package io.camunda.connector.runtime.secret;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.common.auth.Authentication;
import io.camunda.common.auth.JwtConfig;
import io.camunda.common.auth.JwtCredential;
import io.camunda.common.auth.Product;
import io.camunda.common.auth.SaaSAuthenticationBuilder;
import io.camunda.common.json.SdkObjectMapper;
import io.camunda.connector.api.json.ConnectorsObjectMapperSupplier;
import java.io.IOException;
import java.util.Map;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/connector/runtime/secret/ConsoleSecretApiClient.class */
public class ConsoleSecretApiClient {
    private final String secretsEndpoint;
    private final Authentication authentication;
    private final ObjectMapper objectMapper = ConnectorsObjectMapperSupplier.DEFAULT_MAPPER;
    private static final Logger LOGGER = LoggerFactory.getLogger(ConsoleSecretApiClient.class);
    private static final TypeReference<Map<String, String>> mapTypeReference = new TypeReference<Map<String, String>>() { // from class: io.camunda.connector.runtime.secret.ConsoleSecretApiClient.1
    };

    public ConsoleSecretApiClient(String str, JwtCredential jwtCredential) {
        SdkObjectMapper sdkObjectMapper = new SdkObjectMapper(ConnectorsObjectMapperSupplier.DEFAULT_MAPPER);
        JwtConfig jwtConfig = new JwtConfig();
        jwtConfig.addProduct(Product.CONSOLE, jwtCredential);
        this.authentication = new SaaSAuthenticationBuilder().withJsonMapper(sdkObjectMapper).withJwtConfig(jwtConfig).build();
        this.secretsEndpoint = str;
    }

    public ConsoleSecretApiClient(String str, Authentication authentication) {
        this.secretsEndpoint = str;
        this.authentication = authentication;
    }

    public Map<String, String> getSecrets() {
        LOGGER.debug("Loading secrets from " + this.secretsEndpoint);
        try {
            CloseableHttpClient build = HttpClientBuilder.create().build();
            try {
                HttpGet httpGet = new HttpGet(this.secretsEndpoint);
                Map.Entry tokenHeader = this.authentication.getTokenHeader(Product.CONSOLE);
                httpGet.addHeader((String) tokenHeader.getKey(), tokenHeader.getValue());
                Map<String, String> map = (Map) build.execute(httpGet, this::handleSecretsResponse);
                if (build != null) {
                    build.close();
                }
                return map;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Map<String, String> handleSecretsResponse(ClassicHttpResponse classicHttpResponse) throws IOException {
        switch (classicHttpResponse.getCode()) {
            case 200:
                return (Map) this.objectMapper.readValue(classicHttpResponse.getEntity().getContent(), mapTypeReference);
            case 401:
            case 403:
                this.authentication.resetToken(Product.CONSOLE);
                throw new RuntimeException("Authentication failed: " + classicHttpResponse.getCode());
            default:
                throw new RuntimeException("Unable to handle response from Console secrets: " + classicHttpResponse.getCode());
        }
    }
}
