package io.camunda.operate.auth;

import java.net.URISyntaxException;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Map;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.message.BasicNameValuePair;

/* loaded from: input_file:io/camunda/operate/auth/JwtAuthentication.class */
public class JwtAuthentication implements Authentication {
    private final JwtCredential jwtCredential;
    private final TokenResponseMapper tokenResponseMapper;
    private String token;
    private LocalDateTime timeout;

    public JwtAuthentication(JwtCredential jwtCredential, TokenResponseMapper tokenResponseMapper) {
        this.jwtCredential = jwtCredential;
        this.tokenResponseMapper = tokenResponseMapper;
    }

    @Deprecated
    public JwtCredential getJwtCredential() {
        return this.jwtCredential;
    }

    @Override // io.camunda.operate.auth.Authentication
    public Map<String, String> getTokenHeader() {
        if (this.token == null || this.timeout == null || this.timeout.isBefore(LocalDateTime.now())) {
            this.token = retrieveToken().getAccessToken();
            this.timeout = LocalDateTime.now().plusSeconds(r0.getExpiresIn().intValue()).minusSeconds(30L);
        }
        return Map.of("Authorization", "Bearer " + this.token);
    }

    @Override // io.camunda.operate.auth.Authentication
    public void resetToken() {
        this.token = null;
        this.timeout = null;
    }

    private TokenResponse retrieveToken() {
        try {
            CloseableHttpClient createSystem = HttpClients.createSystem();
            try {
                TokenResponse tokenResponse = (TokenResponse) createSystem.execute(buildRequest(), classicHttpResponse -> {
                    try {
                        return this.tokenResponseMapper.readToken(EntityUtils.toString(classicHttpResponse.getEntity()));
                    } catch (Exception e) {
                        throw new RuntimeException(String.format("Token retrieval failed from: %s\nResponse code: %s\nAudience: %s\n", this.jwtCredential.authUrl(), Integer.valueOf(classicHttpResponse.getCode()), this.jwtCredential.audience()), e);
                    }
                });
                if (createSystem != null) {
                    createSystem.close();
                }
                return tokenResponse;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Authenticating for Operate failed due to " + e.getMessage(), e);
        }
    }

    private HttpPost buildRequest() throws URISyntaxException {
        HttpPost httpPost = new HttpPost(this.jwtCredential.authUrl().toURI());
        httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("grant_type", "client_credentials"));
        arrayList.add(new BasicNameValuePair("client_id", this.jwtCredential.clientId()));
        arrayList.add(new BasicNameValuePair("client_secret", this.jwtCredential.clientSecret()));
        arrayList.add(new BasicNameValuePair("audience", this.jwtCredential.audience()));
        if (this.jwtCredential.scope() != null && !this.jwtCredential.scope().isEmpty()) {
            arrayList.add(new BasicNameValuePair("scope", this.jwtCredential.scope()));
        }
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
        return httpPost;
    }
}
