package no.unit.nva.clients;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.concurrent.Callable;
import java.util.function.Supplier;
import no.unit.nva.auth.AuthorizedBackendClient;
import no.unit.nva.auth.CognitoCredentials;
import no.unit.nva.commons.json.JsonUtils;
import nva.commons.apigateway.exceptions.NotFoundException;
import nva.commons.core.Environment;
import nva.commons.core.JacocoGenerated;
import nva.commons.core.attempt.Failure;
import nva.commons.core.attempt.Try;
import nva.commons.core.paths.UriWrapper;
import nva.commons.secrets.SecretsReader;

/* loaded from: input_file:no/unit/nva/clients/IdentityServiceClient.class */
public class IdentityServiceClient {
    public static final String CREDENTIALS_SECRET_NAME = "BackendCognitoClientCredentials";
    public static final String API_PATH_USERS_AND_ROLES = "users-roles";
    public static final String API_PATH_EXTERNAL_CLIENTS = "external-clients";
    private final AuthorizedBackendClient authorizedClient;
    private static final String AUTH_HOST = new Environment().readEnv("BACKEND_CLIENT_AUTH_URL");
    private static final String API_HOST = new Environment().readEnv("API_HOST");

    public IdentityServiceClient(HttpClient httpClient, String str, CognitoCredentials cognitoCredentials) {
        this.authorizedClient = AuthorizedBackendClient.prepareWithBearerTokenAndCredentials(httpClient, str, cognitoCredentials);
    }

    private UriWrapper usersAndRolesURI() {
        return UriWrapper.fromHost(API_HOST).addChild(new String[]{API_PATH_USERS_AND_ROLES});
    }

    private URI constructExternalClientsGetPath(String str) {
        return usersAndRolesURI().addChild(new String[]{API_PATH_EXTERNAL_CLIENTS}).addChild(new String[]{str}).getUri();
    }

    private <T> T mapResponse(Class<T> cls, HttpResponse<String> httpResponse) throws JsonProcessingException {
        return (T) JsonUtils.dtoObjectMapper.readValue((String) httpResponse.body(), cls);
    }

    public GetExternalClientResponse getExternalClient(String str) throws NotFoundException {
        return (GetExternalClientResponse) Try.attempt(getHttpResponseCallable(HttpRequest.newBuilder().GET().uri(constructExternalClientsGetPath(str)))).map(this::validateResponse).map(httpResponse -> {
            return (GetExternalClientResponse) mapResponse(GetExternalClientResponse.class, httpResponse);
        }).orElseThrow(this::handleFailure);
    }

    private NotFoundException handleFailure(Failure<GetExternalClientResponse> failure) {
        Exception exception = failure.getException();
        if (exception instanceof NotFoundException) {
            return new NotFoundException(exception);
        }
        throw new RuntimeException();
    }

    private <S> HttpResponse<String> validateResponse(HttpResponse<String> httpResponse) throws NotFoundException {
        if (httpResponse.statusCode() == 404) {
            throw new NotFoundException("Client not found");
        }
        if (httpResponse.statusCode() != 200) {
            throw new IllegalStateException("Received " + httpResponse.statusCode() + " from identity service");
        }
        return httpResponse;
    }

    private Callable<HttpResponse<String>> getHttpResponseCallable(HttpRequest.Builder builder) {
        return () -> {
            return this.authorizedClient.send(builder, HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));
        };
    }

    @JacocoGenerated
    private static CognitoCredentials fetchCredentials() {
        BackendClientCredentials backendClientCredentials = (BackendClientCredentials) new SecretsReader(SecretsReader.defaultSecretsManagerClient()).fetchClassSecret(CREDENTIALS_SECRET_NAME, BackendClientCredentials.class);
        URI uri = UriWrapper.fromHost(AUTH_HOST).getUri();
        Objects.requireNonNull(backendClientCredentials);
        Supplier supplier = backendClientCredentials::getId;
        Objects.requireNonNull(backendClientCredentials);
        return new CognitoCredentials(supplier, backendClientCredentials::getSecret, uri);
    }

    @JacocoGenerated
    public static IdentityServiceClient prepare() {
        return new IdentityServiceClient(HttpClient.newBuilder().build(), null, fetchCredentials());
    }
}
