package org.curioswitch.curiostack.gcloud.core.auth;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.auth.oauth2.AccessToken;
import com.linecorp.armeria.client.WebClient;
import com.linecorp.armeria.common.AggregatedHttpResponse;
import com.linecorp.armeria.common.CommonPools;
import com.linecorp.armeria.common.HttpData;
import com.linecorp.armeria.common.HttpHeaderNames;
import com.linecorp.armeria.common.HttpMethod;
import com.linecorp.armeria.common.RequestHeaders;
import io.netty.buffer.ByteBuf;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import org.curioswitch.curiostack.gcloud.core.util.AsyncRefreshingValue;

/* loaded from: input_file:org/curioswitch/curiostack/gcloud/core/auth/AbstractAccessTokenProvider.class */
abstract class AbstractAccessTokenProvider implements AccessTokenProvider {
    private static final String TOKEN_PATH = "/oauth2/v4/token";
    private static final Duration EXPIRATION_SKEW = Duration.ofMinutes(5);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).findAndRegisterModules();
    private final WebClient googleApisClient;
    private final Clock clock;
    private final AsyncRefreshingValue<AccessToken> cachedAccessToken;
    private final AsyncRefreshingValue<AccessToken> cachedIdToken;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/curioswitch/curiostack/gcloud/core/auth/AbstractAccessTokenProvider$Type.class */
    public enum Type {
        ACCESS_TOKEN,
        ID_TOKEN
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractAccessTokenProvider(WebClient webClient, Clock clock) {
        this.googleApisClient = webClient;
        this.clock = clock;
        this.cachedAccessToken = new AsyncRefreshingValue<>(() -> {
            return refresh(Type.ACCESS_TOKEN);
        }, AbstractAccessTokenProvider::extractExpirationTime, CommonPools.workerGroup().next(), clock);
        this.cachedIdToken = new AsyncRefreshingValue<>(() -> {
            return refresh(Type.ID_TOKEN);
        }, AbstractAccessTokenProvider::extractExpirationTime, CommonPools.workerGroup().next(), clock);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Clock clock() {
        return this.clock;
    }

    abstract ByteBuf refreshRequestContent(Type type);

    @Override // org.curioswitch.curiostack.gcloud.core.auth.AccessTokenProvider
    public CompletableFuture<String> getAccessToken() {
        return this.cachedAccessToken.get().thenApply((v0) -> {
            return v0.getTokenValue();
        });
    }

    @Override // org.curioswitch.curiostack.gcloud.core.auth.AccessTokenProvider
    public CompletableFuture<String> getGoogleIdToken() {
        return this.cachedIdToken.get().thenApply((v0) -> {
            return v0.getTokenValue();
        });
    }

    protected CompletableFuture<AggregatedHttpResponse> fetchToken(Type type) {
        return this.googleApisClient.execute(RequestHeaders.of(HttpMethod.POST, TOKEN_PATH, HttpHeaderNames.CONTENT_TYPE, "application/x-www-form-urlencoded"), HttpData.wrap(refreshRequestContent(type)).withEndOfStream()).aggregate();
    }

    private CompletableFuture<AccessToken> refresh(Type type) {
        return fetchToken(type).handle((aggregatedHttpResponse, th) -> {
            if (th != null) {
                throw new IllegalStateException("Failed to refresh GCP access token.", th);
            }
            try {
                TokenResponse tokenResponse = (TokenResponse) OBJECT_MAPPER.readValue(aggregatedHttpResponse.content().array(), TokenResponse.class);
                return new AccessToken(type == Type.ID_TOKEN ? tokenResponse.idToken() : tokenResponse.accessToken(), new Date(this.clock.millis() + TimeUnit.SECONDS.toMillis(tokenResponse.expiresIn())));
            } catch (IOException e) {
                throw new UncheckedIOException("Error parsing token refresh response.", e);
            }
        });
    }

    private static Instant extractExpirationTime(AccessToken accessToken) {
        return accessToken.getExpirationTime().toInstant().minus((TemporalAmount) EXPIRATION_SKEW);
    }
}
