package io.helidon.security.providers.oidc.common;

import io.helidon.common.http.FormParams;
import io.helidon.common.http.Http;
import io.helidon.common.http.MediaType;
import io.helidon.security.SecurityException;
import io.helidon.security.jwt.jwk.JwkKeys;
import io.helidon.webclient.WebClient;
import io.helidon.webclient.WebClientResponse;
import java.net.URI;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import javax.json.JsonObject;

/* loaded from: input_file:io/helidon/security/providers/oidc/common/IdcsSupport.class */
class IdcsSupport {
    private IdcsSupport() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwkKeys signJwk(WebClient webClient, WebClient webClient2, URI uri, URI uri2, Duration duration) {
        try {
            WebClientResponse webClientResponse = (WebClientResponse) webClient.post().uri(uri).accept(new MediaType[]{MediaType.APPLICATION_JSON}).submit(FormParams.builder().add("grant_type", new String[]{"client_credentials"}).add("scope", new String[]{"urn:opc:idm:__myscopes__"}).build()).await(duration.toMillis(), TimeUnit.MILLISECONDS);
            if (webClientResponse.status().family() != Http.ResponseStatus.Family.SUCCESSFUL) {
                throw new SecurityException("Failed to read JWK from IDCS. Status: " + webClientResponse.status() + ", entity: " + ((String) webClientResponse.content().as(String.class).await(duration.toMillis(), TimeUnit.MILLISECONDS)));
            }
            String string = ((JsonObject) webClientResponse.content().as(JsonObject.class).await(duration.toMillis(), TimeUnit.MILLISECONDS)).getString("access_token");
            return JwkKeys.create((JsonObject) webClient2.get().uri(uri2).headers(webClientRequestHeaders -> {
                webClientRequestHeaders.add("Authorization", new String[]{"Bearer " + string});
                return webClientRequestHeaders;
            }).request(JsonObject.class).await(duration.toMillis(), TimeUnit.MILLISECONDS));
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException("Failed to read JWK from IDCS", e2);
        }
    }
}
