package com.venafi.vcert.sdk.connectors.tpp;

import com.venafi.vcert.sdk.VCertException;
import com.venafi.vcert.sdk.connectors.ConnectorException;
import com.venafi.vcert.sdk.connectors.TokenConnector;
import com.venafi.vcert.sdk.connectors.tpp.AbstractTppConnector;
import com.venafi.vcert.sdk.endpoint.Authentication;
import com.venafi.vcert.sdk.endpoint.ConnectorType;
import feign.FeignException;
import feign.Response;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/connectors/tpp/TppTokenConnector.class */
public class TppTokenConnector extends TppConnector implements TokenConnector {
    private TokenInfo tokenInfo;

    public TppTokenConnector(Tpp tpp) {
        super(tpp);
    }

    @Override // com.venafi.vcert.sdk.connectors.tpp.TppConnector, com.venafi.vcert.sdk.connectors.Connector
    public ConnectorType getType() {
        return ConnectorType.TPP_TOKEN;
    }

    private String getAuthHeaderValue() throws VCertException {
        return getAuthHeaderValue(this.credentials);
    }

    private String getAuthHeaderValue(Authentication authentication) throws VCertException {
        if (isEmptyAccessToken(authentication)) {
            throw new ConnectorException.MissingAccessTokenException();
        }
        return String.format("Bearer %s", authentication.accessToken());
    }

    @Override // com.venafi.vcert.sdk.connectors.tpp.TppConnector, com.venafi.vcert.sdk.connectors.Connector
    public boolean isEmptyCredentials(Authentication authentication) {
        if (authentication == null) {
            return true;
        }
        return isEmptyTokens(authentication) && super.isEmptyCredentials(authentication);
    }

    @Override // com.venafi.vcert.sdk.connectors.tpp.TppConnector, com.venafi.vcert.sdk.connectors.Connector
    public void authorize(Authentication authentication) throws VCertException {
        if (authentication == null) {
            throw new ConnectorException.MissingCredentialsException();
        }
        if (isEmptyTokens(authentication)) {
            authorizeToken(authentication);
        } else {
            verifyAccessToken(authentication);
        }
    }

    private boolean isEmptyTokens(Authentication authentication) {
        return isEmptyAccessToken(authentication) && isEmptyRefreshToken(authentication);
    }

    private boolean isEmptyAccessToken(Authentication authentication) {
        return authentication == null || StringUtils.isBlank(authentication.accessToken());
    }

    private boolean isEmptyRefreshToken(Authentication authentication) {
        return authentication == null || StringUtils.isBlank(authentication.refreshToken());
    }

    private void verifyAccessToken(Authentication authentication) throws VCertException {
        if (!StringUtils.isBlank(authentication.accessToken())) {
            try {
                this.tpp.verifyToken(getAuthHeaderValue(authentication));
            } catch (FeignException.BadRequest | FeignException.Unauthorized e) {
                throw VCertException.fromFeignException(e);
            }
        }
        this.credentials = authentication;
        this.tokenInfo = null;
    }

    private void authorizeToken(Authentication authentication) throws VCertException {
        try {
            AuthorizeTokenResponse authorizeToken = this.tpp.authorizeToken(new AbstractTppConnector.AuthorizeTokenRequest(authentication.user(), authentication.password(), authentication.clientId(), authentication.scope(), authentication.state(), authentication.redirectUri()));
            this.tokenInfo = new TokenInfo(authorizeToken.accessToken(), authorizeToken.refreshToken(), authorizeToken.expire(), authorizeToken.tokenType(), authorizeToken.scope(), authorizeToken.identity(), authorizeToken.refreshUntil(), true, null);
            setTokenCredentials(authentication);
        } catch (FeignException.BadRequest | FeignException.Unauthorized e) {
            throw VCertException.fromFeignException(e);
        }
    }

    private void setTokenCredentials(Authentication authentication) {
        this.credentials = authentication.accessToken(this.tokenInfo.accessToken()).refreshToken(this.tokenInfo.refreshToken());
    }

    @Override // com.venafi.vcert.sdk.connectors.TokenConnector
    public TokenInfo getTokenInfo() throws VCertException {
        return this.tokenInfo;
    }

    @Override // com.venafi.vcert.sdk.connectors.TokenConnector
    public TokenInfo getAccessToken(Authentication authentication) throws VCertException {
        if (authentication == null) {
            throw new ConnectorException.MissingCredentialsException();
        }
        authenticate(Authentication.builder().user(authentication.user()).password(authentication.password()).clientId(authentication.clientId()).scope(authentication.scope()).state(authentication.state()).redirectUri(authentication.redirectUri()).build());
        setTokenCredentials(authentication);
        return getTokenInfo();
    }

    @Override // com.venafi.vcert.sdk.connectors.TokenConnector
    public TokenInfo getAccessToken() throws VCertException {
        return getAccessToken(this.credentials);
    }

    @Override // com.venafi.vcert.sdk.connectors.TokenConnector
    public TokenInfo refreshAccessToken(String str) throws VCertException {
        if (StringUtils.isBlank(this.credentials.refreshToken())) {
            throw new ConnectorException.MissingRefreshTokenException();
        }
        try {
            RefreshTokenResponse refreshToken = this.tpp.refreshToken(new AbstractTppConnector.RefreshTokenRequest(this.credentials.refreshToken(), str));
            this.tokenInfo = new TokenInfo(refreshToken.accessToken(), refreshToken.refreshToken(), refreshToken.expire(), refreshToken.tokenType(), refreshToken.scope(), "", refreshToken.refreshUntil(), true, null);
            this.credentials.accessToken(this.tokenInfo.accessToken());
            this.credentials.refreshToken(this.tokenInfo.refreshToken());
            return this.tokenInfo;
        } catch (FeignException.BadRequest e) {
            throw VCertException.fromFeignException(e);
        }
    }

    @Override // com.venafi.vcert.sdk.connectors.TokenConnector
    public int revokeAccessToken() throws VCertException {
        Response revokeToken = this.tpp.revokeToken(getAuthHeaderValue());
        if (revokeToken.status() == 200) {
            return revokeToken.status();
        }
        throw new ConnectorException.FailedToRevokeTokenException(revokeToken.reason());
    }

    @Override // com.venafi.vcert.sdk.connectors.tpp.TppConnector, com.venafi.vcert.sdk.connectors.tpp.AbstractTppConnector
    protected TppAPI getTppAPI() {
        if (this.tppAPI == null) {
            this.tppAPI = new TppAPI(this.tpp) { // from class: com.venafi.vcert.sdk.connectors.tpp.TppTokenConnector.1
                @Override // com.venafi.vcert.sdk.connectors.tpp.TppAPI
                public String getAuthKey() throws VCertException {
                    return TppTokenConnector.this.getAuthHeaderValue();
                }
            };
        }
        return this.tppAPI;
    }
}
