package io.fabric8.kubernetes.client.utils;

import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.http.BasicBuilder;
import io.fabric8.kubernetes.client.http.HttpClient;
import io.fabric8.kubernetes.client.http.HttpRequest;
import io.fabric8.kubernetes.client.http.HttpResponse;
import io.fabric8.kubernetes.client.http.Interceptor;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;

/* loaded from: input_file:BOOT-INF/lib/kubernetes-client-api-6.7.2.jar:io/fabric8/kubernetes/client/utils/TokenRefreshInterceptor.class */
public class TokenRefreshInterceptor implements Interceptor {
    public static final String AUTHORIZATION = "Authorization";
    public static final String NAME = "TOKEN";
    protected final Config config;
    private final Function<Config, CompletableFuture<String>> remoteRefresh;
    private static final int REFRESH_INTERVAL_MINUTE = 1;
    private volatile Instant latestRefreshTimestamp;

    public TokenRefreshInterceptor(Config config, HttpClient.Factory factory, Instant instant) {
        this(config, instant, (Function<Config, CompletableFuture<String>>) config2 -> {
            return OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(config, config2.getAuthProvider().getConfig(), factory.newBuilder());
        });
    }

    public TokenRefreshInterceptor(Config config, Instant instant, Function<Config, CompletableFuture<String>> function) {
        this.config = config;
        this.remoteRefresh = function;
        this.latestRefreshTimestamp = instant;
    }

    @Override // io.fabric8.kubernetes.client.http.Interceptor
    public void before(BasicBuilder basicBuilder, HttpRequest httpRequest, Interceptor.RequestTags requestTags) {
        if (useBasicAuth()) {
            basicBuilder.header("Authorization", HttpClientUtils.basicCredentials(this.config.getUsername(), this.config.getPassword()));
            return;
        }
        String effectiveOauthToken = getEffectiveOauthToken(this.config);
        if (Utils.isNotNullOrEmpty(effectiveOauthToken)) {
            basicBuilder.header("Authorization", "Bearer " + effectiveOauthToken);
        }
        if (isTimeToRefresh()) {
            refreshToken(basicBuilder);
        }
    }

    private static String getEffectiveOauthToken(Config config) {
        return config.getOauthTokenProvider() != null ? config.getOauthTokenProvider().getToken() : config.getOauthToken() != null ? config.getOauthToken() : config.getAutoOAuthToken();
    }

    protected boolean useBasicAuth() {
        return isBasicAuth();
    }

    protected final boolean isBasicAuth() {
        return Utils.isNotNullOrEmpty(this.config.getUsername()) && Utils.isNotNullOrEmpty(this.config.getPassword());
    }

    private boolean isTimeToRefresh() {
        return this.latestRefreshTimestamp.plus(1L, (TemporalUnit) ChronoUnit.MINUTES).isBefore(Instant.now());
    }

    @Override // io.fabric8.kubernetes.client.http.Interceptor
    public CompletableFuture<Boolean> afterFailure(BasicBuilder basicBuilder, HttpResponse<?> httpResponse, Interceptor.RequestTags requestTags) {
        return shouldFail(httpResponse) ? CompletableFuture.completedFuture(false) : refreshToken(basicBuilder);
    }

    protected boolean shouldFail(HttpResponse<?> httpResponse) {
        return useBasicAuth() || httpResponse.code() != 401;
    }

    private CompletableFuture<Boolean> refreshToken(BasicBuilder basicBuilder) {
        return this.config.getOauthTokenProvider() != null ? CompletableFuture.completedFuture(Boolean.valueOf(overrideNewAccessTokenToConfig(this.config.getOauthTokenProvider().getToken(), basicBuilder))) : this.config.getOauthToken() != null ? CompletableFuture.completedFuture(false) : extractNewAccessTokenFrom(this.config.refresh()).thenApply(str -> {
            return Boolean.valueOf(overrideNewAccessTokenToConfig(str, basicBuilder));
        });
    }

    private CompletableFuture<String> extractNewAccessTokenFrom(Config config) {
        return useRemoteRefresh(config) ? this.remoteRefresh.apply(config) : CompletableFuture.completedFuture(getEffectiveOauthToken(config));
    }

    protected boolean useRemoteRefresh(Config config) {
        return isAuthProviderOidc(config) && OpenIDConnectionUtils.idTokenExpired(config);
    }

    private boolean overrideNewAccessTokenToConfig(String str, BasicBuilder basicBuilder) {
        if (!Utils.isNotNullOrEmpty(str)) {
            return false;
        }
        basicBuilder.setHeader("Authorization", "Bearer " + str);
        this.config.setAutoOAuthToken(str);
        updateLatestRefreshTimestamp();
        return true;
    }

    private void updateLatestRefreshTimestamp() {
        this.latestRefreshTimestamp = Instant.now();
    }

    private static boolean isAuthProviderOidc(Config config) {
        return config.getAuthProvider() != null && config.getAuthProvider().getName().equalsIgnoreCase("oidc");
    }
}
