package com.vmware.vapi.vmc.client.authz;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.vmware.vapi.core.ExecutionContext;
import com.vmware.vapi.internal.protocol.client.rest.authn.FetchTokenException;
import com.vmware.vapi.internal.protocol.client.rpc.HttpRequest;
import com.vmware.vapi.internal.protocol.client.rpc.HttpResponse;
import com.vmware.vapi.internal.protocol.client.rpc.RestTransport;
import com.vmware.vapi.internal.protocol.client.rpc.http.HttpRequestImpl;
import com.vmware.vapi.internal.util.io.IoUtil;
import java.nio.charset.StandardCharsets;
import java.util.Objects;

/* loaded from: input_file:com/vmware/vapi/vmc/client/authz/CspAccessRequestor.class */
public final class CspAccessRequestor implements AccessRequestor {
    private final String authorizationUrl;

    /* loaded from: input_file:com/vmware/vapi/vmc/client/authz/CspAccessRequestor$TokenResponseHandler.class */
    static class TokenResponseHandler implements HttpRequest.HttpResponseHandler {
        private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
        private static final String ACCESS_TOKEN_KEY = "access_token";
        private static final String EXPIRATION_KEY = "expires_in";
        private static final int EXPIRATION_DEFAULT_VALUE = 0;
        private final AuthorizationResponseHandler handler;

        public TokenResponseHandler(AuthorizationResponseHandler authorizationResponseHandler) {
            this.handler = (AuthorizationResponseHandler) Objects.requireNonNull(authorizationResponseHandler, "handler cannot be null");
        }

        public void onResult(HttpResponse httpResponse) {
            try {
                JsonNode parse = parse(httpResponse);
                final JsonNode jsonNode = parse.get(ACCESS_TOKEN_KEY);
                final JsonNode jsonNode2 = parse.get(EXPIRATION_KEY);
                this.handler.onResult(new AccessAuthorization() { // from class: com.vmware.vapi.vmc.client.authz.CspAccessRequestor.TokenResponseHandler.1
                    @Override // com.vmware.vapi.vmc.client.authz.AccessAuthorization
                    public int getExpiration() {
                        return jsonNode2 == null ? TokenResponseHandler.EXPIRATION_DEFAULT_VALUE : jsonNode2.asInt(TokenResponseHandler.EXPIRATION_DEFAULT_VALUE);
                    }

                    @Override // com.vmware.vapi.vmc.client.authz.AccessAuthorization
                    public char[] getAccessToken() {
                        return jsonNode.asText().toCharArray();
                    }
                });
            } catch (FetchTokenException e) {
                this.handler.onError(e);
            }
        }

        static JsonNode parse(HttpResponse httpResponse) {
            try {
                int statusCode = httpResponse.getStatusCode();
                try {
                    byte[] body = httpResponse.getBody();
                    if (statusCode < 200 || statusCode > 201) {
                        throw new FetchTokenException(addBody("Invalid token response status: " + statusCode, body));
                    }
                    try {
                        JsonNode readTree = OBJECT_MAPPER.readTree(body);
                        if (readTree == null) {
                            throw new FetchTokenException("Empty token response");
                        }
                        JsonNode jsonNode = readTree.get(ACCESS_TOKEN_KEY);
                        if (jsonNode == null || jsonNode.isNull()) {
                            throw new FetchTokenException("Missing token");
                        }
                        return readTree;
                    } catch (Exception e) {
                        throw new FetchTokenException(addBody("Unable to parse token response as JSON:", body), e);
                    }
                } catch (RuntimeException e2) {
                    throw new FetchTokenException("Unable to obtain token response body", e2);
                }
            } catch (RuntimeException e3) {
                IoUtil.silentClose(httpResponse);
                throw new FetchTokenException("Unable to obtain token response status", e3);
            }
        }

        private static String addBody(String str, byte[] bArr) {
            if (bArr == null || bArr.length == 0) {
                return str;
            }
            return str + "\n" + new String(bArr, StandardCharsets.UTF_8);
        }

        public void onError(Exception exc) {
            this.handler.onError(exc);
        }
    }

    public CspAccessRequestor(String str) {
        this.authorizationUrl = str;
    }

    @Override // com.vmware.vapi.vmc.client.authz.AccessRequestor
    public void requestAccess(RestTransport restTransport, ExecutionContext.SecurityContext securityContext, AuthorizationResponseHandler authorizationResponseHandler) {
        if (!(securityContext instanceof CspSecurityContext)) {
            authorizationResponseHandler.onError(new FetchTokenException("Refresh token is not set. ctx must be a CspSecurityContext instance"));
            return;
        }
        char[] refreshToken = ((CspSecurityContext) securityContext).getRefreshToken();
        HttpRequestImpl httpRequestImpl = new HttpRequestImpl();
        httpRequestImpl.setUrl(this.authorizationUrl);
        httpRequestImpl.addHeader("Content-Type", "application/x-www-form-urlencoded");
        httpRequestImpl.setBody(("refresh_token=" + new String(refreshToken)).getBytes(StandardCharsets.UTF_8));
        httpRequestImpl.setMethod(HttpRequest.HttpMethod.POST);
        restTransport.execute(httpRequestImpl, new TokenResponseHandler(authorizationResponseHandler), new ExecutionContext());
    }
}
