package de.adorsys.sts.token.secretserver;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.adorsys.sts.keymanagement.service.DecryptionService;
import de.adorsys.sts.secret.SecretServerClient;
import de.adorsys.sts.token.tokenexchange.TokenExchangeClient;
import de.adorsys.sts.token.tokenexchange.TokenExchangeConstants;
import de.adorsys.sts.tokenauth.BearerToken;
import de.adorsys.sts.tokenauth.BearerTokenValidator;

/* loaded from: input_file:BOOT-INF/lib/sts-token-1.1.18.jar:de/adorsys/sts/token/secretserver/TokenExchangeSecretServerClient.class */
public class TokenExchangeSecretServerClient implements SecretServerClient {
    private final String audience;
    private final String secretServerUri;
    private final TokenExchangeClient tokenExchangeClient;
    private final BearerTokenValidator bearerTokenValidator;
    private final DecryptionService decryptionService;

    public TokenExchangeSecretServerClient(String str, String str2, TokenExchangeClient tokenExchangeClient, BearerTokenValidator bearerTokenValidator, DecryptionService decryptionService) {
        this.audience = str;
        this.secretServerUri = str2;
        this.tokenExchangeClient = tokenExchangeClient;
        this.bearerTokenValidator = bearerTokenValidator;
        this.decryptionService = decryptionService;
    }

    @Override // de.adorsys.sts.secret.SecretServerClient
    public String getSecret(String str) {
        BearerToken extract = this.bearerTokenValidator.extract(this.tokenExchangeClient.exchangeToken(this.secretServerUri, this.audience, str).getAccess_token());
        if (!extract.isValid()) {
            throw new IllegalArgumentException("Exchanged token is invalid");
        }
        return this.decryptionService.decrypt(((JsonNode) new ObjectMapper().convertValue(extract.getClaims().toJSONObject(), JsonNode.class)).get(TokenExchangeConstants.SECRETS_CLAIM_KEY).get(this.audience).asText());
    }
}
