package com.cleveranalytics.service.authn.client;

import com.cleveranalytics.common.rest.client.CanRestClient;
import com.cleveranalytics.service.authn.client.exception.AuthnClientException;
import com.cleveranalytics.service.authn.rest.dto.TokenResponseDTO;
import com.cleveranalytics.service.authn.service.dto.UserinfoResponse;
import java.io.IOException;
import java.util.List;
import org.apache.http.cookie.ClientCookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/authn-client-1.0.0-SNAPSHOT.jar:com/cleveranalytics/service/authn/client/GeneratedTokenClient.class */
public class GeneratedTokenClient extends CanRestClient {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) GeneratedTokenClient.class);
    private static final String PRODUCTION_URL = "https://login.secure.clevermaps.io/oauth2/ausblrhqbi0ahjlhY0h7/v1";
    private static final String STAGING_URL = "https://login.staging.clevermaps.io/oauth2/ausczk34l1H71WKiU0h7/v1";
    private static final String PRODUCTION_TOKEN_URL = "https://login.secure.clevermaps.io/oauth2/ausblrhqbi0ahjlhY0h7/v1/token";
    private static final String STAGING_TOKEN_URL = "https://login.staging.clevermaps.io/oauth2/ausczk34l1H71WKiU0h7/v1/token";
    private static final String PRODUCTION_USERINFO_URL = "https://login.secure.clevermaps.io/oauth2/ausblrhqbi0ahjlhY0h7/v1/userinfo";
    private static final String STAGING_USERINFO_URL = "https://login.staging.clevermaps.io/oauth2/ausczk34l1H71WKiU0h7/v1/userinfo";
    private static final String PRODUCTION_CLIENT_ID = "0oaxq6v2loD13rlSL0h7";
    private static final String STAGING_CLIENT_ID = "0oaxkxfz3453DV09u0h7";
    private static final String GRANT_TYPE = "refresh_token";
    private final RestTemplate restTemplate;
    private String refreshToken;
    private String accessToken;
    private String userEmail;

    /* loaded from: input_file:BOOT-INF/lib/authn-client-1.0.0-SNAPSHOT.jar:com/cleveranalytics/service/authn/client/GeneratedTokenClient$CanAuthInterceptor.class */
    private class CanAuthInterceptor implements ClientHttpRequestInterceptor {
        private CanAuthInterceptor() {
        }

        @Override // org.springframework.http.client.ClientHttpRequestInterceptor
        public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
            httpRequest.getHeaders().set("Authorization", "Bearer " + GeneratedTokenClient.this.getAccessToken());
            ClientHttpResponse execute = clientHttpRequestExecution.execute(httpRequest, bArr);
            if (execute.getStatusCode().equals(HttpStatus.UNAUTHORIZED)) {
                GeneratedTokenClient.this.refreshAccessToken();
                httpRequest.getHeaders().set("Authorization", "Bearer " + GeneratedTokenClient.this.getAccessToken());
                execute = clientHttpRequestExecution.execute(httpRequest, bArr);
                if (execute.getStatusCode().equals(HttpStatus.UNAUTHORIZED)) {
                    throw new AuthnClientException("Authentication refresh failed");
                }
            }
            return execute;
        }
    }

    public GeneratedTokenClient(String str, String str2, String str3, ClientHttpRequestFactory clientHttpRequestFactory) {
        super(str, str2, clientHttpRequestFactory);
        this.restTemplate = new RestTemplate();
        List<ClientHttpRequestInterceptor> interceptors = super.getInterceptors();
        interceptors.add(new CanAuthInterceptor());
        super.setInterceptors(interceptors);
        this.refreshToken = str3;
        refreshAccessToken();
    }

    public void refreshAccessToken() {
        Assert.notNull(this.refreshToken, "Field refreshToken must not be null.");
        if (getServerUri().getHost().startsWith(ClientCookie.SECURE_ATTR)) {
            obtainAccessToken(PRODUCTION_TOKEN_URL, PRODUCTION_CLIENT_ID, this.refreshToken);
            obtainUserEmail(PRODUCTION_USERINFO_URL);
        } else {
            obtainAccessToken(STAGING_TOKEN_URL, STAGING_CLIENT_ID, this.refreshToken);
            obtainUserEmail(STAGING_USERINFO_URL);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void obtainAccessToken(String str, String str2, String str3) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", GRANT_TYPE);
        linkedMultiValueMap.add("client_id", str2);
        linkedMultiValueMap.add(GRANT_TYPE, str3);
        try {
            ResponseEntity postForEntity = this.restTemplate.postForEntity(str, new HttpEntity(linkedMultiValueMap, httpHeaders), TokenResponseDTO.class, new Object[0]);
            if (postForEntity.getBody() == 0 || ((TokenResponseDTO) postForEntity.getBody()).getAccessToken() == null) {
                logger.warn("Received access token response with empty body and/or without access token.");
                throw new AuthnClientException("Received access token response with empty body and/or without access token.");
            }
            this.accessToken = ((TokenResponseDTO) postForEntity.getBody()).getAccessToken();
        } catch (Exception e) {
            logger.warn("Failed to obtain access token for refresh token={}.", sanitizeToken(str3), e);
            throw new AuthnClientException("Failed to authenticate using provided access token.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void obtainUserEmail(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", "Bearer " + this.accessToken);
        try {
            ResponseEntity exchange = this.restTemplate.exchange(str, HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), UserinfoResponse.class, new Object[0]);
            if (exchange.getBody() == 0 || ((UserinfoResponse) exchange.getBody()).getEmail() == null) {
                logger.warn("Received user info response with empty body and/or without email.");
                throw new AuthnClientException("Received user info response with empty body and/or without email.");
            }
            this.userEmail = ((UserinfoResponse) exchange.getBody()).getEmail();
        } catch (Exception e) {
            logger.warn("Failed to obtain user info for authenticated user.", (Throwable) e);
            throw new AuthnClientException("Failed to obtain user info for authenticated user.");
        }
    }

    private String sanitizeToken(String str) {
        return str.substring(8) + "...";
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public String getAccessToken() {
        return this.accessToken;
    }

    public String getUserEmail() {
        return this.userEmail;
    }
}
