package com.sap.cloudfoundry.client.facade.oauth2;

import com.sap.cloudfoundry.client.facade.CloudCredentials;
import com.sap.cloudfoundry.client.facade.adapters.OAuthTokenProvider;
import java.net.URL;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import org.cloudfoundry.reactor.TokenProvider;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import org.springframework.web.server.ResponseStatusException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-client-facade-2.10.0.jar:com/sap/cloudfoundry/client/facade/oauth2/OAuthClient.class */
public class OAuthClient {
    private final URL authorizationUrl;
    protected OAuth2AccessTokenWithAdditionalInfo token;
    protected CloudCredentials credentials;
    protected final WebClient webClient;
    protected final TokenFactory tokenFactory = new TokenFactory();

    public OAuthClient(URL url, WebClient webClient) {
        this.authorizationUrl = url;
        this.webClient = webClient;
    }

    public void init(CloudCredentials cloudCredentials) {
        if (cloudCredentials != null) {
            this.credentials = cloudCredentials;
            if (cloudCredentials.getToken() != null) {
                this.token = cloudCredentials.getToken();
            } else {
                this.token = createToken();
            }
        }
    }

    public void clear() {
        this.token = null;
        this.credentials = null;
    }

    public OAuth2AccessTokenWithAdditionalInfo getToken() {
        if (this.token == null) {
            return null;
        }
        if (shouldRefreshToken()) {
            this.token = createToken();
        }
        return this.token;
    }

    public String getAuthorizationHeaderValue() {
        OAuth2AccessTokenWithAdditionalInfo token = getToken();
        if (token != null) {
            return token.getAuthorizationHeaderValue();
        }
        return null;
    }

    public TokenProvider getTokenProvider() {
        return new OAuthTokenProvider(this);
    }

    private boolean shouldRefreshToken() {
        return this.credentials.isRefreshable() && this.token.getOAuth2AccessToken().getExpiresAt().isBefore(Instant.now().plus(50L, (TemporalUnit) ChronoUnit.SECONDS));
    }

    protected OAuth2AccessTokenWithAdditionalInfo createToken() {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(OAuth2ParameterNames.GRANT_TYPE, "password");
        linkedMultiValueMap.add("client_id", this.credentials.getClientId());
        linkedMultiValueMap.add(OAuth2ParameterNames.CLIENT_SECRET, this.credentials.getClientSecret());
        linkedMultiValueMap.add("username", this.credentials.getEmail());
        linkedMultiValueMap.add("password", this.credentials.getPassword());
        linkedMultiValueMap.add(OAuth2ParameterNames.RESPONSE_TYPE, "token");
        return this.tokenFactory.createToken(fetchOauth2AccessToken(linkedMultiValueMap));
    }

    private Oauth2AccessTokenResponse fetchOauth2AccessToken(MultiValueMap<String, String> multiValueMap) {
        try {
            return (Oauth2AccessTokenResponse) ((WebClient.RequestBodySpec) this.webClient.post().uri(this.authorizationUrl + "/oauth/token", new Object[0])).header("Content-Type", "application/x-www-form-urlencoded").body(BodyInserters.fromFormData(multiValueMap)).retrieve().bodyToFlux(Oauth2AccessTokenResponse.class).blockFirst();
        } catch (WebClientResponseException e) {
            throw new ResponseStatusException(e.getStatusCode(), e.getMessage(), e);
        }
    }
}
