package io.camunda.connector.runtime;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.client.impl.CamundaObjectMapper;
import io.camunda.connector.api.json.ConnectorsObjectMapperSupplier;
import io.camunda.connector.api.secret.SecretProvider;
import io.camunda.connector.document.jackson.JacksonModuleDocumentDeserializer;
import io.camunda.connector.feel.FeelEngineWrapper;
import io.camunda.connector.runtime.core.secret.SecretProviderAggregator;
import io.camunda.connector.runtime.core.secret.SecretProviderDiscovery;
import io.camunda.connector.runtime.outbound.OutboundConnectorRuntimeConfiguration;
import io.camunda.connector.runtime.secret.ConsoleSecretProvider;
import io.camunda.connector.runtime.secret.EnvironmentSecretProvider;
import io.camunda.connector.runtime.secret.console.ConsoleSecretApiClient;
import io.camunda.connector.runtime.secret.console.JwtCredential;
import io.camunda.document.factory.DocumentFactory;
import io.camunda.spring.client.properties.CamundaClientAuthProperties;
import io.camunda.spring.client.properties.CamundaClientProperties;
import java.time.Duration;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.core.env.Environment;

@AutoConfigureBefore({JacksonAutoConfiguration.class})
@EnableConfigurationProperties({ConnectorProperties.class})
@AutoConfiguration
@Import({OutboundConnectorRuntimeConfiguration.class})
/* loaded from: input_file:io/camunda/connector/runtime/OutboundConnectorsAutoConfiguration.class */
public class OutboundConnectorsAutoConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OutboundConnectorsAutoConfiguration.class);

    @Value("${camunda.connector.secretprovider.discovery.enabled:true}")
    Boolean secretProviderLookupEnabled;

    @Value("${camunda.connector.secretprovider.environment.prefix:}")
    String environmentSecretProviderPrefix;

    @Value("${camunda.connector.secretprovider.console.endpoint:https://cluster-api.cloud.camunda.io/secrets}")
    String consoleSecretsApiEndpoint;

    @Value("${camunda.connector.secretprovider.console.audience:secrets.camunda.io}")
    String consoleSecretsApiAudience;

    @ConditionalOnMissingBean({FeelEngineWrapper.class})
    @Bean
    public FeelEngineWrapper feelEngine() {
        return new FeelEngineWrapper();
    }

    @ConditionalOnMissingBean
    @Bean
    public SecretProviderAggregator springSecretProviderAggregator(Optional<List<SecretProvider>> optional) {
        List<SecretProvider> orElseGet = optional.orElseGet(LinkedList::new);
        LOG.debug("Using secret providers discovered as Spring beans: {}", optional);
        if (this.secretProviderLookupEnabled != Boolean.FALSE) {
            List<SecretProvider> discoverSecretProviders = SecretProviderDiscovery.discoverSecretProviders();
            LOG.debug("Using secret providers discovered by lookup: {}", discoverSecretProviders);
            orElseGet.addAll(discoverSecretProviders);
        }
        return new SecretProviderAggregator(orElseGet);
    }

    @ConditionalOnMissingBean
    @Bean(name = {"camundaJsonMapper"})
    public CamundaObjectMapper jsonMapper() {
        return new CamundaObjectMapper(ConnectorsObjectMapperSupplier.getCopy());
    }

    @ConditionalOnProperty(name = {"camunda.connector.secretprovider.environment.enabled"}, havingValue = "true", matchIfMissing = true)
    @Bean
    public EnvironmentSecretProvider defaultSecretProvider(Environment environment) {
        return new EnvironmentSecretProvider(environment, this.environmentSecretProviderPrefix);
    }

    @ConditionalOnProperty(name = {"camunda.connector.secretprovider.console.enabled"}, havingValue = "true")
    @Bean
    public ConsoleSecretProvider consoleSecretProvider(ConsoleSecretApiClient consoleSecretApiClient) {
        return new ConsoleSecretProvider(consoleSecretApiClient, Duration.ofSeconds(20L));
    }

    @ConditionalOnProperty(name = {"camunda.connector.secretprovider.console.enabled"}, havingValue = "true")
    @Bean
    public ConsoleSecretApiClient consoleSecretApiClient(CamundaClientProperties camundaClientProperties) {
        if (!camundaClientProperties.getMode().equals(CamundaClientProperties.ClientMode.saas)) {
            throw new RuntimeException("Console Secrets require a SaaS environment, but the client is configured for " + String.valueOf(camundaClientProperties.getMode()));
        }
        CamundaClientAuthProperties auth = camundaClientProperties.getAuth();
        try {
            return new ConsoleSecretApiClient(this.consoleSecretsApiEndpoint, new JwtCredential(auth.getClientId(), auth.getClientSecret(), this.consoleSecretsApiAudience, auth.getIssuer().toURL(), null));
        } catch (Exception e) {
            throw new RuntimeException("Invalid issuer URL: " + String.valueOf(auth.getIssuer()), e);
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public ObjectMapper objectMapper(DocumentFactory documentFactory) {
        return ConnectorsObjectMapperSupplier.getCopy(documentFactory, JacksonModuleDocumentDeserializer.DocumentModuleSettings.create());
    }
}
