package no.nav.common.sts;

import com.fasterxml.jackson.annotation.JsonAlias;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import no.nav.common.auth.oidc.discovery.OidcDiscoveryConfigurationClient;
import no.nav.common.rest.client.RestClient;
import no.nav.common.rest.client.RestUtils;
import no.nav.common.utils.AuthUtils;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/sts/NaisSystemUserTokenProvider.class */
public class NaisSystemUserTokenProvider implements SystemUserTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(OidcDiscoveryConfigurationClient.class);
    private final OkHttpClient client;
    private final String tokenEndpoint;
    private final String srvUsername;
    private final String srvPassword;
    private JWT accessToken;

    /* loaded from: input_file:no/nav/common/sts/NaisSystemUserTokenProvider$ClientCredentialsResponse.class */
    public static class ClientCredentialsResponse {

        @JsonAlias({"access_token"})
        public String accessToken;
    }

    public NaisSystemUserTokenProvider(String str, String str2, String str3) {
        this.tokenEndpoint = new OidcDiscoveryConfigurationClient().fetchDiscoveryConfiguration(str).tokenEndpoint;
        this.srvUsername = str2;
        this.srvPassword = str3;
        this.client = RestClient.baseClient();
    }

    public NaisSystemUserTokenProvider(String str, String str2, String str3, OkHttpClient okHttpClient) {
        this.tokenEndpoint = str;
        this.srvUsername = str2;
        this.srvPassword = str3;
        this.client = okHttpClient;
    }

    @Override // no.nav.common.sts.SystemUserTokenProvider
    public String getSystemUserToken() {
        if (SystemUserTokenUtils.tokenNeedsRefresh(this.accessToken)) {
            this.accessToken = fetchSystemUserToken();
        }
        return this.accessToken.getParsedString();
    }

    private JWT fetchSystemUserToken() {
        String str = this.tokenEndpoint + "?grant_type=client_credentials&scope=openid";
        try {
            Response execute = this.client.newCall(new Request.Builder().url(str).header("Content-Type", "application/x-www-form-urlencoded").header("Authorization", AuthUtils.basicCredentials(this.srvUsername, this.srvPassword)).build()).execute();
            try {
                if (execute.code() >= 300) {
                    throw new RuntimeException(String.format("Received unexpected status %d when requesting access token for system user. Response: %s", Integer.valueOf(execute.code()), (String) RestUtils.getBodyStr(execute).orElse("")));
                }
                JWT parse = JWTParser.parse(((ClientCredentialsResponse) RestUtils.parseJsonResponseOrThrow(execute, ClientCredentialsResponse.class)).accessToken);
                if (execute != null) {
                    execute.close();
                }
                return parse;
            } catch (Throwable th) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            log.error("Failed to fetch system user token from " + str, e);
            throw e;
        }
    }
}
