHttpClient okHttpClient, Request request) throws FinbourneTokenException {
        try {
            Response execute = okHttpClient.newCall(request).execute();
            if (execute.code() != 200) {
                throw new FinbourneTokenException("Authentication call to identity failed. See response :" + execute.toString());
            }
            try {
                Map map = (Map) new ObjectMapper().readValue(execute.body().string(), Map.class);
                if (!map.containsKey("access_token")) {
                    throw new FinbourneTokenException("Response from identity authentication is missing an access_token entry");
                }
                if (!map.containsKey("refresh_token")) {
                    throw new FinbourneTokenException("Response from identity authentication is missing an refresh_token entry");
                }
                if (!map.containsKey("expires_in")) {
                    throw new FinbourneTokenException("Response from identity authentication is missing an expires_in entry");
                }
                return new FinbourneToken((String) map.get("access_token"), (String) map.get("refresh_token"), calculateExpiryAtTime(LocalDateTime.now(), ((Integer) map.get("expires_in")).intValue()));
            } catch (IOException e) {
                throw new FinbourneTokenException("Failed to correctly map the authentication response from identity. See details : ", e);
            }
        } catch (IOException e2) {
            throw new FinbourneTokenException("Authentication request call could not complete. See details:", e2);
        }
    }

    private Request createAccessTokenRequest(Optional<String> optional) throws FinbourneTokenException {
        try {
            Request.Builder post = new Request.Builder().url(this.apiConfiguration.getTokenUrl()).header("Accept", "application/json").post(RequestBody.create(!optional.isPresent() ? String.format("grant_type=password&username=%s&password=%s&scope=%s&client_id=%s&client_secret=%s", this.apiConfiguration.getUsername(), URLEncoder.encode(this.apiConfiguration.getPassword(), StandardCharsets.UTF_8.toString()), SCOPE, this.apiConfiguration.getClientId(), URLEncoder.encode(this.apiConfiguration.getClientSecret(), StandardCharsets.UTF_8.toString())) : String.format("grant_type=refresh_token&scope=%s&refresh_token=%s", SCOPE, optional.get()), FORM));
            if (optional.isPresent()) {
                post.addHeader("Authorization", "Basic " + Base64.encodeBase64String((this.apiConfiguration.getClientId() + ":" + this.apiConfiguration.getClientSecret()).getBytes()));
            }
            return post.build();
        } catch (UnsupportedEncodingException e) {
            throw new FinbourneTokenException("Failed to encode parameters from the API Configuration. Ensure your secrets files is properly setup.", e);
        }
    }

    public LocalDateTime calculateExpiryAtTime(LocalDateTime localDateTime, int i) {
        return localDateTime.plusSeconds(i - 30);
    }
}
