package co.arago.hiro.client.connection.token;

import co.arago.hiro.client.connection.token.AbstractTokenAPIHandler;
import co.arago.hiro.client.exceptions.AuthenticationTokenException;
import co.arago.hiro.client.exceptions.HiroException;
import co.arago.hiro.client.exceptions.HiroHttpException;
import co.arago.hiro.client.exceptions.TokenUnauthorizedException;
import co.arago.hiro.client.model.token.TokenRefreshRequest;
import co.arago.hiro.client.model.token.TokenResponse;
import co.arago.hiro.client.model.token.TokenRevokeRequest;
import co.arago.hiro.client.util.httpclient.HttpHeaderMap;
import co.arago.util.validation.ValueChecks;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.http.HttpResponse;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Map;
import org.apache.commons.lang3.RegExUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/arago/hiro/client/connection/token/AbstractRemoteAuthTokenAPIHandler.class */
public abstract class AbstractRemoteAuthTokenAPIHandler extends AbstractTokenAPIHandler {
    static final Logger log = LoggerFactory.getLogger(AbstractRemoteAuthTokenAPIHandler.class);
    protected final String apiName = "auth";
    protected String organization;
    protected String organizationId;
    protected final String clientId;
    protected final String clientSecret;
    protected final String apiPath;
    protected final TokenInfo tokenInfo;
    protected URI apiURI;

    /* loaded from: input_file:co/arago/hiro/client/connection/token/AbstractRemoteAuthTokenAPIHandler$Conf.class */
    public static abstract class Conf<T extends Conf<T>> extends AbstractTokenAPIHandler.Conf<T> {
        private String organization;
        private String organizationId;
        private String clientId;
        private String clientSecret;
        private Long refreshOffset = 5000L;
        private boolean forceLogging = false;
        private String apiPath;

        public String getOrganization() {
            return this.organization;
        }

        public T setOrganization(String str) {
            this.organization = str;
            return (T) self();
        }

        public String getOrganizationId() {
            return this.organizationId;
        }

        public T setOrganizationId(String str) {
            this.organizationId = str;
            return (T) self();
        }

        public String getClientId() {
            return this.clientId;
        }

        public T setClientId(String str) {
            this.clientId = str;
            return (T) self();
        }

        public String getClientSecret() {
            return this.clientSecret;
        }

        public T setClientSecret(String str) {
            this.clientSecret = str;
            return (T) self();
        }

        public T setCredentials(String str, String str2, String str3, String str4) {
            setOrganization(str);
            setOrganizationId(str2);
            setClientId(str3);
            setClientSecret(str4);
            return (T) self();
        }

        public Long getRefreshOffset() {
            return this.refreshOffset;
        }

        public T setRefreshOffset(Long l) {
            this.refreshOffset = l;
            return (T) self();
        }

        public boolean getForceLogging() {
            return this.forceLogging;
        }

        public T setForceLogging(boolean z) {
            this.forceLogging = z;
            return (T) self();
        }

        public String getApiPath() {
            return this.apiPath;
        }

        public T setApiPath(String str) {
            this.apiPath = str;
            return (T) self();
        }

        @Override // co.arago.hiro.client.connection.token.AbstractTokenAPIHandler.Conf, co.arago.hiro.client.connection.AbstractVersionAPIHandler.Conf, co.arago.hiro.client.connection.AbstractAPIHandler.Conf
        public abstract AbstractRemoteAuthTokenAPIHandler build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:co/arago/hiro/client/connection/token/AbstractRemoteAuthTokenAPIHandler$TokenInfo.class */
    public static class TokenInfo extends TokenResponse {
        private static final long serialVersionUID = 8659946445124247439L;
        protected Instant lastUpdate;
        protected long refreshOffset = 5000;

        protected TokenInfo() {
        }

        public boolean tokenExpired() {
            return Instant.now().isAfter(expiryInstant());
        }

        public Instant expiryInstant() {
            return expiresAt().longValue() - this.refreshOffset < 0 ? Instant.MIN : Instant.ofEpochMilli(expiresAt().longValue()).minus(this.refreshOffset, (TemporalUnit) ChronoUnit.MILLIS);
        }

        public Long expiresAt() {
            if (this.expiresAt == null && this.expiresIn == null) {
                return Long.MAX_VALUE;
            }
            return Long.valueOf(this.expiresAt == null ? this.lastUpdate.toEpochMilli() + (this.expiresIn.longValue() * 1000) : this.expiresAt.longValue());
        }

        public void parse(TokenResponse tokenResponse) {
            this.token = tokenResponse.token;
            this.expiresIn = tokenResponse.expiresIn;
            this.expiresAt = tokenResponse.expiresAt;
            this.identity = tokenResponse.identity;
            this.identityId = tokenResponse.identityId;
            this.application = tokenResponse.application;
            this.type = tokenResponse.type;
            if (StringUtils.isNotBlank(tokenResponse.refreshToken)) {
                this.refreshToken = tokenResponse.refreshToken;
            }
            this.lastUpdate = Instant.now();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRemoteAuthTokenAPIHandler(Conf<?> conf) {
        super(conf);
        this.apiName = "auth";
        this.tokenInfo = new TokenInfo();
        this.clientId = ValueChecks.notBlank(conf.getClientId(), "clientId");
        this.clientSecret = conf.getClientSecret();
        this.organization = conf.getOrganization();
        this.organizationId = conf.getOrganizationId();
        this.apiPath = conf.getApiPath();
        this.tokenInfo.refreshOffset = conf.getRefreshOffset().longValue();
        if (conf.getForceLogging()) {
            return;
        }
        configureLogging();
    }

    private void configureLogging() {
        try {
            getHttpLogger().addFilter(getURI("token"));
            getHttpLogger().addFilter(getURI("app"));
            getHttpLogger().addFilter(getURI("refresh"));
            getHttpLogger().addFilter(getURI("revoke"));
        } catch (HiroException | IOException | InterruptedException e) {
            log.error("Cannot get apiPath URI. Disable logging of http bodies.", e);
            getHttpLogger().setLogBody(false);
        }
    }

    public long getRefreshOffset() {
        return this.tokenInfo.refreshOffset;
    }

    public void setRefreshOffset(long j) {
        this.tokenInfo.refreshOffset = j;
    }

    public URI getURI(String str) throws IOException, InterruptedException, HiroException {
        if (this.apiURI == null) {
            this.apiURI = this.apiPath != null ? buildApiURI(this.apiPath) : getApiURIOf("auth");
        }
        return this.apiURI.resolve(RegExUtils.removePattern(str, "^/+"));
    }

    public synchronized boolean tokenExpired() {
        return this.tokenInfo.tokenExpired();
    }

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized Instant expiryInstant() {
        return this.tokenInfo.expiryInstant();
    }

    @Override // co.arago.hiro.client.connection.AbstractAPIHandler, co.arago.hiro.client.connection.token.TokenAPIHandler
    public boolean checkResponse(HttpResponse<InputStream> httpResponse, int i) throws HiroException, IOException, InterruptedException {
        try {
            super.checkResponse(httpResponse, i);
            return false;
        } catch (TokenUnauthorizedException e) {
            throw e;
        } catch (HiroHttpException e2) {
            throw new AuthenticationTokenException(e2.getMessage(), e2.getCode(), e2.getBody(), e2);
        }
    }

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized String getToken() throws IOException, InterruptedException, HiroException {
        if (!hasToken()) {
            requestToken(this.organization, this.organizationId);
        } else if (tokenExpired()) {
            refreshToken(this.organization, this.organizationId);
        }
        return this.tokenInfo.token;
    }

    public String getRefreshToken() {
        return this.tokenInfo.refreshToken;
    }

    protected abstract void requestToken(String str, String str2) throws IOException, InterruptedException, HiroException;

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized void refreshToken() throws HiroException, IOException, InterruptedException {
        refreshToken(this.organization, this.organizationId);
    }

    public synchronized void refreshToken(String str, String str2) throws IOException, InterruptedException, HiroException {
        try {
            if (!hasRefreshToken()) {
                requestToken(str, str2);
                return;
            }
            if (str != null) {
                this.organization = str;
            }
            if (str2 != null) {
                this.organizationId = str2;
            }
            float parseFloat = Float.parseFloat(getVersionMap().getVersionEntryOf("auth").version);
            TokenRefreshRequest tokenRefreshRequest = new TokenRefreshRequest(this.clientId, this.clientSecret, this.tokenInfo.refreshToken, str, str2);
            this.tokenInfo.parse(parseFloat >= 6.6f ? (TokenResponse) post(TokenResponse.class, getURI("token"), tokenRefreshRequest.toURIEncodedStringRemoveBlanks(), new HttpHeaderMap(Map.of("Content-Type", "application/x-www-form-urlencoded")), this.httpRequestTimeout, Integer.valueOf(this.maxRetries)) : (TokenResponse) post(TokenResponse.class, getURI("refresh"), tokenRefreshRequest.toJsonStringNoNull(), new HttpHeaderMap(Map.of("Content-Type", "application/json")), this.httpRequestTimeout, Integer.valueOf(this.maxRetries)));
        } catch (AuthenticationTokenException e) {
            log.debug("Request new access_token");
            requestToken(str, str2);
        }
    }

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized void revokeToken() throws IOException, InterruptedException, HiroException {
        revokeToken("refresh_token");
    }

    public synchronized void revokeToken(String str) throws IOException, InterruptedException, HiroException {
        if (!hasToken() || !hasRefreshToken()) {
            throw new TokenUnauthorizedException("no token provided", 401, null);
        }
        this.tokenInfo.parse((TokenResponse) post(TokenResponse.class, getURI("revoke"), (Float.parseFloat(getVersionMap().getVersionEntryOf("auth").version) >= 6.6f ? new TokenRevokeRequest(this.clientId, this.clientSecret, this.tokenInfo.refreshToken, str) : new TokenRevokeRequest(this.clientId, this.clientSecret, this.tokenInfo.refreshToken)).toJsonStringNoNull(), new HttpHeaderMap(Map.of("Content-Type", "application/json", "Authorization", "Bearer " + getToken())), this.httpRequestTimeout, Integer.valueOf(this.maxRetries)));
    }

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public synchronized boolean hasToken() {
        return StringUtils.isNotBlank(this.tokenInfo.token);
    }

    @Override // co.arago.hiro.client.connection.token.TokenAPIHandler
    public boolean hasRefreshToken() {
        return StringUtils.isNotBlank(this.tokenInfo.refreshToken);
    }
}
