package no.fint.oauth;

import jakarta.annotation.PostConstruct;
import java.time.Duration;
import java.time.Instant;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestClient;

@ConditionalOnProperty(value = {"no.fint.oauth.enabled"}, havingValue = "true")
@Service
/* loaded from: input_file:no/fint/oauth/TokenService.class */
public class TokenService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenService.class);
    private static final String BEARER_TOKEN_TEMPLATE = "Bearer %s";
    private final RestClient restClient;
    private final OAuthTokenProps props;
    private final MultiValueMap<String, String> formData = createFormData();
    private AuthToken authToken;

    public TokenService(OAuthTokenProps oAuthTokenProps, @Qualifier("oauthRestClient") RestClient restClient) {
        this.props = oAuthTokenProps;
        this.restClient = restClient;
    }

    @PostConstruct
    public void init() {
        if (StringUtils.isEmpty(this.props.getRequestUrl())) {
            log.info("No request-url configured, will not initialize access token");
        } else {
            refreshToken(this.props.getRequestUrl());
        }
    }

    private void refreshToken(String str) {
        ResponseEntity entity = this.restClient.post().uri(str, new Object[0]).body(this.formData).retrieve().toEntity(AuthToken.class);
        if (entity.getStatusCode() != HttpStatus.OK) {
            throw new IllegalStateException(String.format("Unable to get access token from %s. Status: %d", this.props.getRequestUrl(), Integer.valueOf(entity.getStatusCode().value())));
        }
        this.authToken = (AuthToken) entity.getBody();
    }

    private MultiValueMap<String, String> createFormData() {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "password");
        linkedMultiValueMap.add("client_id", this.props.getClientId());
        linkedMultiValueMap.add("client_secret", this.props.getClientSecret());
        linkedMultiValueMap.add("username", this.props.getUsername());
        linkedMultiValueMap.add("password", this.props.getPassword());
        linkedMultiValueMap.add("scope", this.props.getScope());
        return linkedMultiValueMap;
    }

    public String getAccessToken(String str) {
        if (this.authToken == null || tokenHasExpired()) {
            refreshToken(str);
        }
        return this.authToken.accessToken();
    }

    private boolean tokenHasExpired() {
        Duration between = Duration.between(Instant.now(), Instant.ofEpochMilli(this.authToken.expirationTimestampMillis()));
        return between.isNegative() || between.getSeconds() < 30;
    }

    public String getAccessToken() {
        return getAccessToken(this.props.getRequestUrl());
    }

    public String getBearerToken() {
        return getBearerToken(this.props.getRequestUrl());
    }

    public String getBearerToken(String str) {
        String accessToken = getAccessToken(str);
        if (accessToken != null) {
            return String.format(BEARER_TOKEN_TEMPLATE, accessToken);
        }
        return null;
    }
}
