package org.bremersee.web.reactive.function.client;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import java.util.Date;
import org.bremersee.security.OAuth2Helper;
import org.bremersee.security.OAuth2Properties;
import org.bremersee.security.authentication.AccessTokenRetriever;
import org.bremersee.security.authentication.PasswordFlowAccessTokenReactiveRetriever;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.util.Assert;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.ExchangeFunction;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/bremersee/web/reactive/function/client/PasswordFlowTokenAppender.class */
public class PasswordFlowTokenAppender implements ExchangeFilterFunction {
    private OAuth2Properties properties;
    private AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> accessTokenRetriever;
    private String accessToken;
    private Date expirationTime;

    public PasswordFlowTokenAppender(OAuth2Properties oAuth2Properties) {
        Assert.notNull(oAuth2Properties, "OAuth2 properties must not be null.");
        this.properties = oAuth2Properties;
        this.accessTokenRetriever = new PasswordFlowAccessTokenReactiveRetriever(WebClient.builder().baseUrl(oAuth2Properties.getPasswordFlow().getTokenEndpoint()).build());
    }

    public PasswordFlowTokenAppender(OAuth2Properties oAuth2Properties, AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> accessTokenRetriever) {
        Assert.notNull(oAuth2Properties, "OAuth2 properties must not be null.");
        Assert.notNull(accessTokenRetriever, "Access token retriever must not be null.");
        this.properties = oAuth2Properties;
        this.accessTokenRetriever = accessTokenRetriever;
    }

    public Mono<ClientResponse> filter(ClientRequest clientRequest, ExchangeFunction exchangeFunction) {
        return (this.accessToken == null || this.expirationTime == null || this.expirationTime.before(new Date(System.currentTimeMillis() - this.properties.getPasswordFlow().getExpirationTimeRemainsMillis()))) ? ((Mono) this.accessTokenRetriever.retrieveAccessToken(OAuth2Helper.createPasswordFlowBody(this.properties.getPasswordFlow().getClientId(), this.properties.getPasswordFlow().getClientSecret(), this.properties.getPasswordFlow().getSystemUsername(), this.properties.getPasswordFlow().getSystemPassword()))).map(this::parse).flatMap(mono -> {
            return exchangeFunction.exchange(ClientRequest.from(clientRequest).headers(httpHeaders -> {
                httpHeaders.set("Authorization", "Bearer " + mono);
            }).build());
        }) : Mono.just(this.accessToken).flatMap(str -> {
            return exchangeFunction.exchange(ClientRequest.from(clientRequest).headers(httpHeaders -> {
                httpHeaders.set("Authorization", "Bearer " + str);
            }).build());
        });
    }

    private Mono<String> parse(String str) {
        try {
            JWT parse = JWTParser.parse(str);
            this.accessToken = str;
            this.expirationTime = parse.getJWTClaimsSet().getExpirationTime();
            return Mono.just(str);
        } catch (Exception e) {
            throw new JwtException("An error occurred while attempting to decode the Jwt: " + e.getMessage(), e);
        }
    }

    OAuth2Properties getProperties() {
        return this.properties;
    }

    AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> getAccessTokenRetriever() {
        return this.accessTokenRetriever;
    }
}
