package org.project_kessel.inventory.client.authn.oidc.client;

import io.grpc.CallCredentials;
import io.grpc.Metadata;
import io.grpc.Status;
import java.util.Optional;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicReference;
import org.project_kessel.inventory.client.Config;
import org.project_kessel.inventory.client.authn.oidc.client.OIDCClientCredentialsMinter;

/* loaded from: input_file:org/project_kessel/inventory/client/authn/oidc/client/OIDCClientCredentialsCallCredentials.class */
public class OIDCClientCredentialsCallCredentials extends CallCredentials {
    static final Metadata.Key<String> authorizationKey = Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
    private final Config.OIDCClientCredentialsConfig clientCredentialsConfig;
    private final OIDCClientCredentialsMinter minter;
    private final AtomicReference<OIDCClientCredentialsMinter.BearerHeader> storedBearerHeaderRef = new AtomicReference<>();

    /* loaded from: input_file:org/project_kessel/inventory/client/authn/oidc/client/OIDCClientCredentialsCallCredentials$OIDCClientCredentialsCallCredentialsException.class */
    public static class OIDCClientCredentialsCallCredentialsException extends Exception {
        public OIDCClientCredentialsCallCredentialsException(String str) {
            super(str);
        }

        public OIDCClientCredentialsCallCredentialsException(String str, Throwable th) {
            super(str, th);
        }
    }

    public OIDCClientCredentialsCallCredentials(Config.AuthenticationConfig authenticationConfig) throws OIDCClientCredentialsCallCredentialsException {
        this.clientCredentialsConfig = validateAndExtractConfig(authenticationConfig);
        Optional<String> oidcClientCredentialsMinterImplementation = this.clientCredentialsConfig.oidcClientCredentialsMinterImplementation();
        try {
            if (oidcClientCredentialsMinterImplementation.isPresent()) {
                this.minter = OIDCClientCredentialsMinter.forName(oidcClientCredentialsMinterImplementation.get());
            } else {
                this.minter = OIDCClientCredentialsMinter.forDefaultImplementation();
            }
        } catch (OIDCClientCredentialsMinter.OIDCClientCredentialsMinterException e) {
            throw new OIDCClientCredentialsCallCredentialsException("Couldn't create GrpcCallCredentials because minter impl not instantiated.", e);
        }
    }

    OIDCClientCredentialsCallCredentials(Config.OIDCClientCredentialsConfig oIDCClientCredentialsConfig, OIDCClientCredentialsMinter oIDCClientCredentialsMinter) {
        this.clientCredentialsConfig = oIDCClientCredentialsConfig;
        this.minter = oIDCClientCredentialsMinter;
    }

    public void applyRequestMetadata(CallCredentials.RequestInfo requestInfo, Executor executor, CallCredentials.MetadataApplier metadataApplier) {
        executor.execute(() -> {
            try {
                synchronized (this.storedBearerHeaderRef) {
                    if (this.storedBearerHeaderRef.get() == null || this.storedBearerHeaderRef.get().isExpired()) {
                        this.storedBearerHeaderRef.set(this.minter.authenticateAndRetrieveAuthorizationHeader(this.clientCredentialsConfig));
                    }
                    Metadata metadata = new Metadata();
                    metadata.put(authorizationKey, this.storedBearerHeaderRef.get().getAuthorizationHeader());
                    metadataApplier.apply(metadata);
                }
            } catch (Exception e) {
                metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
            }
        });
    }

    public void flushStoredCredentials() {
        synchronized (this.storedBearerHeaderRef) {
            this.storedBearerHeaderRef.set(null);
        }
    }

    static Config.OIDCClientCredentialsConfig validateAndExtractConfig(Config.AuthenticationConfig authenticationConfig) throws OIDCClientCredentialsCallCredentialsException {
        if (authenticationConfig.clientCredentialsConfig().isEmpty()) {
            throw new OIDCClientCredentialsCallCredentialsException("ClientCredentialsConfig is required for OIDC client credentials authentication method.");
        }
        if (authenticationConfig.clientCredentialsConfig().get().issuer() == null) {
            throw new OIDCClientCredentialsCallCredentialsException("ClientCredentialsConfig Issuer must not be null.");
        }
        if (authenticationConfig.clientCredentialsConfig().get().clientId() == null) {
            throw new OIDCClientCredentialsCallCredentialsException("ClientCredentialsConfig Client id must not be null.");
        }
        if (authenticationConfig.clientCredentialsConfig().get().clientSecret() == null) {
            throw new OIDCClientCredentialsCallCredentialsException("ClientCredentialsConfig Client secret must not be null.");
        }
        return authenticationConfig.clientCredentialsConfig().get();
    }
}
