package io.camunda.spring.client.configuration;

import io.camunda.client.CredentialsProvider;
import io.camunda.client.impl.NoopCredentialsProvider;
import io.camunda.client.impl.basicauth.BasicAuthCredentialsProviderBuilder;
import io.camunda.client.impl.oauth.OAuthCredentialsProviderBuilder;
import io.camunda.spring.client.properties.CamundaClientProperties;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:io/camunda/spring/client/configuration/CredentialsProviderConfiguration.class */
public class CredentialsProviderConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CredentialsProviderConfiguration.class);

    @ConditionalOnMissingBean
    @Bean
    public CredentialsProvider camundaClientCredentialsProvider(CamundaClientProperties camundaClientProperties) {
        CamundaClientProperties.ClientMode mode = camundaClientProperties.getMode();
        if (mode == null) {
            return new NoopCredentialsProvider();
        }
        switch (mode) {
            case basic:
                return buildBasicAuthCredentialsProvider(camundaClientProperties);
            case saas:
            case selfManaged:
                return buildOAuthCredentialsProvider(camundaClientProperties);
            default:
                throw new IncompatibleClassChangeError();
        }
    }

    private CredentialsProvider buildBasicAuthCredentialsProvider(CamundaClientProperties camundaClientProperties) {
        String username = camundaClientProperties.getAuth().getUsername();
        try {
            return new BasicAuthCredentialsProviderBuilder().applyEnvironmentOverrides(false).username(username).password(camundaClientProperties.getAuth().getPassword()).build();
        } catch (Exception e) {
            LOG.warn("Failed to configure credential provider", (Throwable) e);
            return new NoopCredentialsProvider();
        }
    }

    private CredentialsProvider buildOAuthCredentialsProvider(CamundaClientProperties camundaClientProperties) {
        OAuthCredentialsProviderBuilder readTimeout = CredentialsProvider.newCredentialsProviderBuilder().applyEnvironmentOverrides(false).clientId(camundaClientProperties.getAuth().getClientId()).clientSecret(camundaClientProperties.getAuth().getClientSecret()).audience(camundaClientProperties.getAuth().getAudience()).scope(camundaClientProperties.getAuth().getScope()).authorizationServerUrl((String) Optional.ofNullable(camundaClientProperties.getAuth().getTokenUrl()).map((v0) -> {
            return v0.toString();
        }).orElse(null)).credentialsCachePath(camundaClientProperties.getAuth().getCredentialsCachePath()).connectTimeout(camundaClientProperties.getAuth().getConnectTimeout()).readTimeout(camundaClientProperties.getAuth().getReadTimeout());
        maybeConfigureIdentityProviderSSLConfig(readTimeout, camundaClientProperties);
        try {
            return readTimeout.build();
        } catch (Exception e) {
            LOG.warn("Failed to configure credential provider", (Throwable) e);
            return new NoopCredentialsProvider();
        }
    }

    private void maybeConfigureIdentityProviderSSLConfig(OAuthCredentialsProviderBuilder oAuthCredentialsProviderBuilder, CamundaClientProperties camundaClientProperties) {
        if (camundaClientProperties.getAuth() == null) {
            return;
        }
        if (camundaClientProperties.getAuth().getKeystorePath() != null) {
            Path path = Paths.get(camundaClientProperties.getAuth().getKeystorePath(), new String[0]);
            if (Files.exists(path, new LinkOption[0])) {
                LOG.debug("Using keystore {}", path);
                oAuthCredentialsProviderBuilder.keystorePath(path);
                oAuthCredentialsProviderBuilder.keystorePassword(camundaClientProperties.getAuth().getKeystorePassword());
                oAuthCredentialsProviderBuilder.keystoreKeyPassword(camundaClientProperties.getAuth().getKeystoreKeyPassword());
            } else {
                LOG.debug("Keystore {} not found", path);
            }
        }
        if (camundaClientProperties.getAuth().getTruststorePath() != null) {
            Path path2 = Paths.get(camundaClientProperties.getAuth().getTruststorePath(), new String[0]);
            if (!Files.exists(path2, new LinkOption[0])) {
                LOG.debug("Truststore {} not found", path2);
                return;
            }
            LOG.debug("Using truststore {}", path2);
            oAuthCredentialsProviderBuilder.truststorePath(path2);
            oAuthCredentialsProviderBuilder.truststorePassword(camundaClientProperties.getAuth().getTruststorePassword());
        }
    }
}
