package org.apiphany.security.oauth2.client;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apiphany.client.ExchangeClient;
import org.apiphany.client.http.TokenHttpExchangeClient;
import org.apiphany.http.HttpAuthScheme;
import org.apiphany.lang.Strings;
import org.apiphany.lang.collections.Maps;
import org.apiphany.security.AuthenticationToken;
import org.apiphany.security.AuthenticationType;
import org.apiphany.security.oauth2.OAuth2Properties;
import org.apiphany.security.oauth2.OAuth2ProviderDetails;
import org.morphix.lang.JavaObjects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apiphany/security/oauth2/client/OAuth2HttpExchangeClient.class */
public class OAuth2HttpExchangeClient extends TokenHttpExchangeClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2HttpExchangeClient.class);
    private final ExchangeClient tokenExchangeClient;
    private OAuth2ApiClient tokenApiClient;
    private final ScheduledExecutorService tokenRefreshScheduler;
    private boolean schedulerEnabled;
    private String clientRegistrationName;
    private OAuth2Properties oAuth2Properties;

    public OAuth2HttpExchangeClient(ExchangeClient exchangeClient, ExchangeClient exchangeClient2, String str) {
        super(exchangeClient);
        this.tokenExchangeClient = exchangeClient2;
        this.tokenRefreshScheduler = Executors.newScheduledThreadPool(0, Thread.ofVirtual().factory());
        this.oAuth2Properties = (OAuth2Properties) getClientProperties().getCustomProperties(OAuth2Properties.ROOT, OAuth2Properties.class);
        this.clientRegistrationName = str;
        setAuthenticationScheme(HttpAuthScheme.BEARER);
        setSchedulerEnabled(initialize());
        if (isSchedulerEnabled()) {
            refreshAuthenticationToken();
        }
    }

    public OAuth2HttpExchangeClient(ExchangeClient exchangeClient, ExchangeClient exchangeClient2) {
        this(exchangeClient, exchangeClient2, null);
    }

    public OAuth2HttpExchangeClient(ExchangeClient exchangeClient, String str) {
        this(exchangeClient, exchangeClient, str);
    }

    public OAuth2HttpExchangeClient(ExchangeClient exchangeClient) {
        this(exchangeClient, (String) null);
    }

    private boolean initialize() {
        if (this.exchangeClient.getClientProperties().isDisabled()) {
            LOGGER.warn("[{}] OAuth2 client is disabled!", getClass().getSimpleName());
            return false;
        }
        if (Maps.isEmpty(this.oAuth2Properties.getRegistration())) {
            LOGGER.warn("[{}] No OAuth2 client registrations provided in: {}.registration", getClass().getSimpleName(), OAuth2Properties.ROOT);
            return false;
        }
        if (Maps.isEmpty(this.oAuth2Properties.getProvider())) {
            LOGGER.warn("[{}] No OAuth2 providers provided in: {}.provider", getClass().getSimpleName(), OAuth2Properties.ROOT);
            return false;
        }
        String next = Strings.isNotEmpty(this.clientRegistrationName) ? this.clientRegistrationName : this.oAuth2Properties.getRegistration().keySet().iterator().next();
        if (!initialize(next)) {
            return false;
        }
        setClientRegistrationName(next);
        return this.tokenApiClient != null;
    }

    private boolean initialize(String str) {
        OAuth2ClientRegistration clientRegistration = this.oAuth2Properties.getClientRegistration(str);
        if (clientRegistration == null) {
            LOGGER.warn("[{}] No OAuth2 client provided for client registration in {}.registration.{}", new Object[]{getClass().getSimpleName(), OAuth2Properties.ROOT, str});
            return false;
        }
        if (!clientRegistration.hasClientSecret()) {
            LOGGER.warn("[{}] No OAuth2 client-secret provided in {}.registration.{}", new Object[]{getClass().getSimpleName(), OAuth2Properties.ROOT, str});
            return false;
        }
        OAuth2ProviderDetails providerDetails = this.oAuth2Properties.getProviderDetails(clientRegistration);
        if (providerDetails == null) {
            LOGGER.warn("[{}] No OAuth2 provider named '{}' for found in in {}.provider", new Object[]{getClass().getSimpleName(), clientRegistration.getProvider(), OAuth2Properties.ROOT});
            return false;
        }
        this.tokenApiClient = new OAuth2ApiClient(clientRegistration, providerDetails, this.tokenExchangeClient);
        return true;
    }

    @Override // org.apiphany.client.http.TokenHttpExchangeClient, org.apiphany.client.ExchangeClient
    public AuthenticationType getAuthenticationType() {
        return AuthenticationType.OAUTH2;
    }

    public String getClientRegistrationName() {
        return this.clientRegistrationName;
    }

    protected void setClientRegistrationName(String str) {
        this.clientRegistrationName = str;
    }

    @Override // org.apiphany.client.http.TokenHttpExchangeClient
    public AuthenticationToken getAuthenticationToken() {
        if (isNewTokenNeeded()) {
            updateAuthenticationToken();
        }
        return super.getAuthenticationToken();
    }

    private void refreshAuthenticationToken() {
        updateAuthenticationToken();
        if (isSchedulerDisabled()) {
            return;
        }
        this.tokenRefreshScheduler.schedule(this::refreshAuthenticationToken, Duration.between(Instant.now(), (Instant) JavaObjects.max(getTokenExpiration().minus((TemporalAmount) TOKEN_EXPIRATION_ERROR_MARGIN), Instant.now())).toMillis(), TimeUnit.MILLISECONDS);
    }

    private void updateAuthenticationToken() {
        LOGGER.debug("[{}] Token expired, requesting new token.", getClass().getSimpleName());
        Instant now = Instant.now();
        AuthenticationToken authenticationToken = this.tokenApiClient.getAuthenticationToken();
        if (authenticationToken == null) {
            LOGGER.error("[{}] Error retrieving token, retrieved token was null", getClass().getSimpleName());
            return;
        }
        authenticationToken.setExpiration(now.plusSeconds(authenticationToken.getExpiresIn()));
        setAuthenticationToken(authenticationToken);
        LOGGER.debug("[{}] Successfully retrieved new token.", getClass().getSimpleName());
    }

    public boolean isSchedulerEnabled() {
        return this.schedulerEnabled;
    }

    public boolean isSchedulerDisabled() {
        return !isSchedulerEnabled();
    }

    public void setSchedulerEnabled(boolean z) {
        this.schedulerEnabled = z;
    }

    protected ScheduledExecutorService getTokenRefreshScheduler() {
        return this.tokenRefreshScheduler;
    }

    protected OAuth2ApiClient getTokenApiClient() {
        return this.tokenApiClient;
    }
}
