package io.camunda.common.auth;

import io.camunda.common.auth.JwtAuthentication;
import io.camunda.common.json.JsonMapper;
import java.lang.invoke.MethodHandles;
import java.time.LocalDateTime;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/common/auth/SaaSAuthentication.class */
public class SaaSAuthentication extends JwtAuthentication {
    private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final JsonMapper jsonMapper;

    public SaaSAuthentication(JwtConfig jwtConfig, JsonMapper jsonMapper) {
        super(jwtConfig);
        this.jsonMapper = jsonMapper;
    }

    public static SaaSAuthenticationBuilder builder() {
        return new SaaSAuthenticationBuilder();
    }

    private TokenResponse retrieveToken(Product product, JwtCredential jwtCredential) {
        try {
            CloseableHttpClient createSystem = HttpClients.createSystem();
            try {
                TokenResponse tokenResponse = (TokenResponse) createSystem.execute(buildRequest(jwtCredential), classicHttpResponse -> {
                    try {
                        return (TokenResponse) this.jsonMapper.fromJson(EntityUtils.toString(classicHttpResponse.getEntity()), TokenResponse.class);
                    } catch (Exception e) {
                        LOG.error("Token retrieval failed from: {}\nResponse code: {}\nAudience: {}\n", jwtCredential.getAuthUrl(), Integer.valueOf(classicHttpResponse.getCode()), jwtCredential.getAudience());
                        throw e;
                    }
                });
                if (createSystem != null) {
                    createSystem.close();
                }
                return tokenResponse;
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Authenticating for " + String.valueOf(product) + " failed due to " + String.valueOf(e));
            throw new RuntimeException("Unable to authenticate", e);
        }
    }

    private HttpPost buildRequest(JwtCredential jwtCredential) {
        HttpPost httpPost = new HttpPost(jwtCredential.getAuthUrl());
        httpPost.addHeader("Content-Type", "application/json");
        httpPost.setEntity(new StringEntity(this.jsonMapper.toJson(new TokenRequest(jwtCredential.getAudience(), jwtCredential.getClientId(), jwtCredential.getClientSecret()))));
        return httpPost;
    }

    @Override // io.camunda.common.auth.JwtAuthentication
    protected JwtAuthentication.JwtToken generateToken(Product product, JwtCredential jwtCredential) {
        return new JwtAuthentication.JwtToken(retrieveToken(product, jwtCredential).getAccessToken(), LocalDateTime.now().plusSeconds(r0.getExpiresIn().intValue()));
    }
}
