package org.eclipse.edc.connector.dataplane.http.oauth2;

import java.time.Clock;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.eclipse.edc.iam.oauth2.spi.Oauth2AssertionDecorator;
import org.eclipse.edc.iam.oauth2.spi.client.Oauth2CredentialsRequest;
import org.eclipse.edc.iam.oauth2.spi.client.PrivateKeyOauth2CredentialsRequest;
import org.eclipse.edc.iam.oauth2.spi.client.SharedSecretOauth2CredentialsRequest;
import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
import org.eclipse.edc.spi.iam.TokenRepresentation;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.spi.security.Vault;
import org.eclipse.edc.spi.types.domain.DataAddress;
import org.eclipse.edc.token.JwtGenerationService;
import org.eclipse.edc.token.spi.TokenDecorator;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/eclipse/edc/connector/dataplane/http/oauth2/Oauth2CredentialsRequestFactory.class */
public class Oauth2CredentialsRequestFactory {
    private static final long DEFAULT_TOKEN_VALIDITY = TimeUnit.MINUTES.toSeconds(5);
    private static final String GRANT_CLIENT_CREDENTIALS = "client_credentials";
    private final JwsSignerProvider jwsSignerProvider;
    private final Clock clock;
    private final Vault vault;

    public Oauth2CredentialsRequestFactory(JwsSignerProvider jwsSignerProvider, Clock clock, Vault vault) {
        this.jwsSignerProvider = jwsSignerProvider;
        this.clock = clock;
        this.vault = vault;
    }

    public Result<Oauth2CredentialsRequest> create(DataAddress dataAddress) {
        String stringProperty = dataAddress.getStringProperty("oauth2:privateKeyName");
        return stringProperty != null ? createPrivateKeyBasedRequest(stringProperty, dataAddress) : createSharedSecretRequest(dataAddress);
    }

    @NotNull
    private Result<Oauth2CredentialsRequest> createPrivateKeyBasedRequest(String str, DataAddress dataAddress) {
        return createAssertion(str, dataAddress).map(tokenRepresentation -> {
            return PrivateKeyOauth2CredentialsRequest.Builder.newInstance().clientAssertion(tokenRepresentation.getToken()).url(dataAddress.getStringProperty("oauth2:tokenUrl")).grantType(GRANT_CLIENT_CREDENTIALS).scope(dataAddress.getStringProperty("oauth2:scope")).build();
        });
    }

    @NotNull
    private Result<Oauth2CredentialsRequest> createSharedSecretRequest(DataAddress dataAddress) {
        Optional map = Optional.of(dataAddress).map(dataAddress2 -> {
            return dataAddress2.getStringProperty("oauth2:clientSecretKey");
        });
        Vault vault = this.vault;
        Objects.requireNonNull(vault);
        String str = (String) map.map(vault::resolveSecret).orElse(null);
        return str == null ? Result.failure("Cannot resolve client secret from the vault: " + dataAddress.getStringProperty("oauth2:clientSecretKey")) : Result.success(SharedSecretOauth2CredentialsRequest.Builder.newInstance().url(dataAddress.getStringProperty("oauth2:tokenUrl")).grantType(GRANT_CLIENT_CREDENTIALS).clientId(dataAddress.getStringProperty("oauth2:clientId")).clientSecret(str).scope(dataAddress.getStringProperty("oauth2:scope")).build());
    }

    @NotNull
    private Result<TokenRepresentation> createAssertion(String str, DataAddress dataAddress) {
        return new JwtGenerationService(this.jwsSignerProvider).generate(str, new TokenDecorator[]{Oauth2AssertionDecorator.Builder.newInstance().audience(dataAddress.getStringProperty("oauth2:tokenUrl")).clientId(dataAddress.getStringProperty("oauth2:clientId")).clock(this.clock).validity(((Long) Optional.ofNullable(dataAddress.getStringProperty("oauth2:validity")).map(this::parseLong).orElse(Long.valueOf(DEFAULT_TOKEN_VALIDITY))).longValue()).kid(dataAddress.getStringProperty("oauth2:kid")).build()});
    }

    @Nullable
    private Long parseLong(String str) {
        try {
            return Long.valueOf(Long.parseLong(str));
        } catch (NumberFormatException e) {
            return null;
        }
    }
}
