package de.gematik.bbriccs.rest.idp;

import de.gematik.bbriccs.rest.fd.FdRequest;
import de.gematik.bbriccs.rest.fd.plugins.RequestHeaderProvider;
import de.gematik.bbriccs.rest.headers.HttpHeader;
import de.gematik.bbriccs.rest.headers.JwtHeaderKey;
import de.gematik.bbriccs.smartcards.Smartcard;
import de.gematik.bbriccs.smartcards.SmartcardCertificate;
import de.gematik.idp.client.IdpClient;
import de.gematik.idp.client.IdpClientRuntimeException;
import de.gematik.idp.client.IdpTokenResult;
import de.gematik.idp.crypto.model.PkiIdentity;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import lombok.Generated;
import org.hl7.fhir.r4.model.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/bbriccs/rest/idp/IdpTokenHeaderProvider.class */
public class IdpTokenHeaderProvider implements RequestHeaderProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(IdpTokenHeaderProvider.class);
    private final Supplier<IdpTokenResult> authentication;
    private IdpTokenResult idpToken;
    private Instant idpTokenUpdated;

    /* loaded from: input_file:de/gematik/bbriccs/rest/idp/IdpTokenHeaderProvider$JwtHeaderProviderBuilder.class */
    public static class JwtHeaderProviderBuilder {
        private final String discoveryDocumentUrl;
        private final Set<String> scopes = new LinkedHashSet();
        private String redirectUrl;
        private String clientId;

        public JwtHeaderProviderBuilder withRedirectUrl(String str) {
            this.redirectUrl = str;
            return this;
        }

        public JwtHeaderProviderBuilder withClientId(String str) {
            this.clientId = str;
            return this;
        }

        public JwtHeaderProviderBuilder usingScope(String str) {
            return usingScopes(List.of("openid", str));
        }

        public JwtHeaderProviderBuilder usingScopes(List<String> list) {
            this.scopes.addAll(list);
            return this;
        }

        public IdpTokenHeaderProvider authenticateWith(Smartcard smartcard) {
            SmartcardCertificate autCertificate = smartcard.getAutCertificate();
            return authenticateWith(PkiIdentity.builder().certificate(autCertificate.getX509Certificate()).privateKey(autCertificate.getPrivateKey()).build());
        }

        public IdpTokenHeaderProvider authenticateWith(PkiIdentity pkiIdentity) {
            IdpClient initIdpClient = initIdpClient();
            return new IdpTokenHeaderProvider(() -> {
                return initIdpClient.login(pkiIdentity);
            });
        }

        public IdpTokenHeaderProvider authenticateWith(X509Certificate x509Certificate, UnaryOperator<byte[]> unaryOperator) {
            IdpClient initIdpClient = initIdpClient();
            return new IdpTokenHeaderProvider(() -> {
                return initIdpClient.login(x509Certificate, unaryOperator);
            });
        }

        private IdpClient initIdpClient() {
            IdpClient build = IdpClient.builder().clientId(this.clientId).redirectUrl(this.redirectUrl).discoveryDocumentUrl(this.discoveryDocumentUrl).scopes(this.scopes).build();
            build.initialize();
            return build;
        }

        @Generated
        private JwtHeaderProviderBuilder(String str) {
            this.discoveryDocumentUrl = str;
        }
    }

    private IdpTokenHeaderProvider(Supplier<IdpTokenResult> supplier) {
        this.authentication = supplier;
    }

    public HttpHeader forRequest(FdRequest<? extends Resource, ? extends Resource> fdRequest) {
        refreshIdpToken();
        return JwtHeaderKey.AUTHORIZATION.createHeader(this.idpToken.getAccessToken().getRawString());
    }

    private void refreshIdpToken() {
        if (!idpTokenExpired()) {
            log.info("IDP Token is still valid, no need to refresh");
            return;
        }
        log.info("Refresh the IDP Token");
        try {
            this.idpToken = this.authentication.get();
            this.idpTokenUpdated = Instant.now();
        } catch (NullPointerException e) {
            log.warn("Something went wrong during authentication on IDP");
            throw new IdpClientRuntimeException("Caught NullPointer from IDP-Client", e);
        }
    }

    private boolean idpTokenExpired() {
        boolean z;
        if (this.idpToken == null) {
            z = true;
        } else {
            z = Duration.between(this.idpTokenUpdated, Instant.now()).getSeconds() >= ((long) this.idpToken.getExpiresIn());
        }
        return z;
    }

    public static JwtHeaderProviderBuilder withDiscoveryDocumentUrl(String str) {
        return new JwtHeaderProviderBuilder(str);
    }
}
