package io.camunda.common.auth;

import io.camunda.common.json.JsonMapper;
import io.camunda.common.json.SdkObjectMapper;
import java.io.UnsupportedEncodingException;
import java.lang.invoke.MethodHandles;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.util.AbstractMap;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:BOOT-INF/lib/java-common-8.3.2-rc4.jar:io/camunda/common/auth/SelfManagedAuthentication.class */
public class SelfManagedAuthentication extends JwtAuthentication {
    private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private String authUrl;
    private String keycloakUrl;
    private JwtConfig jwtConfig;
    private String keycloakRealm = "camunda-platform";
    private JsonMapper jsonMapper = new SdkObjectMapper();
    private Map<Product, String> tokens = new HashMap();
    private Map<Product, LocalDateTime> expirations = new HashMap();

    public static SelfManagedAuthenticationBuilder builder() {
        return new SelfManagedAuthenticationBuilder();
    }

    public void setKeycloakRealm(String str) {
        this.keycloakRealm = str;
    }

    public void setKeycloakUrl(String str) {
        this.keycloakUrl = str;
    }

    public void setJwtConfig(JwtConfig jwtConfig) {
        this.jwtConfig = jwtConfig;
    }

    @Override // io.camunda.common.auth.Authentication
    public Authentication build() {
        this.authUrl = this.keycloakUrl + "/auth/realms/" + this.keycloakRealm + "/protocol/openid-connect/token";
        this.jwtConfig.getMap().forEach(this::retrieveToken);
        return this;
    }

    private void retrieveToken(Product product, JwtCredential jwtCredential) {
        try {
            HttpPost httpPost = new HttpPost(this.authUrl);
            httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
            HashMap hashMap = new HashMap();
            hashMap.put("grant_type", "client_credentials");
            hashMap.put("client_id", jwtCredential.clientId);
            hashMap.put("client_secret", jwtCredential.clientSecret);
            httpPost.setEntity(new StringEntity((String) hashMap.entrySet().stream().map(entry -> {
                try {
                    return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8.toString());
                } catch (UnsupportedEncodingException e) {
                    throw new RuntimeException(e);
                }
            }).collect(Collectors.joining(BeanFactory.FACTORY_BEAN_PREFIX))));
            this.tokens.put(product, ((TokenResponse) this.jsonMapper.fromJson(EntityUtils.toString(HttpClient.getInstance().execute((ClassicHttpRequest) httpPost).getEntity()), TokenResponse.class)).getAccessToken());
            this.expirations.put(product, LocalDateTime.now().plusSeconds(r0.getExpiresIn().intValue()));
        } catch (Exception e) {
            LOG.warn("Authenticating for " + product + " failed due to " + e);
            throw new RuntimeException("Unable to authenticate");
        }
    }

    private void retrieveToken(Product product) {
        retrieveToken(product, this.jwtConfig.getMap().get(product));
    }

    @Override // io.camunda.common.auth.Authentication
    public Map.Entry<String, String> getTokenHeader(Product product) {
        refreshToken();
        return new AbstractMap.SimpleEntry("Authorization", "Bearer " + this.tokens.get(product));
    }

    private void refreshToken() {
        this.expirations.forEach((product, localDateTime) -> {
            if (localDateTime.isAfter(LocalDateTime.now())) {
                retrieveToken(product);
            }
        });
    }
}
