package org.entur.jwt.client.spring;

import java.net.URL;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.entur.jwt.client.AccessTokenProvider;
import org.entur.jwt.client.AccessTokenProviderBuilder;
import org.entur.jwt.client.ClientCredentials;
import org.entur.jwt.client.auth0.Auth0ClientCredentialsBuilder;
import org.entur.jwt.client.keycloak.KeycloakClientCredentialsBuilder;
import org.entur.jwt.client.properties.AbstractJwtClientProperties;
import org.entur.jwt.client.properties.Auth0JwtClientProperties;
import org.entur.jwt.client.properties.JwtClientCache;
import org.entur.jwt.client.properties.JwtPreemptiveRefresh;
import org.entur.jwt.client.properties.KeycloakJwtClientProperties;

/* loaded from: input_file:org/entur/jwt/client/spring/JwtClientBeanDefinitionRegistryPostProcessorSupport.class */
public abstract class JwtClientBeanDefinitionRegistryPostProcessorSupport<T> {
    protected T client;
    protected SpringJwtClientProperties rootProperties;

    public JwtClientBeanDefinitionRegistryPostProcessorSupport(T t, SpringJwtClientProperties springJwtClientProperties) {
        this.client = t;
        this.rootProperties = springJwtClientProperties;
    }

    public AccessTokenProvider newAuth0Instance(String str) {
        Auth0JwtClientProperties auth0JwtClientProperties = this.rootProperties.getAuth0().get(str);
        return toAccessTokenProvider(this.client, auth0JwtClientProperties, Auth0ClientCredentialsBuilder.newInstance().withPort(auth0JwtClientProperties.getPort()).withProtocol(auth0JwtClientProperties.getProtocol()).withHost(auth0JwtClientProperties.getHost()).withClientId(auth0JwtClientProperties.getClientId()).withSecret(auth0JwtClientProperties.getSecret()).withScope(auth0JwtClientProperties.getScope()).withAudience(auth0JwtClientProperties.getAudience()).build(), this.rootProperties.getHealthIndicator().isEnabled() && auth0JwtClientProperties.isHealth());
    }

    public AccessTokenProvider newKeycloakInstance(String str) {
        KeycloakJwtClientProperties keycloakJwtClientProperties = this.rootProperties.getKeycloak().get(str);
        return toAccessTokenProvider(this.client, keycloakJwtClientProperties, KeycloakClientCredentialsBuilder.newInstance().withPort(keycloakJwtClientProperties.getPort()).withProtocol(keycloakJwtClientProperties.getProtocol()).withHost(keycloakJwtClientProperties.getHost()).withClientId(keycloakJwtClientProperties.getClientId()).withSecret(keycloakJwtClientProperties.getSecret()).withScope(keycloakJwtClientProperties.getScope()).withAudience(keycloakJwtClientProperties.getAudience()).withRealm(keycloakJwtClientProperties.getRealm()).build(), this.rootProperties.getHealthIndicator().isEnabled() && keycloakJwtClientProperties.isHealth());
    }

    private AccessTokenProvider toAccessTokenProvider(T t, AbstractJwtClientProperties abstractJwtClientProperties, ClientCredentials clientCredentials, boolean z) {
        AccessTokenProvider newUrlAccessTokenProvider;
        JwtClientCache cache = abstractJwtClientProperties.getCache();
        URL revokeURL = clientCredentials.getRevokeURL();
        URL refreshURL = clientCredentials.getRefreshURL();
        if (revokeURL != null && refreshURL != null) {
            newUrlAccessTokenProvider = newStatefulUrlAccessTokenProvider(t, clientCredentials.getIssueURL(), clientCredentials.getParameters(), clientCredentials.getHeaders(), refreshURL, revokeURL, clientCredentials);
        } else {
            if (revokeURL != null || refreshURL != null) {
                throw new IllegalStateException("Expected neither or both refresh url and revoke url present");
            }
            newUrlAccessTokenProvider = newUrlAccessTokenProvider(t, clientCredentials.getIssueURL(), clientCredentials.getParameters(), clientCredentials.getHeaders(), clientCredentials);
        }
        AccessTokenProviderBuilder accessTokenProviderBuilder = new AccessTokenProviderBuilder(newUrlAccessTokenProvider);
        accessTokenProviderBuilder.retrying(abstractJwtClientProperties.isRetrying());
        if (cache == null || !cache.isEnabled()) {
            accessTokenProviderBuilder.cached(false);
        } else {
            accessTokenProviderBuilder.cached(cache.getMinimumTimeToLive(), TimeUnit.SECONDS, cache.getRefreshTimeout(), TimeUnit.SECONDS);
            JwtPreemptiveRefresh preemptiveRefresh = cache.getPreemptiveRefresh();
            if (preemptiveRefresh == null || !preemptiveRefresh.isEnabled()) {
                accessTokenProviderBuilder.preemptiveCacheRefresh(false);
            } else {
                accessTokenProviderBuilder.preemptiveCacheRefresh(preemptiveRefresh.getTimeToExpires(), TimeUnit.SECONDS, preemptiveRefresh.getExpiresConstraint(), preemptiveRefresh.getEager().isEnabled());
            }
        }
        accessTokenProviderBuilder.health(z);
        return accessTokenProviderBuilder.build();
    }

    protected abstract AccessTokenProvider newUrlAccessTokenProvider(T t, URL url, Map<String, Object> map, Map<String, Object> map2, ClientCredentials clientCredentials);

    protected abstract AccessTokenProvider newStatefulUrlAccessTokenProvider(T t, URL url, Map<String, Object> map, Map<String, Object> map2, URL url2, URL url3, ClientCredentials clientCredentials);
}
