package org.dcache.auth;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Objects;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.BasicHttpContext;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/auth/OpenIdCredentialRefreshable.class */
public class OpenIdCredentialRefreshable extends WrappingOpenIdCredential {
    private static final Logger LOG = LoggerFactory.getLogger(OpenIdCredentialRefreshable.class);
    private final HttpClient client;

    public OpenIdCredentialRefreshable(OpenIdCredential openIdCredential, HttpClient httpClient) {
        super((OpenIdCredential) Objects.requireNonNull(openIdCredential, "OpenId Credential can't be null"));
        this.client = (HttpClient) Objects.requireNonNull(httpClient, "Http Client can't be null");
    }

    @Override // org.dcache.auth.WrappingOpenIdCredential, org.dcache.auth.OpenIdCredential
    public String getBearerToken() {
        if (timeToRefresh()) {
            try {
                refreshOpenIdCredentials();
            } catch (IOException | AuthenticationException e) {
                LOG.warn("Error Refreshing OpenId Bearer Token with {}: {}", this.credential.getOpenidProvider(), e.getMessage());
            }
        }
        return this.credential.getBearerToken();
    }

    private synchronized void refreshOpenIdCredentials() throws IOException, AuthenticationException {
        HttpPost httpPost = new HttpPost(this.credential.getOpenidProvider());
        BasicScheme basicScheme = new BasicScheme(StandardCharsets.UTF_8);
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(this.credential.getClientCredential().getId(), this.credential.getClientCredential().getSecret());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("client_id", this.credential.getClientCredential().getId()));
        arrayList.add(new BasicNameValuePair("client_secret", this.credential.getClientCredential().getSecret()));
        arrayList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        arrayList.add(new BasicNameValuePair("refresh_token", this.credential.getRefreshToken()));
        arrayList.add(new BasicNameValuePair("scope", this.credential.getScope()));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
        httpPost.addHeader(basicScheme.authenticate(usernamePasswordCredentials, httpPost, new BasicHttpContext()));
        HttpResponse execute = this.client.execute(httpPost);
        if (execute.getStatusLine().getStatusCode() != 200) {
            throw new IOException(String.format("Error Refreshing OpenId Bearer Token [%s]: %s", Integer.valueOf(execute.getStatusLine().getStatusCode()), this.credential.getOpenidProvider()));
        }
        updateCredential(parseResponseToJson(execute));
    }

    private boolean timeToRefresh() {
        return this.credential.getExpiresAt() - System.currentTimeMillis() < 60000;
    }

    private JSONObject parseResponseToJson(HttpResponse httpResponse) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        httpResponse.getEntity().writeTo(byteArrayOutputStream);
        return new JSONObject(new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8));
    }

    private void updateCredential(JSONObject jSONObject) throws IOException {
        try {
            this.credential = StaticOpenIdCredential.copyOf(this.credential).accessToken(jSONObject.getString("access_token")).expiry(jSONObject.getLong("expires_in")).build();
        } catch (JSONException e) {
            throw new IOException("Error Parsing response of OpenId Bearer Token Refresh: " + e.getMessage());
        }
    }
}
