package com.sap.cloud.security.xsuaa.client;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Ticker;
import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.http.HttpHeaders;
import com.sap.cloud.security.xsuaa.http.HttpHeadersFactory;
import com.sap.cloud.security.xsuaa.tokenflows.Cacheable;
import com.sap.cloud.security.xsuaa.tokenflows.TokenCacheConfiguration;
import com.sap.cloud.security.xsuaa.util.UriUtil;
import java.net.URI;
import java.time.Clock;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/client/AbstractOAuth2TokenService.class */
public abstract class AbstractOAuth2TokenService implements OAuth2TokenService, Cacheable {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractOAuth2TokenService.class);
    private final Cache<CacheKey, OAuth2TokenResponse> responseCache;
    private final TokenCacheConfiguration tokenCacheConfiguration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cloud/security/xsuaa/client/AbstractOAuth2TokenService$CacheKey.class */
    public class CacheKey {
        private final URI tokenEndpointUri;
        private final HttpHeaders headers;
        private final Map<String, String> parameters;

        public CacheKey(URI uri, HttpHeaders httpHeaders, Map<String, String> map) {
            this.tokenEndpointUri = uri;
            this.headers = httpHeaders;
            this.parameters = map;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            return Objects.equals(this.tokenEndpointUri, cacheKey.tokenEndpointUri) && Objects.equals(this.headers, cacheKey.headers) && Objects.equals(this.parameters, cacheKey.parameters);
        }

        public int hashCode() {
            return Objects.hash(this.tokenEndpointUri, this.headers, this.parameters);
        }

        public String toString() {
            return "CacheKey{tokenEndpointUri=" + this.tokenEndpointUri + ", headers=" + this.headers + ", parameters=" + this.parameters + '}';
        }
    }

    public AbstractOAuth2TokenService() {
        this(TokenCacheConfiguration.defaultConfiguration(), Ticker.systemTicker(), false);
    }

    public AbstractOAuth2TokenService(TokenCacheConfiguration tokenCacheConfiguration) {
        this(tokenCacheConfiguration, Ticker.systemTicker(), false);
    }

    AbstractOAuth2TokenService(TokenCacheConfiguration tokenCacheConfiguration, Ticker ticker, boolean z) {
        Assertions.assertNotNull(tokenCacheConfiguration, "cacheConfiguration is required");
        this.tokenCacheConfiguration = tokenCacheConfiguration;
        this.responseCache = createResponseCache(ticker, z);
        if (isCacheDisabled()) {
            LOGGER.debug("Configured token service with cache disabled");
        } else {
            LOGGER.debug("Configured token service with {}", tokenCacheConfiguration);
        }
    }

    @Override // com.sap.cloud.security.xsuaa.tokenflows.Cacheable
    public void clearCache() {
        this.responseCache.invalidateAll();
    }

    @Override // com.sap.cloud.security.xsuaa.tokenflows.Cacheable
    @Nonnull
    public TokenCacheConfiguration getCacheConfiguration() {
        return this.tokenCacheConfiguration;
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaClientCredentialsGrant(@Nonnull URI uri, @Nonnull ClientIdentity clientIdentity, @Nullable String str, @Nullable String str2, @Nullable Map<String, String> map, boolean z) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpointUri is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Map<String, String> buildAsMap = new RequestParameterBuilder().withGrantType(OAuth2TokenServiceConstants.GRANT_TYPE_CLIENT_CREDENTIALS).withClientIdentity(clientIdentity).withOptionalParameters(map).buildAsMap();
        HttpHeaders createWithoutAuthorizationHeader = HttpHeadersFactory.createWithoutAuthorizationHeader();
        if (str != null) {
            createWithoutAuthorizationHeader.withHeader(HttpHeaders.X_ZID, str);
        }
        return getOAuth2TokenResponse(uri, createWithoutAuthorizationHeader, buildAsMap, str2, z);
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaUserTokenGrant(@Nonnull URI uri, @Nonnull ClientIdentity clientIdentity, @Nonnull String str, @Nullable String str2, @Nullable Map<String, String> map) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpointUri is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Assertions.assertNotNull(str, "token is required");
        return getOAuth2TokenResponse(uri, HttpHeadersFactory.createWithAuthorizationBearerHeader(str), new RequestParameterBuilder().withGrantType(OAuth2TokenServiceConstants.GRANT_TYPE_USER_TOKEN).withClientId(clientIdentity.getId()).withOptionalParameters(map).buildAsMap(), str2, false);
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaRefreshToken(@Nonnull URI uri, @Nonnull ClientIdentity clientIdentity, @Nonnull String str, String str2, boolean z) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpointUri is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Assertions.assertNotNull(str, "refreshToken is required");
        return getOAuth2TokenResponse(uri, HttpHeadersFactory.createWithoutAuthorizationHeader(), new RequestParameterBuilder().withGrantType("refresh_token").withRefreshToken(str).withClientIdentity(clientIdentity).buildAsMap(), str2, z);
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaPasswordGrant(@Nonnull URI uri, @Nonnull ClientIdentity clientIdentity, @Nonnull String str, @Nonnull String str2, @Nullable String str3, @Nullable Map<String, String> map, boolean z) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpoint is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Assertions.assertNotNull(str, "username is required");
        Assertions.assertNotNull(str2, "password is required");
        return getOAuth2TokenResponse(uri, HttpHeadersFactory.createWithoutAuthorizationHeader(), new RequestParameterBuilder().withGrantType("password").withUsername(str).withPassword(str2).withClientIdentity(clientIdentity).withOptionalParameters(map).buildAsMap(), str3, z);
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI uri, ClientIdentity clientIdentity, String str, @Nullable String str2, @Nullable Map<String, String> map, boolean z) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpoint is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Assertions.assertNotNull(str, "token is required");
        return getOAuth2TokenResponse(uri, HttpHeadersFactory.createWithoutAuthorizationHeader(), new RequestParameterBuilder().withGrantType(OAuth2TokenServiceConstants.GRANT_TYPE_JWT_BEARER).withClientIdentity(clientIdentity).withToken(str).withOptionalParameters(map).buildAsMap(), str2, z);
    }

    @Override // com.sap.cloud.security.xsuaa.client.OAuth2TokenService
    public OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI uri, ClientIdentity clientIdentity, @Nonnull String str, @Nullable Map<String, String> map, boolean z, @Nonnull String str2) throws OAuth2ServiceException {
        Assertions.assertNotNull(uri, "tokenEndpoint is required");
        Assertions.assertNotNull(clientIdentity, "clientIdentity is required");
        Assertions.assertNotNull(str, "token is required");
        Assertions.assertNotNull(str2, "ZoneId is required to create X-zid header");
        Map<String, String> buildAsMap = new RequestParameterBuilder().withGrantType(OAuth2TokenServiceConstants.GRANT_TYPE_JWT_BEARER).withClientIdentity(clientIdentity).withToken(str).withOptionalParameters(map).buildAsMap();
        HttpHeaders withHeader = HttpHeadersFactory.createWithoutAuthorizationHeader().withHeader(HttpHeaders.X_ZID, str2);
        return (isCacheDisabled() || z) ? requestAccessToken(uri, withHeader, buildAsMap) : getOrRequestAccessToken(uri, withHeader, buildAsMap);
    }

    protected abstract OAuth2TokenResponse requestAccessToken(URI uri, HttpHeaders httpHeaders, Map<String, String> map) throws OAuth2ServiceException;

    private OAuth2TokenResponse getOAuth2TokenResponse(@Nonnull URI uri, HttpHeaders httpHeaders, Map<String, String> map, @Nullable String str, boolean z) throws OAuth2ServiceException {
        URI replaceSubdomain = UriUtil.replaceSubdomain(uri, str);
        return (isCacheDisabled() || z) ? requestAccessToken(replaceSubdomain, httpHeaders, map) : getOrRequestAccessToken(replaceSubdomain, httpHeaders, map);
    }

    private OAuth2TokenResponse getOrRequestAccessToken(URI uri, HttpHeaders httpHeaders, Map<String, String> map) throws OAuth2ServiceException {
        LOGGER.debug("Token was requested for endpoint uri={} with headers={} and parameters={}", new Object[]{uri, httpHeaders, map});
        CacheKey cacheKey = new CacheKey(uri, httpHeaders, map);
        OAuth2TokenResponse oAuth2TokenResponse = (OAuth2TokenResponse) this.responseCache.getIfPresent(cacheKey);
        if (oAuth2TokenResponse == null) {
            LOGGER.debug("Token not found in cache, requesting a new one");
            getAndCacheToken(cacheKey);
        } else {
            LOGGER.debug("The token was found in cache");
            if (oAuth2TokenResponse.getExpiredAt().minus((TemporalAmount) getCacheConfiguration().getTokenExpirationDelta()).isBefore(Instant.now(getClock()))) {
                LOGGER.debug("The cached token needs to be refreshed, requesting a new one");
                getAndCacheToken(cacheKey);
            }
        }
        OAuth2TokenResponse oAuth2TokenResponse2 = (OAuth2TokenResponse) this.responseCache.getIfPresent(cacheKey);
        logDebug(oAuth2TokenResponse2);
        return oAuth2TokenResponse2;
    }

    private void logDebug(OAuth2TokenResponse oAuth2TokenResponse) {
        if (LOGGER.isDebugEnabled()) {
            try {
                LOGGER.debug("Access token: {}", oAuth2TokenResponse.getDecodedAccessToken());
            } catch (IllegalArgumentException e) {
                LOGGER.debug("Access token can not be logged. {}", e.getMessage());
            }
        }
    }

    protected Clock getClock() {
        return Clock.systemUTC();
    }

    private void getAndCacheToken(CacheKey cacheKey) throws OAuth2ServiceException {
        this.responseCache.put(cacheKey, requestAccessToken(cacheKey.tokenEndpointUri, cacheKey.headers, cacheKey.parameters));
    }

    private boolean isCacheDisabled() {
        return getCacheConfiguration().isCacheDisabled();
    }

    private Cache<CacheKey, OAuth2TokenResponse> createResponseCache(Ticker ticker, boolean z) {
        Caffeine expireAfterWrite = Caffeine.newBuilder().maximumSize(getCacheConfiguration().getCacheSize()).ticker(ticker).expireAfterWrite(getCacheConfiguration().getCacheDuration());
        if (z) {
            expireAfterWrite.executor((v0) -> {
                v0.run();
            });
        }
        if (getCacheConfiguration().isCacheStatisticsEnabled()) {
            expireAfterWrite.recordStats();
        }
        return expireAfterWrite.build();
    }

    @Override // com.sap.cloud.security.xsuaa.tokenflows.Cacheable
    public Object getCacheStatistics() {
        if (getCacheConfiguration().isCacheStatisticsEnabled()) {
            return this.responseCache.stats();
        }
        return null;
    }
}
