package com.atlassian.pipelines.stargate.client.core.auth.oauth;

import com.atlassian.bitbucketci.client.api.ImmutableClientOperationKey;
import com.atlassian.bitbucketci.client.reactive.FaultToleranceStrategy;
import com.atlassian.bitbucketci.client.reactive.SpringWebServiceClientConfiguration;
import com.atlassian.bitbucketci.client.reactive.SpringWebServiceClientFactory;
import com.atlassian.bitbucketci.client.reactive.hystrix.HystrixStrategy;
import com.atlassian.bitbucketci.client.reactive.retries.RetryStrategy;
import com.atlassian.pipelines.stargate.client.api.auth.oauth.OAuthHeaderInterceptor;
import com.atlassian.pipelines.stargate.client.api.model.OAuthClient;
import com.atlassian.pipelines.stargate.client.api.model.OAuthToken;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import io.reactivex.Single;
import java.net.URI;
import java.time.Duration;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/atlassian/pipelines/stargate/client/core/auth/oauth/OAuthHeaderInterceptorImpl.class */
public final class OAuthHeaderInterceptorImpl implements OAuthHeaderInterceptor {
    private static final String BASE_URI_TEMPLATE = "%s://%s";
    private static final String BASE_URI_WITH_PORT_TEMPLATE = "%s://%s:%s";
    private static final String GRANT_TYPE_FORM_DATA_KEY = "grant_type";
    private static final String GRANT_TYPE_FORM_DATA_VALUE = "client_credentials";
    private static final String CLIENT_ID_FORM_DATA_KEY = "client_id";
    private static final String CLIENT_SECRET_FORM_DATA_KEY = "client_secret";
    private static final String AUDIENCE_FORM_DATA_KEY = "audience";
    private static final int MAX_NUMBER_OF_OAUTH_TOKENS = 1;
    private static final String OAUTH_ACCESS_TOKEN_CACHE_KEY = "OAUTH_ACCESS_TOKEN";
    private static final String BEARER_TOKEN_AUTHORIZATION_HEADER_TEMPLATE = "Bearer %s";
    private final OAuthClient oAuthClient;
    private final FaultToleranceStrategy faultToleranceStrategy;
    private final SpringWebServiceClientFactory springWebServiceClientFactory;
    private final LoadingCache<String, String> oauthTokenCache;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OAuthHeaderInterceptorImpl.class);
    private static final Duration MAX_OAUTH_TOKEN_LIFETIME = Duration.ofMinutes(30);

    @Deprecated
    public OAuthHeaderInterceptorImpl(OAuthClient oAuthClient, RetryStrategy retryStrategy) {
        this.oAuthClient = oAuthClient;
        this.faultToleranceStrategy = new HystrixStrategy();
        this.springWebServiceClientFactory = SpringWebServiceClientFactory.create(getBaseUri(oAuthClient.getTokenEndpoint()), this.faultToleranceStrategy, (Consumer<WebClient.Builder>) builder -> {
        }, retryStrategy);
        this.oauthTokenCache = Caffeine.newBuilder().maximumSize(1L).refreshAfterWrite(MAX_OAUTH_TOKEN_LIFETIME).build(str -> {
            return createToken().blockingGet().getAccessToken();
        });
    }

    public OAuthHeaderInterceptorImpl(OAuthClient oAuthClient, SpringWebServiceClientConfiguration springWebServiceClientConfiguration) {
        this.oAuthClient = oAuthClient;
        this.faultToleranceStrategy = new HystrixStrategy();
        this.springWebServiceClientFactory = SpringWebServiceClientFactory.create(getBaseUri(oAuthClient.getTokenEndpoint()), this.faultToleranceStrategy, (Consumer<WebClient.Builder>) builder -> {
        }, springWebServiceClientConfiguration);
        this.oauthTokenCache = Caffeine.newBuilder().maximumSize(1L).refreshAfterWrite(MAX_OAUTH_TOKEN_LIFETIME).build(str -> {
            return createToken().blockingGet().getAccessToken();
        });
    }

    private static URI getBaseUri(URI uri) {
        return uri.getPort() == -1 ? URI.create(String.format(BASE_URI_TEMPLATE, uri.getScheme(), uri.getHost())) : URI.create(String.format(BASE_URI_WITH_PORT_TEMPLATE, uri.getScheme(), uri.getHost(), Integer.valueOf(uri.getPort())));
    }

    private Single<OAuthToken> createToken() {
        return this.faultToleranceStrategy.getFaultToleranceDecorator(ImmutableClientOperationKey.of(OAuthHeaderInterceptor.TenacityPropertyKeys.POST_OAUTH_TOKEN)).applyForSingle(postToken()).doOnSubscribe(disposable -> {
            logger.info("Getting oauth token");
        }).doOnError(th -> {
            logger.error("An error occured whilst generating an oauth token.", th);
        });
    }

    private Mono<OAuthToken> postToken() {
        return ((WebClient.RequestBodySpec) this.springWebServiceClientFactory.getWebClient().post().uri(this.oAuthClient.getTokenEndpoint().getPath(), new Object[0])).body(postOauthFormData()).retrieve().bodyToMono(OAuthToken.class);
    }

    private BodyInserters.FormInserter<String> postOauthFormData() {
        return BodyInserters.fromFormData(GRANT_TYPE_FORM_DATA_KEY, GRANT_TYPE_FORM_DATA_VALUE).with2("client_id", this.oAuthClient.getId()).with2(CLIENT_SECRET_FORM_DATA_KEY, this.oAuthClient.getSecret()).with2(AUDIENCE_FORM_DATA_KEY, this.oAuthClient.getAudience());
    }

    @Override // com.atlassian.pipelines.stargate.client.api.auth.oauth.OAuthHeaderInterceptor
    public ExchangeFilterFunction exchangeFilter() {
        return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
            return clientRequest.headers().containsKey("Authorization") ? Mono.just(clientRequest) : Mono.just(ClientRequest.from(clientRequest).header("Authorization", String.format(BEARER_TOKEN_AUTHORIZATION_HEADER_TEMPLATE, this.oauthTokenCache.get(OAUTH_ACCESS_TOKEN_CACHE_KEY))).build());
        });
    }
}
