package net.optionfactory.spring.upstream;

import com.fasterxml.jackson.databind.JsonNode;
import java.net.URI;
import java.time.Instant;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.function.Supplier;
import net.optionfactory.spring.upstream.UpstreamInterceptor;
import net.optionfactory.spring.upstream.UpstreamPort;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:net/optionfactory/spring/upstream/UpstreamOauthInterceptor.class */
public class UpstreamOauthInterceptor<T> implements UpstreamInterceptor<T> {
    private final Logger logger = LoggerFactory.getLogger(UpstreamOauthInterceptor.class);
    private final ExecutorService executor = Executors.newSingleThreadExecutor();
    private final AtomicReference<Future<KnownToken>> ft = new AtomicReference<>();
    private final RestTemplate restOauth;
    private final Supplier<Instant> clock;
    private final Function<UpstreamInterceptor.PrepareContext<T>, RequestEntity<?>> requestFactory;

    /* loaded from: input_file:net/optionfactory/spring/upstream/UpstreamOauthInterceptor$KnownToken.class */
    public static class KnownToken {
        public final String token;
        public final Instant discardAfter;
        public final Instant refetchAfter;

        public KnownToken(String str, Instant instant, Instant instant2) {
            this.token = str;
            this.refetchAfter = instant;
            this.discardAfter = instant2;
        }

        public String toString() {
            return String.format("t:<removed>, d:%s, r:%s", this.discardAfter, this.refetchAfter);
        }
    }

    public UpstreamOauthInterceptor(SSLConnectionSocketFactory sSLConnectionSocketFactory, Supplier<Instant> supplier, Function<UpstreamInterceptor.PrepareContext<T>, RequestEntity<?>> function) {
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setSSLSocketFactory(sSLConnectionSocketFactory);
        this.restOauth = new RestTemplate(new HttpComponentsClientHttpRequestFactory(create.setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(5000).build()).setDefaultSocketConfig(SocketConfig.custom().setSoKeepAlive(true).build()).build()));
        this.clock = supplier;
        this.requestFactory = function;
    }

    @Override // net.optionfactory.spring.upstream.UpstreamInterceptor
    public HttpHeaders prepare(UpstreamPort.Hints<T> hints, UpstreamInterceptor.PrepareContext<T> prepareContext) {
        try {
            String provideToken = provideToken(prepareContext);
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.set("Authorization", String.format("Bearer %s", provideToken));
            return httpHeaders;
        } catch (InterruptedException | ExecutionException e) {
            throw new IllegalStateException(e);
        }
    }

    private String provideToken(UpstreamInterceptor.PrepareContext<T> prepareContext) throws InterruptedException, ExecutionException {
        Instant instant = this.clock.get();
        Future<KnownToken> future = this.ft.get();
        KnownToken knownToken = future == null ? null : future.get();
        this.logger.info("oldToken is {}", knownToken);
        if (knownToken == null || instant.isAfter(knownToken.refetchAfter)) {
            this.logger.info("refetching", knownToken);
            this.ft.set(this.executor.submit(() -> {
                return fetchToken(prepareContext, this.requestFactory.apply(prepareContext), instant);
            }));
        }
        if (knownToken != null && !instant.isAfter(knownToken.discardAfter)) {
            this.logger.info("old token is valid", knownToken);
            return knownToken.token;
        }
        KnownToken knownToken2 = this.ft.get().get();
        this.logger.info("fresh token", knownToken2);
        return knownToken2.token;
    }

    protected KnownToken fetchToken(UpstreamInterceptor.PrepareContext<T> prepareContext, RequestEntity<?> requestEntity, Instant instant) throws RestClientException {
        JsonNode jsonNode = (JsonNode) this.restOauth.exchange(requestEntity, JsonNode.class).getBody();
        int asInt = jsonNode.get("expires_in").asInt(0);
        return new KnownToken(jsonNode.get("access_token").asText(), instant.plusSeconds(asInt).minusSeconds(Math.max(15, asInt / 2)), instant.plusSeconds(asInt).minusSeconds(Math.max(5, asInt / 4)));
    }

    public static UpstreamOauthInterceptor clientCredentials(String str, String str2, SSLConnectionSocketFactory sSLConnectionSocketFactory, URI uri, Supplier<Instant> supplier) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(List.of(MediaType.APPLICATION_JSON_UTF8));
        httpHeaders.setContentType(MediaType.valueOf("application/x-www-form-urlencoded;charset=UTF-8"));
        httpHeaders.setBasicAuth(str, str2);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "client_credentials");
        RequestEntity requestEntity = new RequestEntity(linkedMultiValueMap, httpHeaders, HttpMethod.POST, uri);
        return new UpstreamOauthInterceptor(sSLConnectionSocketFactory, supplier, obj -> {
            return requestEntity;
        });
    }

    public static UpstreamOauthInterceptor password(String str, String str2, SSLConnectionSocketFactory sSLConnectionSocketFactory, URI uri, Supplier<Instant> supplier) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("username", "admin");
        linkedMultiValueMap.add("password", str2);
        linkedMultiValueMap.add("grant_type", "password");
        linkedMultiValueMap.add("client_id", str);
        RequestEntity requestEntity = new RequestEntity(linkedMultiValueMap, httpHeaders, HttpMethod.POST, uri);
        return new UpstreamOauthInterceptor(sSLConnectionSocketFactory, supplier, obj -> {
            return requestEntity;
        });
    }
}
