package com.appiancorp.oauth.inbound;

import com.appiancorp.oauth.inbound.authserver.tokens.TokenSet;
import com.appiancorp.oauth.inbound.monitor.OAuthAccessTokenResponseLogger;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.http.ServletUtils;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.oauth2.sdk.token.Tokens;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Date;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:com/appiancorp/oauth/inbound/OAuthTokenResponseGenerator.class */
public class OAuthTokenResponseGenerator {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthTokenResponseGenerator.class);
    private static final String ERROR_URI_PROPERTY_KEY = "links.docs.security.dialog.webApi.authentication.oauth.clientCredentials";
    private URI errorUri;
    private Supplier<Date> newDateSupplier = () -> {
        return Date.from(Instant.now());
    };

    public OAuthTokenResponseGenerator(OAuthDocsLinkProvider oAuthDocsLinkProvider) {
        try {
            this.errorUri = new URI(oAuthDocsLinkProvider.getHelpDocLink(ERROR_URI_PROPERTY_KEY));
        } catch (URISyntaxException e) {
            LOG.error("Could not get help doc link for OAuth response", e);
        }
    }

    public void applyTokenToResponse(String str, HttpServletResponse httpServletResponse) throws IOException {
        ServletUtils.applyHTTPResponse(new AccessTokenResponse(new Tokens(new BearerAccessToken(str, 900L, (Scope) null), (RefreshToken) null)).toHTTPResponse(), httpServletResponse);
    }

    public void applyTokenToResponse(TokenSet tokenSet, HttpServletResponse httpServletResponse) throws IOException {
        BearerAccessToken bearerAccessToken;
        if (tokenSet.getAccessTokenExpirationTime().isPresent()) {
            bearerAccessToken = new BearerAccessToken((String) tokenSet.getAccessToken().get(), Duration.between(this.newDateSupplier.get().toInstant(), ((Date) tokenSet.getAccessTokenExpirationTime().get()).toInstant()).get(ChronoUnit.SECONDS), (Scope) null);
        } else {
            bearerAccessToken = new BearerAccessToken((String) tokenSet.getAccessToken().get());
        }
        RefreshToken refreshToken = null;
        if (tokenSet.getRefreshToken().isPresent()) {
            refreshToken = new RefreshToken((String) tokenSet.getRefreshToken().get());
        }
        ServletUtils.applyHTTPResponse(new AccessTokenResponse(new Tokens(bearerAccessToken, refreshToken)).toHTTPResponse(), httpServletResponse);
    }

    public void applyErrorToResponse(Exception exc, HttpServletResponse httpServletResponse, long j, GrantType grantType) throws IOException {
        OAuthTokenErrorCode oAuthTokenErrorCode = OAuthTokenErrorCode.getOAuthTokenErrorCode(exc);
        ServletUtils.applyHTTPResponse((oAuthTokenErrorCode.shouldExceptionBeIgnored() ? getCustomTokenErrorResponse(oAuthTokenErrorCode.getOAuth2Error(), grantType) : getCustomTokenErrorResponse(oAuthTokenErrorCode.getOAuth2Error(), exc, grantType)).toHTTPResponse(), httpServletResponse);
        if (oAuthTokenErrorCode != OAuthTokenErrorCode.UNEXPECTED_ERR) {
            OAuthAccessTokenResponseLogger.logResponseBadRequest(j);
        } else {
            LOG.error("Unexpected server error while handling token generation request.", exc);
            OAuthAccessTokenResponseLogger.logResponseServerError(j);
        }
    }

    public void applyForbiddenResponse(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
    }

    public void setNewDateSupplier(Supplier<Date> supplier) {
        this.newDateSupplier = supplier;
    }

    private TokenErrorResponse getCustomTokenErrorResponse(ErrorObject errorObject, Exception exc, GrantType grantType) {
        ErrorObject errorObject2 = errorObject;
        if (exc.getMessage() != null) {
            errorObject2 = errorObject.setDescription(exc.getMessage());
        }
        return getCustomTokenErrorResponse(errorObject2, grantType);
    }

    private TokenErrorResponse getCustomTokenErrorResponse(ErrorObject errorObject, GrantType grantType) {
        return (this.errorUri == null || GrantType.AUTHORIZATION_CODE.equals(grantType) || GrantType.REFRESH_TOKEN.equals(grantType)) ? new TokenErrorResponse(errorObject) : new TokenErrorResponse(errorObject.setURI(this.errorUri));
    }
}
