package no.nav.brukerdialog.security.oidc;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import no.nav.brukerdialog.security.domain.IdTokenAndRefreshToken;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.sbl.rest.RestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/IdTokenAndRefreshTokenProvider.class */
public class IdTokenAndRefreshTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(IdTokenAndRefreshTokenProvider.class);
    static final String ENCODING = "UTF-8";
    public static final String ID_TOKEN = "id_token";
    public static final String REFRESH_TOKEN = "refresh_token";
    private final Client client;
    private final IdTokenAndRefreshTokenProviderConfig parameters;

    public IdTokenAndRefreshTokenProvider() {
        this(IdTokenAndRefreshTokenProviderConfig.resolveFromSystemProperties());
    }

    public IdTokenAndRefreshTokenProvider(IdTokenAndRefreshTokenProviderConfig idTokenAndRefreshTokenProviderConfig) {
        this.client = RestUtils.createClient();
        this.parameters = idTokenAndRefreshTokenProviderConfig;
    }

    public IdTokenAndRefreshToken getToken(String str, String str2) {
        return (IdTokenAndRefreshToken) TokenProviderUtil.getToken(() -> {
            return createTokenRequest(str, str2, this.client);
        }, this::extractToken);
    }

    Response createTokenRequest(String str, String str2, Client client) {
        try {
            String encode = URLEncoder.encode(str2, ENCODING);
            String str3 = this.parameters.issoHostUrl;
            String str4 = "grant_type=authorization_code&realm=/&redirect_uri=" + encode + "&code=" + str;
            log.debug("Requesting tokens by POST to " + str3);
            return client.target(str3 + "/access_token").request().header("Authorization", TokenProviderUtil.basicCredentials(this.parameters.issoRpUserUsername, this.parameters.issoRpUserPassword)).header("Cache-Control", "no-cache").post(Entity.entity(str4, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException("Could not URL-encode the redirectUri: " + str2);
        }
    }

    private IdTokenAndRefreshToken extractToken(String str) {
        return new IdTokenAndRefreshToken(new OidcCredential(TokenProviderUtil.findToken(str, ID_TOKEN)), TokenProviderUtil.findToken(str, "refresh_token"));
    }
}
