package no.nav.security.token.support.client.core.oauth2;

import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import java.nio.charset.Charset;
import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import no.nav.security.token.support.client.core.ClientProperties;
import no.nav.security.token.support.client.core.OAuth2ClientException;
import no.nav.security.token.support.client.core.OAuth2ParameterNames;
import no.nav.security.token.support.client.core.http.OAuth2HttpClient;
import no.nav.security.token.support.client.core.http.OAuth2HttpHeaders;
import no.nav.security.token.support.client.core.http.OAuth2HttpRequest;
import no.nav.security.token.support.client.core.oauth2.AbstractOAuth2GrantRequest;

/* loaded from: input_file:no/nav/security/token/support/client/core/oauth2/AbstractOAuth2TokenClient.class */
abstract class AbstractOAuth2TokenClient<T extends AbstractOAuth2GrantRequest> {
    private static final String CONTENT_TYPE_FORM_URL_ENCODED = "application/x-www-form-urlencoded;charset=UTF-8";
    private static final String CONTENT_TYPE_JSON = "application/json;charset=UTF-8";
    private final OAuth2HttpClient oAuth2HttpClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractOAuth2TokenClient(OAuth2HttpClient oAuth2HttpClient) {
        this.oAuth2HttpClient = oAuth2HttpClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2AccessTokenResponse getTokenResponse(T t) {
        ClientProperties clientProperties = (ClientProperties) Optional.ofNullable(t).map((v0) -> {
            return v0.getClientProperties();
        }).orElseThrow(() -> {
            return new OAuth2ClientException("ClientProperties cannot be null");
        });
        try {
            Map<String, String> createDefaultFormParameters = createDefaultFormParameters(t);
            createDefaultFormParameters.putAll(buildFormParameters(t));
            return this.oAuth2HttpClient.post(OAuth2HttpRequest.builder().tokenEndpointUrl(clientProperties.getTokenEndpointUrl()).oAuth2HttpHeaders(OAuth2HttpHeaders.of(tokenRequestHeaders(clientProperties))).formParameters(createDefaultFormParameters).build());
        } catch (Exception e) {
            if (e instanceof OAuth2ClientException) {
                throw e;
            }
            throw new OAuth2ClientException(String.format("received exception %s when invoking tokenendpoint=%s", e, t.getClientProperties().getTokenEndpointUrl()), e);
        }
    }

    private Map<String, List<String>> tokenRequestHeaders(ClientProperties clientProperties) {
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", Collections.singletonList(CONTENT_TYPE_JSON));
        hashMap.put("Content-Type", Collections.singletonList(CONTENT_TYPE_FORM_URL_ENCODED));
        if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientProperties.getClientAuthMethod())) {
            hashMap.put("Authorization", Collections.singletonList("Basic " + basicAuth(clientProperties.getClientId(), clientProperties.getClientSecret())));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, String> createDefaultFormParameters(T t) {
        ClientProperties clientProperties = t.getClientProperties();
        LinkedHashMap linkedHashMap = new LinkedHashMap(clientAuthenticationFormParameters(t));
        linkedHashMap.put(OAuth2ParameterNames.GRANT_TYPE, t.getGrantType().getValue());
        linkedHashMap.put(OAuth2ParameterNames.SCOPE, String.join(" ", clientProperties.getScope()));
        return linkedHashMap;
    }

    private Map<String, String> clientAuthenticationFormParameters(T t) {
        ClientProperties clientProperties = t.getClientProperties();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientProperties.getClientAuthMethod())) {
            linkedHashMap.put(OAuth2ParameterNames.CLIENT_ID, clientProperties.getClientId());
            linkedHashMap.put(OAuth2ParameterNames.CLIENT_SECRET, clientProperties.getClientSecret());
        } else if (ClientAuthenticationMethod.PRIVATE_KEY_JWT.equals(clientProperties.getClientAuthMethod())) {
            throw new OAuth2ClientException(String.format("clientAuthMethod %s is not supported (yet).", clientProperties.getClientAuthMethod()));
        }
        return linkedHashMap;
    }

    private String basicAuth(String str, String str2) {
        Charset charset = StandardCharsets.UTF_8;
        CharsetEncoder newEncoder = charset.newEncoder();
        if (newEncoder.canEncode(str) && newEncoder.canEncode(str2)) {
            return new String(Base64.getEncoder().encode((str + ":" + str2).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
        }
        throw new IllegalArgumentException("Username or password contains characters that cannot be encoded to " + charset.displayName());
    }

    protected abstract Map<String, String> buildFormParameters(T t);
}
