package org.eclipse.edc.connector.provision.oauth2;

import java.security.PrivateKey;
import java.time.Clock;
import org.eclipse.edc.iam.oauth2.spi.Oauth2AssertionDecorator;
import org.eclipse.edc.iam.oauth2.spi.client.Oauth2CredentialsRequest;
import org.eclipse.edc.iam.oauth2.spi.client.PrivateKeyOauth2CredentialsRequest;
import org.eclipse.edc.iam.oauth2.spi.client.SharedSecretOauth2CredentialsRequest;
import org.eclipse.edc.jwt.TokenGenerationServiceImpl;
import org.eclipse.edc.jwt.spi.JwtDecorator;
import org.eclipse.edc.spi.iam.TokenRepresentation;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.spi.security.PrivateKeyResolver;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:org/eclipse/edc/connector/provision/oauth2/Oauth2CredentialsRequestFactory.class */
public class Oauth2CredentialsRequestFactory {
    private static final String GRANT_CLIENT_CREDENTIALS = "client_credentials";
    private final PrivateKeyResolver privateKeyResolver;
    private final Clock clock;

    public Oauth2CredentialsRequestFactory(PrivateKeyResolver privateKeyResolver, Clock clock) {
        this.privateKeyResolver = privateKeyResolver;
        this.clock = clock;
    }

    public Result<Oauth2CredentialsRequest> create(Oauth2ResourceDefinition oauth2ResourceDefinition) {
        String privateKeyName = oauth2ResourceDefinition.getPrivateKeyName();
        return privateKeyName != null ? createPrivateKeyBasedRequest(privateKeyName, oauth2ResourceDefinition) : createSharedSecretRequest(oauth2ResourceDefinition);
    }

    @NotNull
    private Result<Oauth2CredentialsRequest> createPrivateKeyBasedRequest(String str, Oauth2ResourceDefinition oauth2ResourceDefinition) {
        return createAssertion(str, oauth2ResourceDefinition).map(tokenRepresentation -> {
            return PrivateKeyOauth2CredentialsRequest.Builder.newInstance().clientAssertion(tokenRepresentation.getToken()).url(oauth2ResourceDefinition.getTokenUrl()).grantType(GRANT_CLIENT_CREDENTIALS).scope(oauth2ResourceDefinition.getScope()).build();
        });
    }

    @NotNull
    private Result<Oauth2CredentialsRequest> createSharedSecretRequest(Oauth2ResourceDefinition oauth2ResourceDefinition) {
        return Result.success(SharedSecretOauth2CredentialsRequest.Builder.newInstance().url(oauth2ResourceDefinition.getTokenUrl()).grantType(GRANT_CLIENT_CREDENTIALS).clientId(oauth2ResourceDefinition.getClientId()).clientSecret(oauth2ResourceDefinition.getClientSecret()).scope(oauth2ResourceDefinition.getScope()).build());
    }

    @NotNull
    private Result<TokenRepresentation> createAssertion(String str, Oauth2ResourceDefinition oauth2ResourceDefinition) {
        PrivateKey privateKey = (PrivateKey) this.privateKeyResolver.resolvePrivateKey(str, PrivateKey.class);
        if (privateKey == null) {
            return Result.failure("Failed to resolve private key with alias: " + str);
        }
        return new TokenGenerationServiceImpl(privateKey).generate(new JwtDecorator[]{new Oauth2AssertionDecorator(oauth2ResourceDefinition.getTokenUrl(), oauth2ResourceDefinition.getClientId(), this.clock, oauth2ResourceDefinition.getValidity())});
    }
}
