package be.atbash.ee.security.octopus.oauth2.adapter;

import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.sso.client.config.OctopusSSOServerClientConfiguration;
import be.atbash.ee.security.octopus.sso.client.debug.CorrelationCounter;
import be.atbash.ee.security.octopus.sso.client.requestor.AbstractRequestor;
import be.atbash.ee.security.octopus.token.UsernamePasswordToken;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.util.ByteUtils;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretJWT;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Set;

/* loaded from: input_file:be/atbash/ee/security/octopus/oauth2/adapter/TokenRequestor.class */
public class TokenRequestor extends AbstractRequestor {
    private JWSAlgorithm algorithm;
    private static TokenRequestor INSTANCE;
    private static final Object LOCK = new Object();

    private TokenRequestor(OctopusCoreConfiguration octopusCoreConfiguration, OctopusSSOServerClientConfiguration octopusSSOServerClientConfiguration) {
        setConfiguration(octopusCoreConfiguration, octopusSSOServerClientConfiguration);
        init();
    }

    private void init() {
        byte[] sSOClientSecret = this.configuration.getSSOClientSecret();
        if (sSOClientSecret.length > 0) {
            Set compatibleAlgorithms = MACSigner.getCompatibleAlgorithms(ByteUtils.bitLength(sSOClientSecret));
            if (compatibleAlgorithms.contains(JWSAlgorithm.HS512)) {
                this.algorithm = JWSAlgorithm.HS512;
            }
            if (this.algorithm == null && compatibleAlgorithms.contains(JWSAlgorithm.HS384)) {
                this.algorithm = JWSAlgorithm.HS384;
            }
            if (this.algorithm == null && compatibleAlgorithms.contains(JWSAlgorithm.HS256)) {
                this.algorithm = JWSAlgorithm.HS256;
            }
        }
    }

    public TokenResponse getToken(UsernamePasswordToken usernamePasswordToken) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant(usernamePasswordToken.getUsername(), new Secret(new String(usernamePasswordToken.getPassword())));
        try {
            URI uri = new URI(this.configuration.getTokenEndpoint());
            HTTPRequest hTTPRequest = (this.algorithm != null ? new TokenRequest(uri, new ClientSecretJWT(new ClientID(this.configuration.getSSOClientId()), uri, this.algorithm, new Secret(new String(this.configuration.getSSOClientSecret(), StandardCharsets.UTF_8))), resourceOwnerPasswordCredentialsGrant, Scope.parse(this.configuration.getSSOScopes())) : new TokenRequest(uri, resourceOwnerPasswordCredentialsGrant, Scope.parse(this.configuration.getSSOScopes()))).toHTTPRequest();
            int i = -1;
            if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_REST)) {
                i = CorrelationCounter.VALUE.getAndIncrement();
                showRequest(i, hTTPRequest);
            }
            try {
                HTTPResponse send = hTTPRequest.send();
                if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_REST)) {
                    showResponse(i, send);
                }
                return TokenResponse.parse(send);
            } catch (IOException e) {
                throw new AtbashUnexpectedException(String.format("Connection refused or exception calling %s. Exception message : %s", this.configuration.getTokenEndpoint(), e.getMessage()));
            }
        } catch (URISyntaxException e2) {
            throw new AtbashUnexpectedException(String.format("Invalid URI for token endpoint (SSO.server parameter) %s. Exception message : %s", this.configuration.getTokenEndpoint(), e2.getMessage()));
        } catch (ParseException | JOSEException e3) {
            throw new AtbashUnexpectedException(e3);
        }
    }

    public static TokenRequestor getInstance(OctopusCoreConfiguration octopusCoreConfiguration, OctopusSSOServerClientConfiguration octopusSSOServerClientConfiguration) {
        if (INSTANCE == null) {
            synchronized (LOCK) {
                if (INSTANCE == null) {
                    INSTANCE = new TokenRequestor(octopusCoreConfiguration, octopusSSOServerClientConfiguration);
                }
            }
        }
        return INSTANCE;
    }
}
