package no.nav.security.token.support.client.core.oauth2;

import com.github.benmanes.caffeine.cache.Cache;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import no.nav.security.token.support.client.core.ClientProperties;
import no.nav.security.token.support.client.core.OAuth2ClientException;
import no.nav.security.token.support.client.core.OAuth2GrantType;
import no.nav.security.token.support.client.core.context.OnBehalfOfAssertionResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/security/token/support/client/core/oauth2/OAuth2AccessTokenService.class */
public class OAuth2AccessTokenService {
    private static final Logger log = LoggerFactory.getLogger(OAuth2AccessTokenService.class);
    public static final List<OAuth2GrantType> SUPPORTED_GRANT_TYPES = Arrays.asList(OAuth2GrantType.JWT_BEARER, OAuth2GrantType.CLIENT_CREDENTIALS);
    private Cache<ClientCredentialsGrantRequest, OAuth2AccessTokenResponse> clientCredentialsGrantCache;
    private Cache<OnBehalfOfGrantRequest, OAuth2AccessTokenResponse> onBehalfOfGrantCache;
    private final OnBehalfOfAssertionResolver assertionResolver;
    private final OnBehalfOfTokenClient onBehalfOfTokenClient;
    private final ClientCredentialsTokenClient clientCredentialsTokenClient;

    public OAuth2AccessTokenService(OnBehalfOfAssertionResolver onBehalfOfAssertionResolver, OnBehalfOfTokenClient onBehalfOfTokenClient, ClientCredentialsTokenClient clientCredentialsTokenClient) {
        this.assertionResolver = onBehalfOfAssertionResolver;
        this.onBehalfOfTokenClient = onBehalfOfTokenClient;
        this.clientCredentialsTokenClient = clientCredentialsTokenClient;
    }

    public OAuth2AccessTokenResponse getAccessToken(ClientProperties clientProperties) {
        if (clientProperties == null) {
            throw new OAuth2ClientException("ClientProperties cannot be null");
        }
        log.debug("getting access_token with scopes={} for grant={}", clientProperties.getScope(), clientProperties.getGrantType());
        if (isGrantType(clientProperties, OAuth2GrantType.JWT_BEARER)) {
            return getAccessTokenOnBehalfOfAuthenticatedJwtToken(clientProperties);
        }
        if (isGrantType(clientProperties, OAuth2GrantType.CLIENT_CREDENTIALS)) {
            return getAccessTokenClientCredentials(clientProperties);
        }
        throw new OAuth2ClientException(String.format("invalid grant-type=%s from OAuth2ClientConfig.OAuth2Client. grant-type not in supported grant-types (%s)", clientProperties.getGrantType().getValue(), SUPPORTED_GRANT_TYPES));
    }

    public Cache<ClientCredentialsGrantRequest, OAuth2AccessTokenResponse> getClientCredentialsGrantCache() {
        return this.clientCredentialsGrantCache;
    }

    public void setClientCredentialsGrantCache(Cache<ClientCredentialsGrantRequest, OAuth2AccessTokenResponse> cache) {
        this.clientCredentialsGrantCache = cache;
    }

    public Cache<OnBehalfOfGrantRequest, OAuth2AccessTokenResponse> getOnBehalfOfGrantCache() {
        return this.onBehalfOfGrantCache;
    }

    public void setOnBehalfOfGrantCache(Cache<OnBehalfOfGrantRequest, OAuth2AccessTokenResponse> cache) {
        this.onBehalfOfGrantCache = cache;
    }

    private OAuth2AccessTokenResponse getAccessTokenOnBehalfOfAuthenticatedJwtToken(ClientProperties clientProperties) {
        OnBehalfOfGrantRequest onBehalfOfGrantRequest = onBehalfOfGrantRequest(clientProperties);
        Cache<OnBehalfOfGrantRequest, OAuth2AccessTokenResponse> cache = this.onBehalfOfGrantCache;
        OnBehalfOfTokenClient onBehalfOfTokenClient = this.onBehalfOfTokenClient;
        Objects.requireNonNull(onBehalfOfTokenClient);
        return getFromCacheIfEnabled(onBehalfOfGrantRequest, cache, (v1) -> {
            return r2.getTokenResponse(v1);
        });
    }

    private OAuth2AccessTokenResponse getAccessTokenClientCredentials(ClientProperties clientProperties) {
        ClientCredentialsGrantRequest clientCredentialsGrantRequest = new ClientCredentialsGrantRequest(clientProperties);
        Cache<ClientCredentialsGrantRequest, OAuth2AccessTokenResponse> cache = this.clientCredentialsGrantCache;
        ClientCredentialsTokenClient clientCredentialsTokenClient = this.clientCredentialsTokenClient;
        Objects.requireNonNull(clientCredentialsTokenClient);
        return getFromCacheIfEnabled(clientCredentialsGrantRequest, cache, (v1) -> {
            return r2.getTokenResponse(v1);
        });
    }

    private static <T extends AbstractOAuth2GrantRequest> OAuth2AccessTokenResponse getFromCacheIfEnabled(T t, Cache<T, OAuth2AccessTokenResponse> cache, Function<T, OAuth2AccessTokenResponse> function) {
        if (cache != null) {
            log.debug("cache is enabled so attempt to get from cache or update cache if not present.");
            return (OAuth2AccessTokenResponse) cache.get(t, function);
        }
        log.debug("cache is not set, invoke client directly");
        return function.apply(t);
    }

    private boolean isGrantType(ClientProperties clientProperties, OAuth2GrantType oAuth2GrantType) {
        return Optional.ofNullable(clientProperties).filter(clientProperties2 -> {
            return clientProperties2.getGrantType().equals(oAuth2GrantType);
        }).isPresent();
    }

    private OnBehalfOfGrantRequest onBehalfOfGrantRequest(ClientProperties clientProperties) {
        return new OnBehalfOfGrantRequest(clientProperties, this.assertionResolver.assertion().orElseThrow(() -> {
            return new OAuth2ClientException("no authenticated jwt token found in validation context, cannot do on-behalf-of");
        }));
    }
}
