package io.micronaut.security.oauth2.client.clientcredentials;

import com.nimbusds.jwt.JWTParser;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient;
import io.micronaut.security.oauth2.endpoint.token.request.context.ClientCredentialsTokenRequestContext;
import io.micronaut.security.oauth2.endpoint.token.response.TokenResponse;
import java.text.ParseException;
import java.time.Duration;
import java.util.Date;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

@Internal
/* loaded from: input_file:io/micronaut/security/oauth2/client/clientcredentials/AbstractClientCredentialsClient.class */
public abstract class AbstractClientCredentialsClient implements ClientCredentialsClient {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractClientCredentialsClient.class);
    private static final String NOSCOPE = "NOSCOPE";
    protected final TokenEndpointClient tokenEndpointClient;
    protected final OauthClientConfiguration oauthClientConfiguration;
    protected final Map<String, Publisher<TokenResponse>> scopeToPublisherMap = new ConcurrentHashMap();

    public AbstractClientCredentialsClient(@NonNull OauthClientConfiguration oauthClientConfiguration, @NonNull TokenEndpointClient tokenEndpointClient) {
        this.oauthClientConfiguration = oauthClientConfiguration;
        this.tokenEndpointClient = tokenEndpointClient;
    }

    public String getName() {
        return this.oauthClientConfiguration.getName();
    }

    @Override // io.micronaut.security.oauth2.client.clientcredentials.ClientCredentialsClient
    @NonNull
    public Publisher<TokenResponse> requestToken(@Nullable String str) {
        return requestToken(str, false);
    }

    @Override // io.micronaut.security.oauth2.client.clientcredentials.ClientCredentialsClient
    @NonNull
    public Publisher<TokenResponse> requestToken(@Nullable String str, boolean z) {
        String str2 = str != null ? str : NOSCOPE;
        return Flux.from(this.scopeToPublisherMap.computeIfAbsent(str2, str3 -> {
            return cachedTokenResponseForScope(str);
        })).materialize().next().flatMap(signal -> {
            if (z || !signal.isOnNext() || isExpired((TokenResponse) signal.get())) {
                return signal.isOnError() ? signal.getThrowable() != null ? Mono.error(signal.getThrowable()) : Mono.error(Throwable::new) : Mono.from(this.scopeToPublisherMap.computeIfPresent(str2, (str4, publisher) -> {
                    return cachedTokenResponseForScope(str);
                }));
            }
            TokenResponse tokenResponse = (TokenResponse) signal.get();
            return tokenResponse != null ? Mono.just(tokenResponse) : Mono.empty();
        });
    }

    @NonNull
    private Publisher<TokenResponse> cachedTokenResponseForScope(String str) {
        return Flux.from(this.tokenEndpointClient.sendRequest(createTokenRequestContext(str))).cache();
    }

    protected boolean isExpired(@Nullable TokenResponse tokenResponse) {
        if (tokenResponse == null) {
            return true;
        }
        return ((Boolean) expirationDate(tokenResponse).map(date -> {
            boolean isExpired = isExpired(date);
            if (isExpired && LOG.isTraceEnabled()) {
                LOG.trace("token: {} is expired" + tokenResponse.getAccessToken());
            }
            return Boolean.valueOf(isExpired);
        }).orElse(true)).booleanValue();
    }

    protected boolean isExpired(@NonNull Date date) {
        return date.getTime() - ((Duration) this.oauthClientConfiguration.getClientCredentials().map((v0) -> {
            return v0.getAdvancedExpiration();
        }).orElse(OauthClientConfiguration.DEFAULT_ADVANCED_EXPIRATION)).toMillis() < new Date().getTime();
    }

    protected Optional<Date> expirationDate(@NonNull TokenResponse tokenResponse) {
        try {
            return Optional.ofNullable(JWTParser.parse(tokenResponse.getAccessToken()).getJWTClaimsSet().getExpirationTime());
        } catch (ParseException e) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("cannot parse access token {} to JWT", tokenResponse.getAccessToken());
            }
            return tokenResponse.getExpiresInDate();
        }
    }

    protected abstract ClientCredentialsTokenRequestContext createTokenRequestContext(@Nullable String str);
}
