package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.google.common.annotations.Beta;
import com.sap.cloud.environment.servicebinding.api.ServiceIdentifier;
import com.sap.cloud.sdk.cloudplatform.connectivity.DefaultHttpDestination;
import com.sap.cloud.sdk.cloudplatform.connectivity.ServiceBindingDestinationOptions;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationNotFoundException;
import com.sap.cloud.security.config.ClientIdentity;
import io.vavr.control.Option;
import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Beta
/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceBindingDestinationLoader.class */
public class OAuth2ServiceBindingDestinationLoader implements ServiceBindingDestinationLoader {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OAuth2ServiceBindingDestinationLoader.class);

    @Nonnull
    static final List<OAuth2PropertySupplierResolver> DEFAULT_SERVICE_RESOLVERS = BtpServicePropertySuppliers.getDefaultServiceResolvers();

    @Nonnull
    private final List<OAuth2PropertySupplierResolver> resolvers;

    public OAuth2ServiceBindingDestinationLoader() {
        this(DEFAULT_SERVICE_RESOLVERS);
    }

    OAuth2ServiceBindingDestinationLoader(@Nonnull List<OAuth2PropertySupplierResolver> list) {
        this.resolvers = list;
    }

    public static void registerPropertySupplier(@Nonnull ServiceIdentifier serviceIdentifier, @Nonnull Function<ServiceBindingDestinationOptions, OAuth2PropertySupplier> function) {
        log.debug("Prepending a new default resolver {} for service identifier {}.", function, serviceIdentifier);
        DEFAULT_SERVICE_RESOLVERS.add(0, OAuth2PropertySupplierResolver.forServiceIdentifier(serviceIdentifier, function));
    }

    public static void registerPropertySupplier(@Nonnull Predicate<ServiceBindingDestinationOptions> predicate, @Nonnull Function<ServiceBindingDestinationOptions, OAuth2PropertySupplier> function) {
        log.debug("Prepending a new default resolver {} with matcher {}.", function, predicate);
        DEFAULT_SERVICE_RESOLVERS.add(0, new OAuth2PropertySupplierResolver(predicate, function));
    }

    static void resetPropertySuppliers() {
        log.warn("Resetting the default OAuth2 property suppliers. This should only be used in tests.");
        DEFAULT_SERVICE_RESOLVERS.clear();
        DEFAULT_SERVICE_RESOLVERS.addAll(BtpServicePropertySuppliers.getDefaultServiceResolvers());
    }

    @Nonnull
    public Try<HttpDestination> tryGetDestination(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
        ServiceIdentifier serviceIdentifier = (ServiceIdentifier) serviceBindingDestinationOptions.getServiceBinding().getServiceIdentifier().orElse(null);
        log.debug("Checking if the service binding with identifier '{}' can be transformed into a OAuth destination.", serviceIdentifier);
        OAuth2PropertySupplier oAuth2PropertySupplier = getOAuth2PropertySupplier(serviceBindingDestinationOptions);
        if (oAuth2PropertySupplier == null) {
            return Try.failure(new DestinationNotFoundException((String) null, String.format("Could not transform service binding with identifier '%s' into a destination: None of the %s implementations matched the service binding format. If the binding contains OAuth credentials and is expected to be handled by this loader please inspect the log output. In case the service binding is not supported by default you may provide your own implementation by using the static `registerPropertySupplier` method.", serviceIdentifier, Integer.valueOf(this.resolvers.size()))));
        }
        log.debug("Creating an OAuth2 destination for service '{}'.", serviceIdentifier);
        try {
            URI serviceUri = oAuth2PropertySupplier.getServiceUri();
            URI tokenUri = oAuth2PropertySupplier.getTokenUri();
            ClientIdentity clientIdentity = oAuth2PropertySupplier.getClientIdentity();
            OAuth2Options oAuth2Options = oAuth2PropertySupplier.getOAuth2Options();
            Option option = serviceBindingDestinationOptions.getOption(ServiceBindingDestinationOptions.Options.ProxyOptions.class);
            try {
                OnBehalfOf onBehalfOf = serviceBindingDestinationOptions.getOnBehalfOf();
                if (!option.isDefined()) {
                    return Try.success(toDestination(serviceUri, tokenUri, clientIdentity, onBehalfOf, oAuth2Options, serviceIdentifier));
                }
                log.debug("Using the given service {} as a proxy service to enhance destination {}.", serviceIdentifier, option.get());
                return Try.success(toProxiedDestination((HttpDestination) option.get(), serviceUri, tokenUri, clientIdentity, onBehalfOf, oAuth2Options, serviceIdentifier));
            } catch (Exception e) {
                return Try.failure(new DestinationAccessException("Failed to instantiate OAuth destination based on given properties.", e));
            }
        } catch (DestinationAccessException e2) {
            return Try.failure(e2);
        } catch (Exception e3) {
            return Try.failure(new DestinationAccessException(String.format("Failed to retrieve OAuth2 properties for service binding of service '%s'.", serviceIdentifier), e3));
        }
    }

    @Nullable
    private OAuth2PropertySupplier getOAuth2PropertySupplier(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
        for (OAuth2PropertySupplierResolver oAuth2PropertySupplierResolver : this.resolvers) {
            Try of = Try.of(() -> {
                return Boolean.valueOf(oAuth2PropertySupplierResolver.matches(serviceBindingDestinationOptions));
            });
            if (of.isFailure()) {
                log.error("Failed to check whether binding options match the resolver.", of.getCause());
            } else if (((Boolean) of.get()).booleanValue()) {
                log.debug("A resolver matched the given options, loading the relevant property supplier.");
                Try of2 = Try.of(() -> {
                    return oAuth2PropertySupplierResolver.resolve(serviceBindingDestinationOptions);
                });
                if (of2.isFailure()) {
                    log.error("Failed to resolve the property supplier with provided options.", of2.getCause());
                } else {
                    OAuth2PropertySupplier oAuth2PropertySupplier = (OAuth2PropertySupplier) of2.get();
                    log.debug("Using property supplier {} for the given options.", oAuth2PropertySupplier.getClass().getName());
                    Objects.requireNonNull(oAuth2PropertySupplier);
                    Try of3 = Try.of(oAuth2PropertySupplier::isOAuth2Binding);
                    if (of3.isFailure()) {
                        log.error("Failed to check whether the property supplier supports OAuth2.", of3.getCause());
                    } else {
                        if (((Boolean) of3.get()).booleanValue()) {
                            return oAuth2PropertySupplier;
                        }
                        log.debug("Supplier {} was applied but claims the binding is not an OAuth2 binding.", oAuth2PropertySupplier);
                    }
                }
            } else {
                continue;
            }
        }
        return null;
    }

    @Nonnull
    HttpDestination toDestination(@Nonnull URI uri, @Nonnull URI uri2, @Nonnull ClientIdentity clientIdentity, @Nonnull OnBehalfOf onBehalfOf, @Nonnull OAuth2Options oAuth2Options, @Nullable ServiceIdentifier serviceIdentifier) {
        String str = ((String) Option.of(serviceIdentifier).map((v0) -> {
            return v0.toString();
        }).getOrElse("unknown")) + "-" + clientIdentity.getId().hashCode();
        log.debug("Creating a new OAuth2 destination for service {} with name '{}'.", serviceIdentifier, str);
        DefaultHttpDestination.Builder name = DefaultHttpDestination.builder(uri).name(str);
        if (oAuth2Options.skipTokenRetrieval()) {
            log.debug("Skipping OAuth2 token retrieval for destination '{}'.", str);
        } else {
            name.headerProviders(new DestinationHeaderProvider[]{createHeaderProvider(uri2, clientIdentity, onBehalfOf, "Authorization", oAuth2Options, serviceIdentifier)});
        }
        if (oAuth2Options.getClientKeyStore() != null) {
            log.debug("Securing communication to OAuth2 destination '{}' using mTLS.", str);
            name.keyStore(oAuth2Options.getClientKeyStore());
        }
        return name.build();
    }

    @Nonnull
    HttpDestination toProxiedDestination(@Nonnull HttpDestination httpDestination, @Nonnull URI uri, @Nonnull URI uri2, @Nonnull ClientIdentity clientIdentity, @Nonnull OnBehalfOf onBehalfOf, @Nonnull OAuth2Options oAuth2Options, @Nullable ServiceIdentifier serviceIdentifier) {
        String str = (String) httpDestination.get(DestinationProperty.NAME).getOrElse("<unnamed-destination>");
        DefaultHttpDestination.Builder fromDestination = DefaultHttpDestination.fromDestination(httpDestination);
        if (oAuth2Options.skipTokenRetrieval()) {
            log.debug("Skipping OAuth2 token retrieval for proxied destination '{}'.", str);
        } else {
            fromDestination.headerProviders(new DestinationHeaderProvider[]{createHeaderProvider(uri2, clientIdentity, onBehalfOf, "Proxy-Authorization", oAuth2Options, serviceIdentifier)});
        }
        if (oAuth2Options.getClientKeyStore() != null) {
            log.debug("Securing communication to OAuth2 proxy server for proxied destination '{}' using mTLS.", str);
            fromDestination.keyStore(oAuth2Options.getClientKeyStore());
        }
        return httpDestination.getProxyConfiguration().isDefined() ? fromDestination.buildInternal() : fromDestination.proxy(uri).buildInternal();
    }

    DestinationHeaderProvider createHeaderProvider(@Nonnull URI uri, @Nonnull ClientIdentity clientIdentity, @Nonnull OnBehalfOf onBehalfOf, @Nonnull String str, @Nonnull OAuth2Options oAuth2Options, @Nullable ServiceIdentifier serviceIdentifier) {
        log.debug("Creating a new OAuth2 header provider for client id '{}'.", clientIdentity.getId());
        return new OAuth2HeaderProvider(OAuth2Service.builder().withTokenUri(uri).withIdentity(clientIdentity).withOnBehalfOf(onBehalfOf).withTenantPropagationStrategyFrom(serviceIdentifier).withAdditionalParameters(oAuth2Options.getAdditionalTokenRetrievalParameters()).build(), str);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -2138817376:
                if (implMethodName.equals("isOAuth2Binding")) {
                    z = false;
                    break;
                }
                break;
            case -1034480094:
                if (implMethodName.equals("lambda$getOAuth2PropertySupplier$aec090db$1")) {
                    z = true;
                    break;
                }
                break;
            case 1077245247:
                if (implMethodName.equals("lambda$getOAuth2PropertySupplier$685ef634$1")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 9 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2PropertySupplier") && serializedLambda.getImplMethodSignature().equals("()Z")) {
                    OAuth2PropertySupplier oAuth2PropertySupplier = (OAuth2PropertySupplier) serializedLambda.getCapturedArg(0);
                    return oAuth2PropertySupplier::isOAuth2Binding;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceBindingDestinationLoader") && serializedLambda.getImplMethodSignature().equals("(Lcom/sap/cloud/sdk/cloudplatform/connectivity/OAuth2PropertySupplierResolver;Lcom/sap/cloud/sdk/cloudplatform/connectivity/ServiceBindingDestinationOptions;)Lcom/sap/cloud/sdk/cloudplatform/connectivity/OAuth2PropertySupplier;")) {
                    OAuth2PropertySupplierResolver oAuth2PropertySupplierResolver = (OAuth2PropertySupplierResolver) serializedLambda.getCapturedArg(0);
                    ServiceBindingDestinationOptions serviceBindingDestinationOptions = (ServiceBindingDestinationOptions) serializedLambda.getCapturedArg(1);
                    return () -> {
                        return oAuth2PropertySupplierResolver.resolve(serviceBindingDestinationOptions);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceBindingDestinationLoader") && serializedLambda.getImplMethodSignature().equals("(Lcom/sap/cloud/sdk/cloudplatform/connectivity/OAuth2PropertySupplierResolver;Lcom/sap/cloud/sdk/cloudplatform/connectivity/ServiceBindingDestinationOptions;)Ljava/lang/Boolean;")) {
                    OAuth2PropertySupplierResolver oAuth2PropertySupplierResolver2 = (OAuth2PropertySupplierResolver) serializedLambda.getCapturedArg(0);
                    ServiceBindingDestinationOptions serviceBindingDestinationOptions2 = (ServiceBindingDestinationOptions) serializedLambda.getCapturedArg(1);
                    return () -> {
                        return Boolean.valueOf(oAuth2PropertySupplierResolver2.matches(serviceBindingDestinationOptions2));
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
