package no.nav.common.sts;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import no.nav.common.auth.oidc.discovery.OidcDiscoveryConfiguration;
import no.nav.common.auth.oidc.discovery.OidcDiscoveryConfigurationClient;
import no.nav.common.rest.client.RestClient;
import no.nav.common.utils.Credentials;
import okhttp3.OkHttpClient;

/* loaded from: input_file:no/nav/common/sts/OpenAmSystemUserTokenProvider.class */
public class OpenAmSystemUserTokenProvider implements SystemUserTokenProvider {
    private final OkHttpClient client;
    private final String redirectUrl;
    private final String authorizationUrl;
    private final String tokenUrl;
    private final Credentials issoRpCredentials;
    private final Credentials systemUserCredentials;
    private JWT accessToken;

    public OpenAmSystemUserTokenProvider(String str, String str2, Credentials credentials, Credentials credentials2) {
        OidcDiscoveryConfiguration fetchDiscoveryConfiguration = new OidcDiscoveryConfigurationClient().fetchDiscoveryConfiguration(str);
        this.redirectUrl = str2;
        this.authorizationUrl = fetchDiscoveryConfiguration.authorizationEndpoint;
        this.tokenUrl = fetchDiscoveryConfiguration.tokenEndpoint;
        this.issoRpCredentials = credentials;
        this.systemUserCredentials = credentials2;
        this.client = RestClient.baseClient();
    }

    public OpenAmSystemUserTokenProvider(String str, String str2, String str3, Credentials credentials, Credentials credentials2, OkHttpClient okHttpClient) {
        this.tokenUrl = str;
        this.authorizationUrl = str2;
        this.redirectUrl = str3;
        this.issoRpCredentials = credentials;
        this.systemUserCredentials = credentials2;
        this.client = okHttpClient;
    }

    @Override // no.nav.common.sts.SystemUserTokenProvider
    public String getSystemUserToken() {
        if (SystemUserTokenUtils.tokenNeedsRefresh(this.accessToken)) {
            this.accessToken = fetchSystemUserToken();
        }
        return this.accessToken.getParsedString();
    }

    private JWT fetchSystemUserToken() {
        return JWTParser.parse(OpenAmUtils.exchangeCodeForToken(OpenAmUtils.getAuthorizationCode(this.authorizationUrl, OpenAmUtils.getSessionToken(this.systemUserCredentials, this.authorizationUrl, this.client), this.issoRpCredentials.username, this.redirectUrl, this.client), this.tokenUrl, this.redirectUrl, this.issoRpCredentials, this.client));
    }
}
