package io.camunda.zeebe.spring.client.configuration;

import io.camunda.common.auth.Authentication;
import io.camunda.common.auth.DefaultNoopAuthentication;
import io.camunda.common.auth.JwtConfig;
import io.camunda.common.auth.JwtCredential;
import io.camunda.common.auth.Product;
import io.camunda.common.auth.SaaSAuthentication;
import io.camunda.common.auth.SelfManagedAuthentication;
import io.camunda.common.auth.SimpleAuthentication;
import io.camunda.common.auth.SimpleConfig;
import io.camunda.common.auth.SimpleCredential;
import io.camunda.common.auth.identity.IdentityConfig;
import io.camunda.common.auth.identity.IdentityContainer;
import io.camunda.common.exception.SdkException;
import io.camunda.common.json.JsonMapper;
import io.camunda.identity.sdk.Identity;
import io.camunda.identity.sdk.IdentityConfiguration;
import io.camunda.zeebe.spring.client.properties.CommonConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.ConsoleClientConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.OperateClientConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.OptimizeClientConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.TasklistClientConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.ZeebeClientConfigurationProperties;
import io.camunda.zeebe.spring.client.properties.ZeebeSelfManagedProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({CommonConfigurationProperties.class, ZeebeSelfManagedProperties.class})
@Deprecated
/* loaded from: input_file:BOOT-INF/lib/spring-boot-starter-camunda-8.4.6.jar:io/camunda/zeebe/spring/client/configuration/CommonClientConfiguration.class */
public class CommonClientConfiguration {

    @Autowired(required = false)
    CommonConfigurationProperties commonConfigurationProperties;

    @Autowired(required = false)
    ZeebeClientConfigurationProperties zeebeClientConfigurationProperties;

    @Autowired(required = false)
    ConsoleClientConfigurationProperties consoleClientConfigurationProperties;

    @Autowired(required = false)
    OptimizeClientConfigurationProperties optimizeClientConfigurationProperties;

    @Autowired(required = false)
    TasklistClientConfigurationProperties tasklistClientConfigurationProperties;

    @Autowired(required = false)
    OperateClientConfigurationProperties operateClientConfigurationProperties;

    @Autowired(required = false)
    ZeebeSelfManagedProperties zeebeSelfManagedProperties;

    @Autowired(required = false)
    private IdentityConfiguration identityConfigurationFromProperties;

    @ConditionalOnMissingBean
    @Bean
    public Authentication authentication(JsonMapper jsonMapper) {
        if (this.zeebeClientConfigurationProperties != null) {
            if (this.zeebeClientConfigurationProperties.getCloud().getClusterId() != null) {
                return SaaSAuthentication.builder().withJwtConfig(configureJwtConfig()).withJsonMapper(jsonMapper).build();
            }
            if (this.zeebeClientConfigurationProperties.getBroker().getGatewayAddress() != null || this.zeebeSelfManagedProperties.getGatewayAddress() != null) {
                if (this.operateClientConfigurationProperties != null) {
                    if (StringUtils.hasText(this.operateClientConfigurationProperties.getKeycloakUrl()) || StringUtils.hasText(this.operateClientConfigurationProperties.getKeycloakTokenUrl())) {
                        JwtConfig configureJwtConfig = configureJwtConfig();
                        return SelfManagedAuthentication.builder().withJwtConfig(configureJwtConfig).withIdentityConfig(configureIdentities(configureJwtConfig)).build();
                    }
                    if (this.operateClientConfigurationProperties.getUsername() != null && this.operateClientConfigurationProperties.getPassword() != null) {
                        SimpleConfig simpleConfig = new SimpleConfig();
                        simpleConfig.addProduct(Product.OPERATE, new SimpleCredential(this.operateClientConfigurationProperties.getBaseUrl(), this.operateClientConfigurationProperties.getUsername(), this.operateClientConfigurationProperties.getPassword()));
                        return SimpleAuthentication.builder().withSimpleConfig(simpleConfig).build();
                    }
                }
                if (this.identityConfigurationFromProperties != null && StringUtils.hasText(this.identityConfigurationFromProperties.getClientId())) {
                    JwtConfig configureJwtConfig2 = configureJwtConfig();
                    return SelfManagedAuthentication.builder().withJwtConfig(configureJwtConfig2).withIdentityConfig(configureIdentities(configureJwtConfig2)).build();
                }
                if (this.commonConfigurationProperties != null) {
                    if (this.commonConfigurationProperties.getKeycloak().getUrl() != null) {
                        JwtConfig configureJwtConfig3 = configureJwtConfig();
                        return SelfManagedAuthentication.builder().withJwtConfig(configureJwtConfig3).withIdentityConfig(configureIdentities(configureJwtConfig3)).build();
                    }
                    if (this.commonConfigurationProperties.getKeycloak().getTokenUrl() != null) {
                        JwtConfig configureJwtConfig4 = configureJwtConfig();
                        return SelfManagedAuthentication.builder().withJwtConfig(configureJwtConfig4).withIdentityConfig(configureIdentities(configureJwtConfig4)).build();
                    }
                    if (this.commonConfigurationProperties.getUsername() != null && this.commonConfigurationProperties.getPassword() != null) {
                        SimpleConfig simpleConfig2 = new SimpleConfig();
                        simpleConfig2.addProduct(Product.OPERATE, new SimpleCredential(this.commonConfigurationProperties.getBaseUrl(), this.commonConfigurationProperties.getUsername(), this.commonConfigurationProperties.getPassword()));
                        return SimpleAuthentication.builder().withSimpleConfig(simpleConfig2).build();
                    }
                }
            }
        }
        return new DefaultNoopAuthentication();
    }

    private JwtConfig configureJwtConfig() {
        JwtConfig jwtConfig = new JwtConfig();
        if (this.zeebeClientConfigurationProperties.getCloud().getClientId() != null && this.zeebeClientConfigurationProperties.getCloud().getClientSecret() != null) {
            jwtConfig.addProduct(Product.ZEEBE, new JwtCredential(this.zeebeClientConfigurationProperties.getCloud().getClientId(), this.zeebeClientConfigurationProperties.getCloud().getClientSecret(), this.zeebeClientConfigurationProperties.getCloud().getAudience(), this.zeebeClientConfigurationProperties.getCloud().getAuthUrl()));
        } else if (this.zeebeSelfManagedProperties.getClientId() != null && this.zeebeSelfManagedProperties.getClientSecret() != null) {
            jwtConfig.addProduct(Product.ZEEBE, new JwtCredential(this.zeebeSelfManagedProperties.getClientId(), this.zeebeSelfManagedProperties.getClientSecret(), this.zeebeSelfManagedProperties.getAudience(), this.zeebeSelfManagedProperties.getAuthServer()));
        } else if (this.commonConfigurationProperties.getClientId() != null && this.commonConfigurationProperties.getClientSecret() != null) {
            jwtConfig.addProduct(Product.ZEEBE, new JwtCredential(this.commonConfigurationProperties.getClientId(), this.commonConfigurationProperties.getClientSecret(), this.zeebeClientConfigurationProperties.getCloud().getAudience(), this.zeebeClientConfigurationProperties.getCloud().getAuthUrl()));
        }
        String authUrl = this.zeebeClientConfigurationProperties.getCloud().getAuthUrl();
        if (this.operateClientConfigurationProperties != null) {
            if (this.operateClientConfigurationProperties.getAuthUrl() != null) {
                authUrl = this.operateClientConfigurationProperties.getAuthUrl();
            } else if (StringUtils.hasText(this.operateClientConfigurationProperties.getKeycloakTokenUrl())) {
                authUrl = this.operateClientConfigurationProperties.getKeycloakTokenUrl();
            } else if (StringUtils.hasText(this.operateClientConfigurationProperties.getKeycloakUrl()) && StringUtils.hasText(this.operateClientConfigurationProperties.getKeycloakRealm())) {
                authUrl = this.operateClientConfigurationProperties.getKeycloakUrl() + "/auth/realms/" + this.operateClientConfigurationProperties.getKeycloakRealm();
            }
            String baseUrl = this.operateClientConfigurationProperties.getBaseUrl() != null ? this.operateClientConfigurationProperties.getBaseUrl() : "operate.camunda.io";
            if (this.operateClientConfigurationProperties.getClientId() != null && this.operateClientConfigurationProperties.getClientSecret() != null) {
                jwtConfig.addProduct(Product.OPERATE, new JwtCredential(this.operateClientConfigurationProperties.getClientId(), this.operateClientConfigurationProperties.getClientSecret(), baseUrl, authUrl));
            } else if (this.identityConfigurationFromProperties != null && StringUtils.hasText(this.identityConfigurationFromProperties.getClientId()) && StringUtils.hasText(this.identityConfigurationFromProperties.getClientSecret())) {
                jwtConfig.addProduct(Product.OPERATE, new JwtCredential(this.identityConfigurationFromProperties.getClientId(), this.identityConfigurationFromProperties.getClientSecret(), this.identityConfigurationFromProperties.getAudience(), this.identityConfigurationFromProperties.getIssuerBackendUrl()));
            } else if (this.commonConfigurationProperties.getClientId() != null && this.commonConfigurationProperties.getClientSecret() != null) {
                jwtConfig.addProduct(Product.OPERATE, new JwtCredential(this.commonConfigurationProperties.getClientId(), this.commonConfigurationProperties.getClientSecret(), baseUrl, authUrl));
            } else if (this.zeebeClientConfigurationProperties.getCloud().getClientId() != null && this.zeebeClientConfigurationProperties.getCloud().getClientSecret() != null) {
                jwtConfig.addProduct(Product.OPERATE, new JwtCredential(this.zeebeClientConfigurationProperties.getCloud().getClientId(), this.zeebeClientConfigurationProperties.getCloud().getClientSecret(), baseUrl, authUrl));
            } else {
                if (this.zeebeSelfManagedProperties.getClientId() == null || this.zeebeSelfManagedProperties.getClientSecret() == null) {
                    throw new SdkException("Unable to determine OPERATE credentials");
                }
                jwtConfig.addProduct(Product.OPERATE, new JwtCredential(this.zeebeSelfManagedProperties.getClientId(), this.zeebeSelfManagedProperties.getClientSecret(), baseUrl, authUrl));
            }
        }
        return jwtConfig;
    }

    private IdentityConfig configureIdentities(JwtConfig jwtConfig) {
        IdentityConfig identityConfig = new IdentityConfig();
        if (this.operateClientConfigurationProperties != null) {
            identityConfig.addProduct(Product.OPERATE, configureOperateIdentityContainer(jwtConfig));
        }
        return identityConfig;
    }

    private IdentityContainer configureOperateIdentityContainer(JwtConfig jwtConfig) {
        IdentityConfiguration build = new IdentityConfiguration.Builder().withBaseUrl(this.identityConfigurationFromProperties.getBaseUrl()).withIssuer(StringUtils.hasText(this.identityConfigurationFromProperties.getIssuer()) ? this.identityConfigurationFromProperties.getIssuer() : jwtConfig.getProduct(Product.OPERATE).getAuthUrl()).withIssuerBackendUrl(StringUtils.hasText(this.identityConfigurationFromProperties.getIssuerBackendUrl()) ? this.identityConfigurationFromProperties.getIssuerBackendUrl() : jwtConfig.getProduct(Product.OPERATE).getAuthUrl()).withClientId(jwtConfig.getProduct(Product.OPERATE).getClientId()).withClientSecret(jwtConfig.getProduct(Product.OPERATE).getClientSecret()).withAudience(jwtConfig.getProduct(Product.OPERATE).getAudience()).withType(this.identityConfigurationFromProperties.getType().name()).build();
        return new IdentityContainer(new Identity(build), build);
    }
}
