package org.sdase.commons.client.jersey.oidc.rest;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Form;
import org.glassfish.jersey.client.proxy.WebResourceFactory;
import org.sdase.commons.client.jersey.ClientFactory;
import org.sdase.commons.client.jersey.oidc.OidcConfiguration;
import org.sdase.commons.client.jersey.oidc.rest.model.OpenIdDiscoveryResource;
import org.sdase.commons.client.jersey.oidc.rest.model.TokenResource;
import org.sdase.commons.client.jersey.proxy.ApiClientInvocationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/client/jersey/oidc/rest/IssuerClient.class */
public class IssuerClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(IssuerClient.class);
    private final OidcConfiguration config;
    private final Client client;
    private final OpenIdDiscoveryApi discoveryApi;

    public IssuerClient(ClientFactory clientFactory, OidcConfiguration oidcConfiguration) {
        this.config = oidcConfiguration;
        this.client = clientFactory.externalClient(oidcConfiguration.getHttpClient()).buildGenericClient("oidc-client");
        this.discoveryApi = (OpenIdDiscoveryApi) ApiClientInvocationHandler.createProxy(OpenIdDiscoveryApi.class, WebResourceFactory.newResource(OpenIdDiscoveryApi.class, this.client.target(oidcConfiguration.getIssuerUrl())));
    }

    public TokenResource getTokenResource() {
        OpenIdDiscoveryResource configuration = this.discoveryApi.getConfiguration();
        if (configuration == null || configuration.getTokenEndpoint() == null) {
            LOGGER.warn("Could not retrieve discovery configuration");
            return null;
        }
        LOGGER.debug("Retrieving access token from {}", configuration.getTokenEndpoint());
        Form createTokenForm = createTokenForm();
        Invocation.Builder request = this.client.target(configuration.getTokenEndpoint()).request(new String[]{"application/x-www-form-urlencoded"});
        if (this.config.isUseAuthHeader()) {
            request.header("Authorization", createBasicAuthHeader());
        }
        TokenResource tokenResource = (TokenResource) request.buildPost(Entity.form(createTokenForm)).invoke(TokenResource.class);
        if (tokenResource == null) {
            LOGGER.warn("Could not retrieve access token from {}", configuration.getTokenEndpoint());
        }
        return tokenResource;
    }

    private Form createTokenForm() {
        Form param = new Form().param("grant_type", this.config.getGrantType());
        if (!this.config.isUseAuthHeader()) {
            param.param("client_id", this.config.getClientId()).param("client_secret", this.config.getClientSecret());
        }
        if ("password".equals(this.config.getGrantType())) {
            param.param("username", this.config.getUsername());
            param.param("password", this.config.getPassword());
        }
        return param;
    }

    private String createBasicAuthHeader() {
        return "Basic " + Base64.getEncoder().encodeToString((this.config.getClientId() + ":" + this.config.getClientSecret()).getBytes(StandardCharsets.UTF_8));
    }
}
