package no.nav.common.cxf;

import no.nav.common.auth.subject.Subject;
import no.nav.common.auth.subject.SubjectHandler;
import no.nav.common.cxf.saml.ClaimsCallbackHandler;
import no.nav.common.utils.StringUtils;
import org.apache.cxf.Bus;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStoreFactory;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/cxf/NAVOidcSTSClient.class */
public class NAVOidcSTSClient extends STSClient {
    private static final Logger logger = LoggerFactory.getLogger(NAVOidcSTSClient.class);
    private static TokenStore tokenStore;
    private final StsType stsType;

    public NAVOidcSTSClient(Bus bus, StsType stsType) {
        super(bus);
        this.stsType = stsType;
        switch (stsType) {
            case ON_BEHALF_OF_WITH_JWT:
                setOnBehalfOf(new OnBehalfOfWithOidcCallbackHandler());
                return;
            case EXTERNAL_SSO:
                setClaimsCallbackHandler(new ClaimsCallbackHandler());
                return;
            default:
                return;
        }
    }

    protected boolean useSecondaryParameters() {
        return false;
    }

    public SecurityToken requestSecurityToken(String str, String str2, String str3, String str4) throws Exception {
        ensureTokenStoreExists();
        String userId = getUserId();
        String tokenStoreKey = getTokenStoreKey();
        SecurityToken token = tokenStore.getToken(tokenStoreKey);
        if (token == null) {
            logger.debug("Missing token for user {}, fetching it from STS", userId);
            token = super.requestSecurityToken(str, str2, str3, str4);
            tokenStore.add(tokenStoreKey, token);
        } else {
            logger.debug("Retrived token for user {} from tokenStore", userId);
        }
        return token;
    }

    private String getTokenStoreKey() {
        return this.stsType.name() + "-" + getUserKey();
    }

    private String getUserKey() {
        return this.stsType == StsType.SYSTEM_USER_IN_FSS ? "systemSAML" : (String) SubjectHandler.getSsoToken().map((v0) -> {
            return v0.getToken();
        }).orElseThrow(() -> {
            return new IllegalStateException("Finner ingen sso token som kan bli cache-nøkkel for brukerens SAML-token");
        });
    }

    private String getUserId() {
        return this.stsType == StsType.SYSTEM_USER_IN_FSS ? StringUtils.toString(getProperty("security.username")) : ((Subject) SubjectHandler.getSubject().orElseThrow(() -> {
            return new RuntimeException("Klarte ikke å hente uid fra subject");
        })).getUid();
    }

    private void ensureTokenStoreExists() {
        if (tokenStore == null) {
            createTokenStore();
        }
    }

    private synchronized void createTokenStore() {
        if (tokenStore == null) {
            logger.debug("Creating tokenStore");
            tokenStore = new MemoryTokenStoreFactory().newTokenStore("org.apache.cxf.ws.security.tokenstore.TokenStore", this.message);
        }
    }
}
