package no.nav.common.token_client.client;

import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import no.nav.common.token_client.cache.TokenCache;
import no.nav.common.token_client.utils.TokenClientUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/token_client/client/AzureAdMachineToMachineTokenClient.class */
public class AzureAdMachineToMachineTokenClient extends AbstractTokenClient implements MachineToMachineTokenClient {
    private static final Logger log = LoggerFactory.getLogger(AzureAdMachineToMachineTokenClient.class);

    public AzureAdMachineToMachineTokenClient(String str, String str2, String str3, TokenCache tokenCache) {
        super(str, str2, str3, tokenCache);
    }

    @Override // no.nav.common.token_client.client.MachineToMachineTokenClient
    public String createMachineToMachineToken(String str) {
        return (String) Optional.ofNullable(this.tokenCache).map(tokenCache -> {
            return tokenCache.getFromCacheOrTryProvider(str, () -> {
                return createToken(str);
            });
        }).orElseGet(() -> {
            return createToken(str);
        });
    }

    private String createToken(String str) {
        TokenResponse parse = TokenResponse.parse(new TokenRequest(this.tokenEndpoint, TokenClientUtils.signedClientAssertion(TokenClientUtils.clientAssertionHeader(this.privateJwkKeyId), TokenClientUtils.clientAssertionClaims(this.clientId, this.tokenEndpoint.toString()), this.assertionSigner), new ClientCredentialsGrant(), new Scope(new String[]{str}), (List) null, additionalClaims(str)).toHTTPRequest().send());
        if (parse.indicatesSuccess()) {
            return parse.toSuccessResponse().getTokens().getAccessToken().getValue();
        }
        log.error("Failed to fetch AzureAD M2M token for scope={}. Error: {}", str, parse.toErrorResponse().toJSONObject().toString());
        throw new RuntimeException("Failed to fetch AzureAD M2M token for scope=" + str);
    }

    private static Map<String, List<String>> additionalClaims(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("audience", List.of(str));
        return hashMap;
    }
}
