package no.nav.brukerdialog.security.oidc;

import java.time.Instant;
import javax.ws.rs.client.Client;
import no.nav.brukerdialog.security.Constants;
import no.nav.brukerdialog.security.domain.IdToken;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.oidc.provider.IssoOidcProvider;
import no.nav.brukerdialog.security.oidc.provider.IssoOidcProviderConfig;
import no.nav.sbl.rest.RestUtils;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/SystemUserTokenProvider.class */
public class SystemUserTokenProvider {
    private static final String authenticateUri = "json/authenticate?authIndexType=service&authIndexValue=adminconsoleservice";
    private final SystemUserTokenProviderConfig config;
    private final String srvUsername;
    private final String srvPassword;
    private final String openAmHost;
    private final String openamClientUsername;
    private final String oidcRedirectUrl;
    private final Client client;
    private final IdTokenAndRefreshTokenProvider idTokenAndRefreshTokenProvider;
    private final OidcTokenValidator validator;
    private final IssoOidcProvider oidcProvider;
    private IdToken idToken;

    public SystemUserTokenProvider() {
        this(SystemUserTokenProviderConfig.resolveFromSystemProperties());
    }

    public SystemUserTokenProvider(SystemUserTokenProviderConfig systemUserTokenProviderConfig) {
        this.client = RestUtils.createClient();
        this.config = systemUserTokenProviderConfig;
        this.srvUsername = systemUserTokenProviderConfig.srvUsername;
        this.srvPassword = systemUserTokenProviderConfig.srvPassword;
        this.openAmHost = systemUserTokenProviderConfig.issoHostUrl;
        this.openamClientUsername = systemUserTokenProviderConfig.issoRpUserUsername;
        this.oidcRedirectUrl = systemUserTokenProviderConfig.oidcRedirectUrl;
        this.idTokenAndRefreshTokenProvider = new IdTokenAndRefreshTokenProvider(IdTokenAndRefreshTokenProviderConfig.from(systemUserTokenProviderConfig));
        this.validator = new OidcTokenValidator();
        this.oidcProvider = new IssoOidcProvider(IssoOidcProviderConfig.from(systemUserTokenProviderConfig));
    }

    public SystemUserTokenProviderConfig getConfig() {
        return this.config;
    }

    public String getToken() {
        if (tokenIsSoonExpired()) {
            refreshToken();
        }
        return this.idToken.getIdToken().getToken();
    }

    private void refreshToken() {
        OidcCredential idToken = this.idTokenAndRefreshTokenProvider.getToken(OpenAmUtils.getAuthorizationCode(this.openAmHost, OpenAmUtils.getSessionToken(this.srvUsername, this.srvPassword, konstruerFullstendingAuthUri(this.openAmHost, authenticateUri), this.client), this.openamClientUsername, this.oidcRedirectUrl, this.client), this.oidcRedirectUrl).getIdToken();
        OidcTokenValidatorResult validate = this.validator.validate(idToken.getToken(), this.oidcProvider);
        if (!validate.isValid()) {
            throw new OidcTokenException("Kunne ikke validere token: " + validate.getErrorMessage());
        }
        this.idToken = new IdToken(idToken, validate.getExpSeconds());
    }

    public static String konstruerFullstendingAuthUri(String str, String str2) {
        return str.replace("oauth2", str2);
    }

    private boolean tokenIsSoonExpired() {
        return this.idToken == null || (this.idToken.getExpirationTimeSeconds() * 1000) - Instant.now().toEpochMilli() < ((long) getMinimumTimeToExpireBeforeRefresh());
    }

    private int getMinimumTimeToExpireBeforeRefresh() {
        return Integer.parseInt(System.getProperty(Constants.REFRESH_TIME, "60")) * 1000;
    }
}
