package io.camunda.common.auth;

import io.camunda.common.exception.SdkException;
import io.camunda.common.json.JsonMapper;
import io.camunda.common.json.SdkObjectMapper;
import java.io.UnsupportedEncodingException;
import java.lang.invoke.MethodHandles;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.AbstractMap;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:BOOT-INF/lib/java-common-8.4.0.jar:io/camunda/common/auth/SelfManagedAuthentication.class */
public class SelfManagedAuthentication extends JwtAuthentication {
    private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private String authUrl;
    private String keycloakUrl;
    private String keycloakTokenUrl;
    private JwtConfig jwtConfig;
    private String keycloakRealm = "camunda-platform";
    private JsonMapper jsonMapper = new SdkObjectMapper();
    private Map<Product, String> tokens = new HashMap();

    public static SelfManagedAuthenticationBuilder builder() {
        return new SelfManagedAuthenticationBuilder();
    }

    public void setKeycloakRealm(String str) {
        this.keycloakRealm = str;
    }

    public void setKeycloakUrl(String str) {
        this.keycloakUrl = str;
    }

    public void setKeycloakTokenUrl(String str) {
        this.keycloakTokenUrl = str;
    }

    public JwtConfig getJwtConfig() {
        return this.jwtConfig;
    }

    public void setJwtConfig(JwtConfig jwtConfig) {
        this.jwtConfig = jwtConfig;
    }

    @Override // io.camunda.common.auth.Authentication
    public Authentication build() {
        if (this.keycloakTokenUrl != null) {
            this.authUrl = this.keycloakTokenUrl;
        } else {
            this.authUrl = this.keycloakUrl + "/auth/realms/" + this.keycloakRealm + "/protocol/openid-connect/token";
        }
        return this;
    }

    @Override // io.camunda.common.auth.Authentication
    public void resetToken(Product product) {
        this.tokens.remove(product);
    }

    private String retrieveToken(Product product, JwtCredential jwtCredential) {
        try {
            CloseableHttpClient createDefault = HttpClients.createDefault();
            try {
                this.tokens.put(product, ((TokenResponse) createDefault.execute(buildRequest(jwtCredential), classicHttpResponse -> {
                    if (classicHttpResponse.getCode() == 200) {
                        return (TokenResponse) this.jsonMapper.fromJson(EntityUtils.toString(classicHttpResponse.getEntity()), TokenResponse.class);
                    }
                    throw new SdkException("Error " + classicHttpResponse.getCode() + " obtaining access token: " + EntityUtils.toString(classicHttpResponse.getEntity()));
                })).getAccessToken());
                if (createDefault != null) {
                    createDefault.close();
                }
                return this.tokens.get(product);
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Authenticating for " + product + " failed due to " + e);
            throw new SdkException("Unable to authenticate", e);
        }
    }

    private HttpPost buildRequest(JwtCredential jwtCredential) {
        HttpPost httpPost = new HttpPost(this.authUrl);
        httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "client_credentials");
        hashMap.put("client_id", jwtCredential.getClientId());
        hashMap.put("client_secret", jwtCredential.getClientSecret());
        httpPost.setEntity(new StringEntity((String) hashMap.entrySet().stream().map(entry -> {
            try {
                return ((String) entry.getKey()) + "=" + URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8.toString());
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }).collect(Collectors.joining(BeanFactory.FACTORY_BEAN_PREFIX))));
        return httpPost;
    }

    @Override // io.camunda.common.auth.Authentication
    public Map.Entry<String, String> getTokenHeader(Product product) {
        return new AbstractMap.SimpleEntry("Authorization", "Bearer " + (this.tokens.containsKey(product) ? this.tokens.get(product) : retrieveToken(product, this.jwtConfig.getProduct(product))));
    }
}
