package com.sap.cloud.security.xsuaa.tokenflows;

import com.sap.cloud.security.config.ClientCredentials;
import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceEndpointsProvider;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceException;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenResponse;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenService;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants;
import com.sap.xsa.security.container.XSTokenRequest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/tokenflows/UserTokenFlow.class */
public class UserTokenFlow {
    private final XsuaaTokenFlowRequest request;
    private String token;
    private String xZid;
    private final OAuth2TokenService tokenService;
    private boolean disableCache = false;
    private List<String> scopes = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserTokenFlow(OAuth2TokenService oAuth2TokenService, OAuth2ServiceEndpointsProvider oAuth2ServiceEndpointsProvider, ClientIdentity clientIdentity) {
        Assertions.assertNotNull(oAuth2TokenService, "OAuth2TokenService must not be null.");
        Assertions.assertNotNull(oAuth2ServiceEndpointsProvider, "OAuth2ServiceEndpointsProvider must not be null.");
        Assertions.assertNotNull(clientIdentity, "ClientIdentity must not be null.");
        this.tokenService = oAuth2TokenService;
        this.request = new XsuaaTokenFlowRequest(oAuth2ServiceEndpointsProvider.getTokenEndpoint());
        this.request.setClientIdentity(clientIdentity);
    }

    public UserTokenFlow token(String str) {
        Assertions.assertNotNull(str, "(Encoded) token must not be null.");
        this.token = str;
        return this;
    }

    public UserTokenFlow token(Token token) {
        Assertions.assertNotNull(token, "Token must not be null.");
        this.token = token.getTokenValue();
        this.xZid = token.getZoneId();
        return this;
    }

    public UserTokenFlow attributes(Map<String, String> map) {
        this.request.setAdditionalAuthorizationAttributes(map);
        return this;
    }

    public UserTokenFlow subdomain(String str) {
        this.request.setSubdomain(str);
        return this;
    }

    public UserTokenFlow scopes(@Nonnull String... strArr) {
        Assertions.assertNotNull(strArr, "Scopes must not be null!");
        this.scopes = Arrays.asList(strArr);
        return this;
    }

    public UserTokenFlow disableCache(boolean z) {
        this.disableCache = z;
        return this;
    }

    public OAuth2TokenResponse execute() throws TokenFlowException {
        checkRequest(this.request);
        return requestUserToken(this.request);
    }

    private void checkRequest(XSTokenRequest xSTokenRequest) throws IllegalArgumentException {
        if (this.token == null) {
            throw new IllegalStateException("User token not set. Make sure to have called the token() method on UserTokenFlow builder.");
        }
        if (!xSTokenRequest.isValid()) {
            throw new IllegalArgumentException("User token flow request is not valid. Make sure all mandatory fields are set.");
        }
    }

    private OAuth2TokenResponse requestUserToken(XsuaaTokenFlowRequest xsuaaTokenFlowRequest) throws TokenFlowException {
        HashMap hashMap = new HashMap();
        String buildAuthorities = XsuaaTokenFlowsUtils.buildAuthorities(xsuaaTokenFlowRequest);
        if (buildAuthorities != null) {
            hashMap.put(OAuth2TokenServiceConstants.AUTHORITIES, buildAuthorities);
        }
        String join = String.join(" ", this.scopes);
        if (!join.isEmpty()) {
            hashMap.put(OAuth2TokenServiceConstants.SCOPE, join);
        }
        try {
            return this.xZid == null ? this.tokenService.retrieveAccessTokenViaJwtBearerTokenGrant(xsuaaTokenFlowRequest.getTokenEndpoint(), (ClientIdentity) new ClientCredentials(xsuaaTokenFlowRequest.getClientId(), xsuaaTokenFlowRequest.getClientSecret()), this.token, xsuaaTokenFlowRequest.getSubdomain(), (Map<String, String>) hashMap, this.disableCache) : this.tokenService.retrieveAccessTokenViaJwtBearerTokenGrant(xsuaaTokenFlowRequest.getTokenEndpoint(), xsuaaTokenFlowRequest.getClientIdentity(), this.token, hashMap, this.disableCache, this.xZid);
        } catch (OAuth2ServiceException e) {
            throw new TokenFlowException(String.format("Error requesting token with grant_type 'urn:ietf:params:oauth:grant-type:jwt-bearer': %s", e.getMessage()), e);
        }
    }
}
