package io.camunda.zeebe.spring.client.configuration;

import io.camunda.common.auth.Authentication;
import io.camunda.common.auth.DefaultNoopAuthentication;
import io.camunda.common.auth.JwtConfig;
import io.camunda.common.auth.JwtCredential;
import io.camunda.common.auth.Product;
import io.camunda.common.auth.SaaSAuthentication;
import io.camunda.common.auth.SelfManagedAuthentication;
import io.camunda.common.auth.SimpleAuthentication;
import io.camunda.common.auth.SimpleConfig;
import io.camunda.common.auth.SimpleCredential;
import io.camunda.common.auth.identity.IdentityConfig;
import io.camunda.common.auth.identity.IdentityContainer;
import io.camunda.common.json.JsonMapper;
import io.camunda.identity.sdk.Identity;
import io.camunda.identity.sdk.IdentityConfiguration;
import io.camunda.zeebe.spring.client.properties.CamundaClientProperties;
import io.camunda.zeebe.spring.client.properties.common.ApiProperties;
import io.camunda.zeebe.spring.client.properties.common.AuthProperties;
import java.net.URL;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

@EnableConfigurationProperties({CamundaClientProperties.class})
@Configuration
@ConditionalOnProperty(prefix = "camunda.client", name = {"mode"})
@Import({JsonMapperConfiguration.class})
/* loaded from: input_file:BOOT-INF/lib/spring-boot-starter-camunda-8.4.6.jar:io/camunda/zeebe/spring/client/configuration/AuthenticationConfiguration.class */
public class AuthenticationConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationConfiguration.class);
    private final CamundaClientProperties camundaClientProperties;
    private final JsonMapper jsonMapper;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-starter-camunda-8.4.6.jar:io/camunda/zeebe/spring/client/configuration/AuthenticationConfiguration$ApiPropertiesSupplier.class */
    public interface ApiPropertiesSupplier extends Supplier<ApiProperties> {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-starter-camunda-8.4.6.jar:io/camunda/zeebe/spring/client/configuration/AuthenticationConfiguration$AuthPropertiesSupplier.class */
    public interface AuthPropertiesSupplier extends Supplier<AuthProperties> {
    }

    @Autowired
    public AuthenticationConfiguration(CamundaClientProperties camundaClientProperties, JsonMapper jsonMapper) {
        this.camundaClientProperties = camundaClientProperties;
        this.jsonMapper = jsonMapper;
    }

    @Bean
    public Authentication camundaAuthentication() {
        CamundaClientProperties.ClientMode mode = this.camundaClientProperties.getMode();
        if (CamundaClientProperties.ClientMode.simple.equals(mode)) {
            SimpleConfig simpleConfig = new SimpleConfig();
            for (Product product : Product.coveredProducts()) {
                simpleCredentialForProduct(simpleConfig, product);
            }
            return SimpleAuthentication.builder().withSimpleConfig(simpleConfig).build();
        }
        if (CamundaClientProperties.ClientMode.oidc.equals(mode)) {
            IdentityConfig identityConfig = new IdentityConfig();
            JwtConfig jwtConfig = new JwtConfig();
            for (Product product2 : Product.coveredProducts()) {
                oidcCredentialForProduct(identityConfig, jwtConfig, product2);
            }
            return SelfManagedAuthentication.builder().withJwtConfig(jwtConfig).withIdentityConfig(identityConfig).build();
        }
        if (!CamundaClientProperties.ClientMode.saas.equals(mode)) {
            return new DefaultNoopAuthentication();
        }
        JwtConfig jwtConfig2 = new JwtConfig();
        for (Product product3 : Product.coveredProducts()) {
            saasCredentialForProduct(jwtConfig2, product3);
        }
        return SaaSAuthentication.builder().withJwtConfig(jwtConfig2).withJsonMapper(this.jsonMapper).build();
    }

    private void simpleCredentialForProduct(SimpleConfig simpleConfig, Product product) {
        if (!enabledForProduct(product).booleanValue()) {
            LOG.debug("{} is disabled", product);
        } else {
            LOG.debug("{} is enabled", product);
            simpleConfig.addProduct(product, new SimpleCredential(baseUrlForProduct(product).toString(), username(), password()));
        }
    }

    private void oidcCredentialForProduct(IdentityConfig identityConfig, JwtConfig jwtConfig, Product product) {
        if (!enabledForProduct(product).booleanValue()) {
            LOG.debug("{} is disabled", product);
            return;
        }
        LOG.debug("{} is enabled", product);
        String globalIssuer = globalIssuer();
        String clientId = clientId();
        String clientSecret = clientSecret();
        String audienceForProduct = audienceForProduct(product);
        jwtConfig.addProduct(product, new JwtCredential(clientId, clientSecret, audienceForProduct, globalIssuer));
        IdentityConfiguration identityConfiguration = new IdentityConfiguration(baseUrlForProduct(Product.IDENTITY).toString(), globalIssuer, globalIssuer, clientId, clientSecret, audienceForProduct, globalOidcType().name());
        identityConfig.addProduct(product, new IdentityContainer(new Identity(identityConfiguration), identityConfiguration));
    }

    private void saasCredentialForProduct(JwtConfig jwtConfig, Product product) {
        if (!enabledForProduct(product).booleanValue()) {
            LOG.debug("{} is disabled", product);
            return;
        }
        LOG.debug("{} is enabled", product);
        jwtConfig.addProduct(product, new JwtCredential(clientId(), clientSecret(), audienceForProduct(product), globalIssuer()));
    }

    private String globalIssuer() {
        return (String) getGlobalAuthProperty("issuer", (v0) -> {
            return v0.getIssuer();
        });
    }

    private IdentityConfiguration.Type globalOidcType() {
        return (IdentityConfiguration.Type) getGlobalAuthProperty("oidc type", (v0) -> {
            return v0.getOidcType();
        });
    }

    private <T> T getGlobalAuthProperty(String str, Function<AuthProperties, T> function) {
        return (T) Optional.ofNullable(this.camundaClientProperties.getAuth()).map(function).orElseThrow(() -> {
            return new IllegalStateException("Could not detect required auth property " + str);
        });
    }

    private Boolean enabledForProduct(Product product) {
        return (Boolean) getApiProperty("enabled", product, (v0) -> {
            return v0.getEnabled();
        });
    }

    private URL baseUrlForProduct(Product product) {
        return (URL) getApiProperty("base url", product, (v0) -> {
            return v0.getBaseUrl();
        });
    }

    private String username() {
        return (String) getAuthProperty("username", (v0) -> {
            return v0.getUsername();
        });
    }

    private String password() {
        return (String) getAuthProperty("password", (v0) -> {
            return v0.getPassword();
        });
    }

    private String clientId() {
        return (String) getAuthProperty("client id", (v0) -> {
            return v0.getClientId();
        });
    }

    private String clientSecret() {
        return (String) getAuthProperty("client secret", (v0) -> {
            return v0.getClientSecret();
        });
    }

    private String audienceForProduct(Product product) {
        return (String) getApiProperty("audience", product, (v0) -> {
            return v0.getAudience();
        });
    }

    private <T> T getApiProperty(String str, Product product, Function<ApiProperties, T> function) {
        return (T) getApiProperty(product + " " + str, function, apiPropertiesForProduct(product));
    }

    private <T> T getAuthProperty(String str, Function<AuthProperties, T> function) {
        CamundaClientProperties camundaClientProperties = this.camundaClientProperties;
        Objects.requireNonNull(camundaClientProperties);
        return (T) getAuthProperty(str, function, camundaClientProperties::getAuth);
    }

    private ApiPropertiesSupplier apiPropertiesForProduct(Product product) {
        return apiPropertiesForProduct(this.camundaClientProperties, product);
    }

    private ApiPropertiesSupplier apiPropertiesForProduct(CamundaClientProperties camundaClientProperties, Product product) {
        switch (product) {
            case OPERATE:
                Objects.requireNonNull(camundaClientProperties);
                return camundaClientProperties::getOperate;
            case TASKLIST:
                Objects.requireNonNull(camundaClientProperties);
                return camundaClientProperties::getTasklist;
            case ZEEBE:
                Objects.requireNonNull(camundaClientProperties);
                return camundaClientProperties::getZeebe;
            case OPTIMIZE:
                Objects.requireNonNull(camundaClientProperties);
                return camundaClientProperties::getOptimize;
            case IDENTITY:
                Objects.requireNonNull(camundaClientProperties);
                return camundaClientProperties::getIdentity;
            default:
                throw new IllegalStateException("Could not detect auth properties supplier for product " + product);
        }
    }

    private <T> T getApiProperty(String str, Function<ApiProperties, T> function, ApiPropertiesSupplier... apiPropertiesSupplierArr) {
        T apply;
        for (ApiPropertiesSupplier apiPropertiesSupplier : apiPropertiesSupplierArr) {
            ApiProperties apiProperties = apiPropertiesSupplier.get();
            if (apiProperties != null && (apply = function.apply(apiProperties)) != null) {
                LOG.debug("Detected property {}", str);
                return apply;
            }
        }
        throw new IllegalStateException("Could not detect required property " + str);
    }

    private <T> T getAuthProperty(String str, Function<AuthProperties, T> function, AuthPropertiesSupplier... authPropertiesSupplierArr) {
        T apply;
        for (AuthPropertiesSupplier authPropertiesSupplier : authPropertiesSupplierArr) {
            AuthProperties authProperties = authPropertiesSupplier.get();
            if (authProperties != null && (apply = function.apply(authProperties)) != null) {
                LOG.debug("Detected property {}", str);
                return apply;
            }
        }
        throw new IllegalStateException("Could not detect required property " + str);
    }
}
