package io.jans.kc.api.config.client.impl;

import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import io.jans.kc.api.config.client.ApiCredentials;
import io.jans.kc.api.config.client.ApiCredentialsError;
import io.jans.kc.api.config.client.ApiCredentialsProvider;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;

/* loaded from: input_file:io/jans/kc/api/config/client/impl/OAuthApiCredentialsProvider.class */
public class OAuthApiCredentialsProvider implements ApiCredentialsProvider {
    private URI tokenEndpoint;
    private ClientAuthentication clientAuthn;
    private Scope scope;
    private AuthorizationGrant grant = new ClientCredentialsGrant();

    private OAuthApiCredentialsProvider(URI uri, ClientAuthentication clientAuthentication, Scope scope) {
        this.tokenEndpoint = uri;
        this.clientAuthn = clientAuthentication;
        this.scope = scope;
    }

    @Override // io.jans.kc.api.config.client.ApiCredentialsProvider
    public ApiCredentials getApiCredentials() {
        try {
            TokenResponse parse = TokenResponse.parse(new TokenRequest(this.tokenEndpoint, this.clientAuthn, this.grant, this.scope).toHTTPRequest().send());
            if (parse.indicatesSuccess()) {
                return new ApiCredentials(parse.toSuccessResponse().getTokens().getAccessToken().toString());
            }
            TokenErrorResponse errorResponse = parse.toErrorResponse();
            if (errorResponse.getErrorObject() != null) {
                throw new ApiCredentialsError("Error fetching API credentials. " + errorResponse.getErrorObject().toString());
            }
            throw new ApiCredentialsError("Error fetching API credentials.");
        } catch (IOException e) {
            throw new ApiCredentialsError("An I/O error occured while retrieving the API Credentials", e);
        } catch (ParseException e2) {
            throw new ApiCredentialsError("Could not process response containing API credentials from server", e2);
        }
    }

    private static ClientAuthentication clientAuthenticationFromAuthnParams(TokenEndpointAuthnParams tokenEndpointAuthnParams) {
        if (tokenEndpointAuthnParams.isBasicAuthn()) {
            return new ClientSecretBasic(new ClientID(tokenEndpointAuthnParams.clientId()), new Secret(tokenEndpointAuthnParams.clientSecret()));
        }
        if (tokenEndpointAuthnParams.isPostAuthn()) {
            return new ClientSecretPost(new ClientID(tokenEndpointAuthnParams.clientId()), new Secret(tokenEndpointAuthnParams.clientSecret()));
        }
        if (tokenEndpointAuthnParams.isPrivateKeyJwtAuthn()) {
            throw new CredentialsProviderError("Private key JWT authentication not supported");
        }
        throw new CredentialsProviderError("Unsupported authentication method specified");
    }

    public static final ApiCredentialsProvider create(String str, TokenEndpointAuthnParams tokenEndpointAuthnParams) {
        try {
            return new OAuthApiCredentialsProvider(new URI(str), clientAuthenticationFromAuthnParams(tokenEndpointAuthnParams), Scope.parse(tokenEndpointAuthnParams.scopes()));
        } catch (URISyntaxException e) {
            throw new CredentialsProviderError("Malformed token endpoint specified", e);
        }
    }
}
