package org.apiphany.security.oauth2.client;

import java.time.Duration;
import org.apiphany.ApiClient;
import org.apiphany.ParameterFunction;
import org.apiphany.RequestParameters;
import org.apiphany.client.ExchangeClient;
import org.apiphany.client.http.TokenHttpExchangeClient;
import org.apiphany.http.ContentType;
import org.apiphany.http.HttpAuthScheme;
import org.apiphany.http.HttpHeader;
import org.apiphany.security.AuthenticationToken;
import org.apiphany.security.oauth2.AuthorizationGrantType;
import org.apiphany.security.oauth2.OAuth2ProviderDetails;

/* loaded from: input_file:org/apiphany/security/oauth2/client/OAuth2ApiClient.class */
public class OAuth2ApiClient extends ApiClient {
    private Duration expiresIn;
    private OAuth2ClientRegistration clientRegistration;
    private OAuth2ProviderDetails providerDetails;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$org$apiphany$security$oauth2$client$ClientAuthenticationMethod;

    public OAuth2ApiClient(OAuth2ClientRegistration oAuth2ClientRegistration, OAuth2ProviderDetails oAuth2ProviderDetails, ExchangeClient exchangeClient) {
        super(exchangeClient);
        this.expiresIn = TokenHttpExchangeClient.DEFAULT_EXPIRES_IN;
        this.clientRegistration = oAuth2ClientRegistration;
        this.providerDetails = oAuth2ProviderDetails;
    }

    public AuthenticationToken getAuthenticationToken() {
        return getAuthenticationToken(this.clientRegistration.getClientAuthenticationMethod());
    }

    public AuthenticationToken getAuthenticationToken(ClientAuthenticationMethod clientAuthenticationMethod) {
        AuthorizationGrantType authorizationGrantType = this.clientRegistration.getAuthorizationGrantType();
        if (AuthorizationGrantType.CLIENT_CREDENTIALS != authorizationGrantType) {
            throw new UnsupportedOperationException("Unsupported authorization grant type: " + String.valueOf(authorizationGrantType));
        }
        switch ($SWITCH_TABLE$org$apiphany$security$oauth2$client$ClientAuthenticationMethod()[clientAuthenticationMethod.ordinal()]) {
            case 1:
                return getTokenWithClientSecretBasic();
            case 2:
                return getTokenWithClientSecretPost();
            default:
                throw new UnsupportedOperationException("Unsupported client authentication method: " + String.valueOf(clientAuthenticationMethod));
        }
    }

    private AuthenticationToken getTokenWithClientSecretBasic() {
        return (AuthenticationToken) client().post().url(this.providerDetails.getTokenUri()).body(RequestParameters.asString(RequestParameters.encode(RequestParameters.of(ParameterFunction.parameter(OAuth2Parameter.GRANT_TYPE, this.clientRegistration.getAuthorizationGrantType()), ParameterFunction.parameter(OAuth2Parameter.EXPIRES_IN, Long.valueOf(this.expiresIn.toSeconds())))))).header(HttpHeader.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED).header(HttpHeader.AUTHORIZATION, this.clientRegistration.getAuthorizationHeaderValue(HttpAuthScheme.BASIC)).retrieve(AuthenticationToken.class).orNull();
    }

    private AuthenticationToken getTokenWithClientSecretPost() {
        return (AuthenticationToken) client().post().url(this.providerDetails.getTokenUri()).body(RequestParameters.asString(RequestParameters.encode(RequestParameters.of(ParameterFunction.parameter(OAuth2Parameter.GRANT_TYPE, this.clientRegistration.getAuthorizationGrantType()), ParameterFunction.parameter(OAuth2Parameter.EXPIRES_IN, Long.valueOf(this.expiresIn.toSeconds())), ParameterFunction.parameter(OAuth2Parameter.CLIENT_ID, this.clientRegistration.getClientId()), ParameterFunction.parameter(OAuth2Parameter.CLIENT_SECRET, this.clientRegistration.getClientSecret()))))).header(HttpHeader.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED).retrieve(AuthenticationToken.class).orNull();
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$apiphany$security$oauth2$client$ClientAuthenticationMethod() {
        int[] iArr = $SWITCH_TABLE$org$apiphany$security$oauth2$client$ClientAuthenticationMethod;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[ClientAuthenticationMethod.valuesCustom().length];
        try {
            iArr2[ClientAuthenticationMethod.CLIENT_SECRET_BASIC.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[ClientAuthenticationMethod.CLIENT_SECRET_JWT.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[ClientAuthenticationMethod.CLIENT_SECRET_POST.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[ClientAuthenticationMethod.NONE.ordinal()] = 5;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[ClientAuthenticationMethod.PRIVATE_KEY_JWT.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        $SWITCH_TABLE$org$apiphany$security$oauth2$client$ClientAuthenticationMethod = iArr2;
        return iArr2;
    }
}
