package org.cloudfoundry.reactor.tokenprovider;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.util.AsciiString;
import java.time.Duration;
import java.util.Base64;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.Function;
import org.cloudfoundry.reactor.ConnectionContext;
import org.cloudfoundry.reactor.TokenProvider;
import org.cloudfoundry.reactor.util.JsonCodec;
import org.cloudfoundry.reactor.util.NetworkLogging;
import org.immutables.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.SystemPropertyUtils;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dependencies/cloudfoundry-client-reactor-2.0.1.RELEASE.jar:org/cloudfoundry/reactor/tokenprovider/AbstractUaaTokenProvider.class */
public abstract class AbstractUaaTokenProvider implements TokenProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger("cloudfoundry-client.token");
    private static final Duration REFRESH_MARGIN = Duration.ofSeconds(10);
    private final Object refreshTokenMonitor = new Object();
    private final ConcurrentMap<ConnectionContext, Mono<String>> tokens = new ConcurrentHashMap(1);
    private volatile String refreshToken;

    @Value.Default
    public String getClientId() {
        return "cf";
    }

    @Value.Default
    public String getClientSecret() {
        return "";
    }

    @Override // org.cloudfoundry.reactor.TokenProvider
    public final Mono<String> getToken(ConnectionContext connectionContext) {
        return this.tokens.computeIfAbsent(connectionContext, this::getTokenFlow);
    }

    protected abstract UriComponentsBuilder getAccessTokenUri(UriComponentsBuilder uriComponentsBuilder);

    private static Duration getRefreshDelay(Map<String, Integer> map) {
        return Duration.ofSeconds(map.get("expires_in").intValue()).minus(REFRESH_MARGIN);
    }

    private String getAuthorizationValue() {
        return String.format("Basic %s", Base64.getEncoder().encodeToString(new AsciiString(getClientId()).concat(SystemPropertyUtils.VALUE_SEPARATOR).concat(getClientSecret()).toByteArray()));
    }

    private UriComponentsBuilder getRefreshTokenUri(UriComponentsBuilder uriComponentsBuilder, String str) {
        return uriComponentsBuilder.queryParam("grant_type", "refresh_token").queryParam("client_id", getClientId()).queryParam("client_secret", getClientSecret()).queryParam("refresh_token", str);
    }

    private Mono<String> getTokenFlow(ConnectionContext connectionContext) {
        return connectionContext.getRoot("authorization_endpoint").map(this::getTokenUri).then((Function<? super R, ? extends Mono<? extends R>>) str -> {
            return connectionContext.getHttpClient().post(str, httpClientRequest -> {
                return httpClientRequest.addHeader("Content-Length", "0").addHeader(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.APPLICATION_X_WWW_FORM_URLENCODED).addHeader(HttpHeaderNames.AUTHORIZATION, getAuthorizationValue()).removeTransferEncodingChunked().sendHeaders();
            }).doOnSubscribe(NetworkLogging.get(str)).compose(NetworkLogging.response(str));
        }).then(httpClientResponse -> {
            return httpClientResponse.receive2().aggregate().toInputStream();
        }).map(JsonCodec.decode(connectionContext.getObjectMapper(), Map.class)).doOnNext(map -> {
            synchronized (this.refreshTokenMonitor) {
                this.refreshToken = (String) map.get("refresh_token");
            }
        }).flatMap(map2 -> {
            return Flux.merge(Mono.just(map2.get("access_token")), Mono.delay(getRefreshDelay(map2)).then());
        }).repeat().cast(String.class).doOnNext(str2 -> {
            LOGGER.debug("JWT Token: {}", str2);
        }).cache(1).next();
    }

    private String getTokenUri(String str) {
        UriComponentsBuilder accessTokenUri;
        UriComponentsBuilder pathSegment = UriComponentsBuilder.fromUriString(str).pathSegment("oauth", "token");
        synchronized (this.refreshTokenMonitor) {
            accessTokenUri = this.refreshToken == null ? getAccessTokenUri(pathSegment) : getRefreshTokenUri(pathSegment, this.refreshToken);
        }
        return accessTokenUri.build().encode().toUriString();
    }
}
