package io.github.jpmorganchase.fusion.oauth.retriever;

import io.github.jpmorganchase.fusion.http.Client;
import io.github.jpmorganchase.fusion.http.HttpResponse;
import io.github.jpmorganchase.fusion.http.JdkClient;
import io.github.jpmorganchase.fusion.oauth.credential.Credentials;
import io.github.jpmorganchase.fusion.oauth.credential.OAuthDatasetCredentials;
import io.github.jpmorganchase.fusion.oauth.credential.OAuthPasswordBasedCredentials;
import io.github.jpmorganchase.fusion.oauth.credential.OAuthSecretBasedCredentials;
import io.github.jpmorganchase.fusion.oauth.exception.OAuthException;
import io.github.jpmorganchase.fusion.oauth.model.BearerToken;
import io.github.jpmorganchase.fusion.time.SystemTimeProvider;
import io.github.jpmorganchase.fusion.time.TimeProvider;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/github/jpmorganchase/fusion/oauth/retriever/OAuthTokenRetriever.class */
public class OAuthTokenRetriever implements TokenRetriever {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final Client httpClient;
    private final TimeProvider timeProvider;

    public OAuthTokenRetriever() {
        this(JdkClient.builder().noProxy().build(), new SystemTimeProvider());
    }

    public OAuthTokenRetriever(Client client) {
        this(client, new SystemTimeProvider());
    }

    public OAuthTokenRetriever(Client client, TimeProvider timeProvider) {
        this.httpClient = client;
        this.timeProvider = timeProvider;
    }

    @Override // io.github.jpmorganchase.fusion.oauth.retriever.TokenRetriever
    public BearerToken retrieve(Credentials credentials) {
        switch (credentials.getCredentialType()) {
            case SECRET:
                return retrieveWithSecretCredentials((OAuthSecretBasedCredentials) credentials);
            case PASSWORD:
                return retrieveWithPasswordCredentials((OAuthPasswordBasedCredentials) credentials);
            case DATASET:
                return retrieveWithDatasetCredentials((OAuthDatasetCredentials) credentials);
            default:
                throw new OAuthException(String.format("Unable to retrieve token, unsupported credential type %s", credentials.getClass().getName()), "Unable to initiate request");
        }
    }

    public BearerToken retrieveWithPasswordCredentials(OAuthPasswordBasedCredentials oAuthPasswordBasedCredentials) {
        Map<String, String> initRequestHeaders = initRequestHeaders();
        initRequestHeaders.put("Content-Type", "application/x-www-form-urlencoded");
        return retrieve(oAuthPasswordBasedCredentials.getAuthServerUrl(), initRequestHeaders, new ArrayList(), String.format("grant_type=password&resource=%1$s&client_id=%2$s&username=%3$s&password=%4$s", oAuthPasswordBasedCredentials.getResource(), oAuthPasswordBasedCredentials.getClientId(), oAuthPasswordBasedCredentials.getUsername(), oAuthPasswordBasedCredentials.getPassword()));
    }

    public BearerToken retrieveWithSecretCredentials(OAuthSecretBasedCredentials oAuthSecretBasedCredentials) {
        Map<String, String> initRequestHeaders = initRequestHeaders();
        initRequestHeaders.put("Authorization", "Basic " + Base64.getEncoder().encodeToString((oAuthSecretBasedCredentials.getClientId() + ":" + oAuthSecretBasedCredentials.getClientSecret()).getBytes(StandardCharsets.UTF_8)));
        initRequestHeaders.put("Content-Type", "application/x-www-form-urlencoded");
        return retrieve(oAuthSecretBasedCredentials.getAuthServerUrl(), initRequestHeaders, new ArrayList(), String.format("grant_type=client_credentials&aud=%1s", oAuthSecretBasedCredentials.getResource()));
    }

    public BearerToken retrieveWithDatasetCredentials(OAuthDatasetCredentials oAuthDatasetCredentials) {
        Map<String, String> initRequestHeaders = initRequestHeaders();
        initRequestHeaders.put("Authorization", "Bearer " + oAuthDatasetCredentials.getToken());
        return retrieve(oAuthDatasetCredentials.getAuthServerUrl(), initRequestHeaders, Arrays.asList(oAuthDatasetCredentials.getCatalog(), oAuthDatasetCredentials.getDataset()), null);
    }

    private BearerToken retrieve(String str, Map<String, String> map, List<String> list, String str2) {
        HttpResponse<String> executeRequest = executeRequest(str, map, list, str2);
        if (executeRequest.isError()) {
            throw new OAuthException(String.format("Error response received from OAuth server with status code %s", Integer.valueOf(executeRequest.getStatusCode())), executeRequest.getBody());
        }
        OAuthServerResponse fromJson = OAuthServerResponse.fromJson(executeRequest.getBody());
        if (fromJson.getAccessToken() != null) {
            return BearerToken.of(fromJson, this.timeProvider.currentTimeMillis());
        }
        logger.error(String.format("Unable to parse bearer token in response from OAuth server", new Object[0]));
        throw new OAuthException("Unable to parse bearer token in response from OAuth server", executeRequest.getBody());
    }

    private HttpResponse<String> executeRequest(String str, Map<String, String> map, List<String> list, String str2) {
        return list.size() > 0 ? this.httpClient.get(fusionAuthServerUrlForDataset(str, list), map) : this.httpClient.post(str, map, str2);
    }

    private String fusionAuthServerUrlForDataset(String str, List<String> list) {
        return String.format(str, list.toArray());
    }

    private Map<String, String> initRequestHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", "application/json");
        return hashMap;
    }
}
