package de.adorsys.oauth2.pkce.service;

import de.adorsys.oauth2.pkce.PkceProperties;
import de.adorsys.oauth2.pkce.exception.ExceptionFormatter;
import de.adorsys.oauth2.pkce.exception.UnauthorizedException;
import de.adorsys.oauth2.pkce.util.TokenConstants;
import java.time.Instant;
import java.util.Base64;
import java.util.Date;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:de/adorsys/oauth2/pkce/service/PkceTokenRequestService.class */
public class PkceTokenRequestService {
    private final Logger logger = LoggerFactory.getLogger(PkceTokenRequestService.class);
    private static final Base64.Encoder BASE_64 = Base64.getEncoder();
    private final RestTemplate restTemplate;
    private final PkceProperties pkceProperties;

    /* loaded from: input_file:de/adorsys/oauth2/pkce/service/PkceTokenRequestService$TokenResponse.class */
    public static class TokenResponse {
        private String refresh_token;
        private Long refresh_token_expires_in;
        private String id_token;
        private String access_token;
        private String token_type;
        private Long expires_in;
        private Long refresh_expires_in;

        public String getRefresh_token() {
            return this.refresh_token;
        }

        public Long getRefresh_token_expires_in() {
            return this.refresh_token_expires_in;
        }

        public Long getRefresh_expires_in() {
            return this.refresh_expires_in;
        }

        public String getId_token() {
            return this.id_token;
        }

        public String getAccess_token() {
            return this.access_token;
        }

        public String getToken_type() {
            return this.token_type;
        }

        public Long getExpires_in() {
            return this.expires_in;
        }

        public boolean isExpired() {
            return isExpiredInternal(this.expires_in);
        }

        public boolean isRefreshTokenExpired() {
            return isExpiredInternal(this.refresh_expires_in) && isExpiredInternal(this.refresh_token_expires_in);
        }

        public Long anyRefreshTokenExpireIn() {
            return this.refresh_expires_in != null ? this.refresh_expires_in : this.refresh_token_expires_in;
        }

        private static boolean isExpiredInternal(Long l) {
            if (l == null) {
                return true;
            }
            return Date.from(Instant.ofEpochMilli(l.longValue())).before(new Date());
        }

        public String toString() {
            return "TokenResponse{refresh_token='" + this.refresh_token + "', refresh_token_expires_in=" + this.refresh_token_expires_in + ", id_token='" + this.id_token + "', access_token='" + this.access_token + "', token_type='" + this.token_type + "', expires_in=" + this.expires_in + '}';
        }
    }

    public PkceTokenRequestService(RestTemplate restTemplate, PkceProperties pkceProperties) {
        this.restTemplate = restTemplate;
        this.pkceProperties = pkceProperties;
    }

    public TokenResponse requestToken(String str, String str2, String str3) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Request token start...");
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(TokenConstants.AUTHORIZATION_HEADER_NAME, "Basic " + buildAuthorizationHeader());
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add(TokenConstants.REDIRECT_URI_PARAM_NAME, str3);
        linkedMultiValueMap.add(TokenConstants.CODE_REQUEST_PARAMETER_NAME, str);
        linkedMultiValueMap.add(TokenConstants.CODE_VERIFIER_COOKIE_NAME, str2);
        ResponseEntity exchange = this.restTemplate.exchange(this.pkceProperties.getAccessTokenUri(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap, httpHeaders), TokenResponse.class, new Object[0]);
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Request token finished.");
        }
        return (TokenResponse) exchange.getBody();
    }

    public TokenResponse refreshAccessToken(String str) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Refresh access-token for refresh-token start...");
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(TokenConstants.AUTHORIZATION_HEADER_NAME, "Basic " + buildAuthorizationHeader());
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", TokenConstants.REFRESH_TOKEN_COOKIE_NAME);
        linkedMultiValueMap.add(TokenConstants.REFRESH_TOKEN_COOKIE_NAME, str);
        try {
            ResponseEntity exchange = this.restTemplate.exchange(this.pkceProperties.getAccessTokenUri(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap, httpHeaders), TokenResponse.class, new Object[0]);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("Refresh access-token for refresh-token finished.");
            }
            return (TokenResponse) exchange.getBody();
        } catch (Exception e) {
            String format = ExceptionFormatter.format(UUID.randomUUID().toString(), e);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Cannot refresh access-token. message: {}", format, e);
            }
            throw new UnauthorizedException(format, e);
        }
    }

    public UserInfo userInfo(String str) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Get user info for access-token start...");
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(TokenConstants.AUTHORIZATION_HEADER_NAME, TokenConstants.AUTHORIZATION_HEADER_TOKEN_PREFIX + str);
        try {
            ResponseEntity exchange = this.restTemplate.exchange(this.pkceProperties.getUserInfoUri(), HttpMethod.GET, new HttpEntity((Object) null, httpHeaders), UserInfo.class, new Object[0]);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("Get user info for access-token finished.");
            }
            return (UserInfo) exchange.getBody();
        } catch (Exception e) {
            String format = ExceptionFormatter.format(UUID.randomUUID().toString(), e);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Cannot get user-info. message: {}", format, e);
            }
            throw new UnauthorizedException(format, e);
        }
    }

    private String buildAuthorizationHeader() {
        return new String(BASE_64.encode((this.pkceProperties.getClientId() + ":" + this.pkceProperties.getClientSecret()).getBytes()));
    }
}
