package org.eclipse.digitaltwin.basyx.client.internal.authorization.grant;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.RefreshTokenGrant;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import org.eclipse.digitaltwin.basyx.client.internal.authorization.credential.ClientCredential;
import org.eclipse.digitaltwin.basyx.client.internal.authorization.credential.PasswordCredential;
import org.eclipse.digitaltwin.basyx.core.exceptions.AccessTokenRetrievalException;

/* loaded from: input_file:BOOT-INF/lib/basyx.client-2.0.0-milestone-03.jar:org/eclipse/digitaltwin/basyx/client/internal/authorization/grant/PasswordCredentialAccessTokenProvider.class */
public class PasswordCredentialAccessTokenProvider implements AccessTokenProvider {
    private final PasswordCredential passwordCredential;
    private final ClientCredential clientCredential;
    private Collection<String> scopes;

    public PasswordCredentialAccessTokenProvider(PasswordCredential passwordCredential, ClientCredential clientCredential) {
        this.passwordCredential = passwordCredential;
        this.clientCredential = clientCredential;
    }

    public PasswordCredentialAccessTokenProvider(PasswordCredential passwordCredential, ClientCredential clientCredential, Collection<String> collection) {
        this(passwordCredential, clientCredential);
        this.scopes = collection;
    }

    @Override // org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.AccessTokenProvider
    public AccessTokenResponse getAccessTokenResponse(String str) {
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant(this.passwordCredential.getUsername(), new Secret(this.passwordCredential.getPassword()));
        return getTokenResponse(new TokenRequest(getTokenEndpointUri(str), new ClientSecretBasic(new ClientID(this.clientCredential.getClientId()), new Secret(this.clientCredential.getClientSecret())), resourceOwnerPasswordCredentialsGrant, Scope.parse(this.scopes)));
    }

    @Override // org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.AccessTokenProvider
    public AccessTokenResponse getAccessTokenResponse(String str, String str2) {
        RefreshTokenGrant refreshTokenGrant = new RefreshTokenGrant(new RefreshToken(str2));
        return getTokenResponse(new TokenRequest(getTokenEndpointUri(str), new ClientSecretBasic(new ClientID(this.clientCredential.getClientId()), new Secret(this.clientCredential.getClientSecret())), refreshTokenGrant));
    }

    private AccessTokenResponse getTokenResponse(TokenRequest tokenRequest) {
        try {
            TokenResponse parse = TokenResponse.parse(tokenRequest.toHTTPRequest().send());
            if (parse.indicatesSuccess()) {
                return parse.toSuccessResponse();
            }
            throw new AccessTokenRetrievalException("Error occurred while retrieving access token" + parse.toErrorResponse().toString());
        } catch (ParseException | IOException e) {
            throw new AccessTokenRetrievalException("Error occurred while retrieving access token" + e.getMessage());
        }
    }

    private URI getTokenEndpointUri(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            throw new RuntimeException(e.getMessage());
        }
    }
}
