package com.sap.cloud.security.xsuaa.tokenflows;

import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceEndpointsProvider;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceException;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenResponse;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenService;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.class */
public class JwtBearerTokenFlow {
    private final OAuth2TokenService tokenService;
    private final OAuth2ServiceEndpointsProvider endpointsProvider;
    private final ClientIdentity clientIdentity;
    private String bearerToken;
    private String xZid;
    private String subdomain;
    private boolean disableCache;
    private final Map<String, String> optionalParameters = new HashMap();
    private List<String> scopes = new ArrayList();
    private boolean opaque = false;

    public JwtBearerTokenFlow(@Nonnull OAuth2TokenService oAuth2TokenService, @Nonnull OAuth2ServiceEndpointsProvider oAuth2ServiceEndpointsProvider, @Nonnull ClientIdentity clientIdentity) {
        Assertions.assertNotNull(oAuth2TokenService, "OAuth2TokenService must not be null!");
        Assertions.assertNotNull(oAuth2ServiceEndpointsProvider, "OAuth2ServiceEndpointsProvider must not be null!");
        Assertions.assertNotNull(clientIdentity, "ClientIdentity must not be null!");
        this.tokenService = oAuth2TokenService;
        this.endpointsProvider = oAuth2ServiceEndpointsProvider;
        this.clientIdentity = clientIdentity;
    }

    public JwtBearerTokenFlow token(@Nonnull String str) {
        Assertions.assertNotNull(str, "Bearer token must not be null.");
        this.bearerToken = str;
        return this;
    }

    public JwtBearerTokenFlow token(@Nonnull Token token) {
        Assertions.assertNotNull(token, "Token must not be null.");
        this.bearerToken = token.getTokenValue();
        this.xZid = token.getZoneId();
        return this;
    }

    public JwtBearerTokenFlow zoneId(String str) {
        this.xZid = str;
        return this;
    }

    public JwtBearerTokenFlow scopes(@Nonnull String... strArr) {
        Assertions.assertNotNull(strArr, "Scopes must not be null!");
        this.scopes = Arrays.asList(strArr);
        return this;
    }

    public JwtBearerTokenFlow subdomain(String str) {
        this.subdomain = str;
        return this;
    }

    public JwtBearerTokenFlow attributes(Map<String, String> map) {
        this.optionalParameters.put(OAuth2TokenServiceConstants.AUTHORITIES, XsuaaTokenFlowsUtils.buildAdditionalAuthoritiesJson(map));
        return this;
    }

    public JwtBearerTokenFlow disableCache(boolean z) {
        this.disableCache = z;
        return this;
    }

    public JwtBearerTokenFlow setOpaqueTokenFormat(boolean z) {
        this.opaque = z;
        return this;
    }

    public OAuth2TokenResponse execute() throws TokenFlowException {
        if (this.bearerToken == null) {
            throw new IllegalStateException("A bearer token must be set before executing the flow");
        }
        if (this.opaque) {
            this.optionalParameters.put(OAuth2TokenServiceConstants.TOKEN_FORMAT, OAuth2TokenServiceConstants.TOKEN_TYPE_OPAQUE);
        } else {
            this.optionalParameters.remove(OAuth2TokenServiceConstants.TOKEN_FORMAT);
        }
        String join = String.join(" ", this.scopes);
        if (!join.isEmpty()) {
            this.optionalParameters.put(OAuth2TokenServiceConstants.SCOPE, join);
        }
        try {
            return this.xZid == null ? this.tokenService.retrieveAccessTokenViaJwtBearerTokenGrant(this.endpointsProvider.getTokenEndpoint(), this.clientIdentity, this.bearerToken, this.subdomain, this.optionalParameters, this.disableCache) : this.tokenService.retrieveAccessTokenViaJwtBearerTokenGrant(this.endpointsProvider.getTokenEndpoint(), this.clientIdentity, this.bearerToken, this.optionalParameters, this.disableCache, this.xZid);
        } catch (OAuth2ServiceException e) {
            throw new TokenFlowException(String.format("Error requesting user token with grant_type '%s': %s", OAuth2TokenServiceConstants.GRANT_TYPE_JWT_BEARER, e.getMessage()), e);
        }
    }
}
