package org.gcube.common.iam;

import java.util.List;

import org.gcube.common.keycloak.KeycloakClientException;
import org.gcube.common.keycloak.model.TokenResponse;

public class D4ScienceIAMClientAuthz extends AbstractIAMResponse implements IAMResponse {

    protected D4ScienceIAMClientAuthz(D4ScienceIAMClientAuthn authn, String audience, List<String> permissions)
            throws D4ScienceIAMClientException {

        super(authn.getIamClient(),
                performAuthz(authn.getIamClient(), authn.getTokenResponse(), audience, permissions));
    }

    private static final TokenResponse performAuthz(D4ScienceIAMClient iamClient, TokenResponse authnTR,
            String audience, List<String> permissions) throws D4ScienceIAMClientException {
        try {
            return iamClient.getKeycloakClient().queryUMAToken(iamClient.getTokenEndpointURL(), authnTR, audience,
                    permissions);
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    protected D4ScienceIAMClientAuthz(D4ScienceIAMClient iamClient, String clientId, String clientSecret,
            String audience, List<String> permissions) throws D4ScienceIAMClientException {

        super(iamClient, performAuthz(iamClient, clientId, clientSecret, audience, permissions));
    }

    private static final TokenResponse performAuthz(D4ScienceIAMClient iamClient, String clientId, String clientSecret,
            String audience, List<String> permissions) throws D4ScienceIAMClientException {
        ;
        try {
            return iamClient.getKeycloakClient().queryUMAToken(iamClient.getTokenEndpointURL(), clientId, clientSecret,
                    audience, permissions);
        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

}