package com.sap.cloud.security.xsuaa.tokenflows;

import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceEndpointsProvider;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceException;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenResponse;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenService;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/tokenflows/ClientCredentialsTokenFlow.class */
public class ClientCredentialsTokenFlow {
    private final OAuth2TokenService tokenService;
    private final OAuth2ServiceEndpointsProvider endpointsProvider;
    private final ClientIdentity clientIdentity;
    private boolean disableCache = false;
    private List<String> scopes = new ArrayList();
    private String subdomain;
    private String zoneId;
    private Map<String, String> authzAttributes;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientCredentialsTokenFlow(OAuth2TokenService oAuth2TokenService, OAuth2ServiceEndpointsProvider oAuth2ServiceEndpointsProvider, ClientIdentity clientIdentity) {
        Assertions.assertNotNull(oAuth2TokenService, "OAuth2TokenService must not be null.");
        Assertions.assertNotNull(oAuth2ServiceEndpointsProvider, "OAuth2ServiceEndpointsProvider must not be null.");
        Assertions.assertNotNull(clientIdentity, "ClientIdentity must not be null.");
        this.tokenService = oAuth2TokenService;
        this.endpointsProvider = oAuth2ServiceEndpointsProvider;
        this.clientIdentity = clientIdentity;
    }

    public ClientCredentialsTokenFlow attributes(Map<String, String> map) {
        this.authzAttributes = map;
        return this;
    }

    public ClientCredentialsTokenFlow subdomain(String str) {
        this.subdomain = str;
        return this;
    }

    public ClientCredentialsTokenFlow zoneId(String str) {
        this.zoneId = str;
        return this;
    }

    public ClientCredentialsTokenFlow scopes(@Nonnull String... strArr) {
        Assertions.assertNotNull(strArr, "Scopes must not be null!");
        this.scopes = Arrays.asList(strArr);
        return this;
    }

    public ClientCredentialsTokenFlow disableCache(boolean z) {
        this.disableCache = z;
        return this;
    }

    @Nullable
    public OAuth2TokenResponse execute() throws IllegalArgumentException, TokenFlowException {
        HashMap hashMap = new HashMap();
        String buildAdditionalAuthoritiesJson = XsuaaTokenFlowsUtils.buildAdditionalAuthoritiesJson(this.authzAttributes);
        if (buildAdditionalAuthoritiesJson != null) {
            hashMap.put(OAuth2TokenServiceConstants.AUTHORITIES, buildAdditionalAuthoritiesJson);
        }
        String join = String.join(" ", this.scopes);
        if (!join.isEmpty()) {
            hashMap.put(OAuth2TokenServiceConstants.SCOPE, join);
        }
        try {
            return this.tokenService.retrieveAccessTokenViaClientCredentialsGrant(this.endpointsProvider.getTokenEndpoint(), this.clientIdentity, this.zoneId, this.subdomain, hashMap, this.disableCache);
        } catch (OAuth2ServiceException e) {
            throw new TokenFlowException(String.format("Error requesting technical user token with grant_type 'client_credentials': %s", e.getMessage()), e);
        }
    }
}
