package no.nav.brukerdialog.security.oidc;

import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Response;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.sbl.rest.RestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/IdTokenProvider.class */
public class IdTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(IdTokenProvider.class);
    private final Client client;
    private String issoHostUrl;
    private String issoRpUserPassword;

    public IdTokenProvider() {
        this(IdTokenProviderConfig.resolveFromSystemProperties());
    }

    public IdTokenProvider(IdTokenProviderConfig idTokenProviderConfig) {
        this.client = RestUtils.createClient();
        this.issoHostUrl = idTokenProviderConfig.issoHostUrl;
        this.issoRpUserPassword = idTokenProviderConfig.issoRpUserPassword;
    }

    public OidcCredential getToken(String str, String str2) {
        return (OidcCredential) TokenProviderUtil.getToken(() -> {
            return createTokenRequest(str, str2, this.client);
        }, this::extractToken);
    }

    protected Response createTokenRequest(String str, String str2, Client client) {
        String str3 = "grant_type=refresh_token&scope=openid&realm=/&refresh_token=" + str;
        log.debug("Refreshing ID-token by POST to " + this.issoHostUrl);
        return client.target(this.issoHostUrl + "/access_token").request().header("Authorization", TokenProviderUtil.basicCredentials(str2, this.issoRpUserPassword)).header("Cache-Control", "no-cache").post(Entity.entity(str3, "application/x-www-form-urlencoded"));
    }

    private OidcCredential extractToken(String str) {
        return new OidcCredential(TokenProviderUtil.findToken(str, IdTokenAndRefreshTokenProvider.ID_TOKEN));
    }
}
