package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.environment.servicebinding.api.ServiceIdentifier;
import com.sap.cloud.sdk.cloudplatform.connectivity.BtpServiceOptions;
import com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2Options;
import com.sap.cloud.sdk.cloudplatform.connectivity.SecurityLibWorkarounds;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.tenant.TenantAccessor;
import com.sap.cloud.security.config.ClientCertificate;
import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.mtls.SSLContextFactory;
import io.vavr.control.Option;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers.class */
class BtpServicePropertySuppliers {
    static final OAuth2PropertySupplierResolver XSUAA = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.of("xsuaa"), Xsuaa::new);
    static final OAuth2PropertySupplierResolver DESTINATION = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.DESTINATION, Destination::new);
    static final OAuth2PropertySupplierResolver CONNECTIVITY = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.CONNECTIVITY, ConnectivityProxy::new);
    static final OAuth2PropertySupplierResolver IDENTITY_AUTHENTICATION = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.of("identity"), IdentityAuthentication::new);
    static final OAuth2PropertySupplierResolver WORKFLOW = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.WORKFLOW, MultiUrlPropertySupplier.of(BtpServiceOptions.WorkflowOptions.class).withUrlKey(BtpServiceOptions.WorkflowOptions.REST_API, "workflow_rest_url").withUrlKey(BtpServiceOptions.WorkflowOptions.ODATA_API, "workflow_odata_url").factory());
    static final OAuth2PropertySupplierResolver BUSINESS_RULES = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.BUSINESS_RULES, MultiUrlPropertySupplier.of(BtpServiceOptions.BusinessRulesOptions.class).withUrlKey(BtpServiceOptions.BusinessRulesOptions.AUTHORING_API, "rule_repository_url").withUrlKey(BtpServiceOptions.BusinessRulesOptions.EXECUTION_API, "rule_runtime_url").factory());
    static final OAuth2PropertySupplierResolver BUSINESS_LOGGING = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.of("business-logging"), MultiUrlPropertySupplier.of(BtpServiceOptions.BusinessLoggingOptions.class).withUrlKey(BtpServiceOptions.BusinessLoggingOptions.CONFIG_API, "configservice", MultiUrlPropertySupplier.REMOVE_PATH).withUrlKey(BtpServiceOptions.BusinessLoggingOptions.TEXT_API, "textresourceservice", MultiUrlPropertySupplier.REMOVE_PATH).withUrlKey(BtpServiceOptions.BusinessLoggingOptions.READ_API, "readservice", MultiUrlPropertySupplier.REMOVE_PATH).withUrlKey(BtpServiceOptions.BusinessLoggingOptions.WRITE_API, "writeservice", MultiUrlPropertySupplier.REMOVE_PATH).factory());
    static final OAuth2PropertySupplierResolver AI_CORE = OAuth2PropertySupplierResolver.forServiceIdentifier(ServiceIdentifier.of("aicore"), AiCore::new);
    private static final List<OAuth2PropertySupplierResolver> DEFAULT_SERVICE_RESOLVERS = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sap.cloud.sdk.cloudplatform.connectivity.BtpServicePropertySuppliers$1, reason: invalid class name */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$OnBehalfOf = new int[OnBehalfOf.values().length];

        static {
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$OnBehalfOf[OnBehalfOf.NAMED_USER_CURRENT_TENANT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$OnBehalfOf[OnBehalfOf.TECHNICAL_USER_PROVIDER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$OnBehalfOf[OnBehalfOf.TECHNICAL_USER_CURRENT_TENANT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$AiCore.class */
    private static class AiCore extends DefaultOAuth2PropertySupplier {
        AiCore(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
            super(serviceBindingDestinationOptions, Collections.emptyList());
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getServiceUri() {
            return (URI) getCredentialOrThrow(URI.class, "serviceurls", "AI_API_URL");
        }
    }

    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$ConnectivityProxy.class */
    private static class ConnectivityProxy extends DefaultOAuth2PropertySupplier {
        ConnectivityProxy(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
            super(serviceBindingDestinationOptions, Collections.emptyList());
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getServiceUri() {
            try {
                return new URI("http", null, (String) getCredentialOrThrow(String.class, "onpremise_proxy_host"), ((Integer) getCredential(Integer.class, "onpremise_proxy_http_port").getOrElse(() -> {
                    return (Integer) getCredentialOrThrow(Integer.class, "onpremise_proxy_port");
                })).intValue(), null, null, null);
            } catch (URISyntaxException e) {
                throw new DestinationAccessException("Failed to construct proxy URL", e);
            }
        }
    }

    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$Destination.class */
    private static class Destination extends DefaultOAuth2PropertySupplier {
        Destination(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
            super(serviceBindingDestinationOptions, Collections.emptyList());
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getServiceUri() {
            return (URI) getCredentialOrThrow(URI.class, "uri");
        }
    }

    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$IdentityAuthentication.class */
    private static class IdentityAuthentication extends DefaultOAuth2PropertySupplier {

        @Generated
        private static final Logger log = LoggerFactory.getLogger(IdentityAuthentication.class);

        IdentityAuthentication(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
            super(serviceBindingDestinationOptions, List.of());
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getServiceUri() {
            return (URI) this.options.getOption(BtpServiceOptions.AuthenticationServiceOptions.TargetUri.class).getOrElse(() -> {
                return super.getServiceUri();
            });
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getTokenUri() {
            String str = (String) getCredentialOrThrow(String.class, "url");
            if (str.endsWith("/")) {
                str = str.substring(0, str.length() - 1);
            }
            return URI.create(str + "/oauth2/token");
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public OAuth2Options getOAuth2Options() {
            OAuth2Options.Builder builder = OAuth2Options.builder();
            Option option = this.options.getOption(OAuth2Options.TokenRetrievalTimeout.class);
            Objects.requireNonNull(builder);
            option.peek(builder::withTimeLimiter);
            if (skipTokenRetrieval()) {
                builder.withSkipTokenRetrieval(true);
            } else {
                attachIasCommunicationOptions(builder);
                builder.withTokenRetrievalParameter("app_tid", (String) getCredentialOrThrow(String.class, "app_tid"));
            }
            attachClientKeyStore(builder);
            return builder.build();
        }

        private void attachIasCommunicationOptions(@Nonnull OAuth2Options.Builder builder) {
            BtpServiceOptions.IasOptions.IasCommunicationOptions iasCommunicationOptions = (BtpServiceOptions.IasOptions.IasCommunicationOptions) this.options.getOption(BtpServiceOptions.IasOptions.IasCommunicationOptions.class).getOrNull();
            if (iasCommunicationOptions == null) {
                return;
            }
            if (iasCommunicationOptions.getApplicationName() != null) {
                builder.withTokenRetrievalParameter("resource", "urn:sap:identity:application:provider:name:" + iasCommunicationOptions.getApplicationName());
            } else if (iasCommunicationOptions.getConsumerClientId() != null) {
                String str = "urn:sap:identity:consumer:clientid:" + iasCommunicationOptions.getConsumerClientId();
                if (iasCommunicationOptions.getConsumerTenantId() != null) {
                    str = str + ":apptid:" + iasCommunicationOptions.getConsumerTenantId();
                }
                builder.withTokenRetrievalParameter("resource", str);
            }
        }

        private boolean skipTokenRetrieval() {
            OnBehalfOf onBehalfOf = this.options.getOnBehalfOf();
            if (!((Boolean) this.options.getOption(BtpServiceOptions.IasOptions.NoTokenForTechnicalProviderUser.class).getOrElse(false)).booleanValue()) {
                return false;
            }
            switch (AnonymousClass1.$SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$OnBehalfOf[onBehalfOf.ordinal()]) {
                case 1:
                    return false;
                case 2:
                    return true;
                case 3:
                    return currentTenantIsProvider();
                default:
                    throw new IncompatibleClassChangeError();
            }
        }

        private boolean currentTenantIsProvider() {
            String str = (String) TenantAccessor.tryGetCurrentTenant().map((v0) -> {
                return v0.getTenantId();
            }).getOrNull();
            if (str == null) {
                return true;
            }
            return str.equalsIgnoreCase((String) getCredentialOrThrow(String.class, "app_tid"));
        }

        private void attachClientKeyStore(@Nonnull OAuth2Options.Builder builder) {
            KeyStore clientKeyStore = getClientKeyStore();
            if (clientKeyStore != null) {
                builder.withClientKeyStore(clientKeyStore);
            }
        }

        @Nullable
        private KeyStore getClientKeyStore() {
            ClientIdentity clientIdentity = getClientIdentity();
            if (clientIdentity instanceof SecurityLibWorkarounds.ZtisClientIdentity) {
                return ((SecurityLibWorkarounds.ZtisClientIdentity) clientIdentity).getKeyStore();
            }
            if (!(clientIdentity instanceof ClientCertificate)) {
                return null;
            }
            try {
                return SSLContextFactory.getInstance().createKeyStore(clientIdentity);
            } catch (Exception e) {
                throw new DestinationAccessException("Unable to extract client key store from IAS service binding.", e);
            }
        }
    }

    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/BtpServicePropertySuppliers$Xsuaa.class */
    private static class Xsuaa extends DefaultOAuth2PropertySupplier {
        public Xsuaa(@Nonnull ServiceBindingDestinationOptions serviceBindingDestinationOptions) {
            super(serviceBindingDestinationOptions, List.of());
        }

        @Override // com.sap.cloud.sdk.cloudplatform.connectivity.DefaultOAuth2PropertySupplier, com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2PropertySupplier
        @Nonnull
        public URI getServiceUri() {
            return (URI) this.options.getOption(BtpServiceOptions.AuthenticationServiceOptions.TargetUri.class).getOrElse(() -> {
                return super.getServiceUri();
            });
        }
    }

    BtpServicePropertySuppliers() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<OAuth2PropertySupplierResolver> getDefaultServiceResolvers() {
        return new ArrayList(DEFAULT_SERVICE_RESOLVERS);
    }

    static {
        DEFAULT_SERVICE_RESOLVERS.add(XSUAA);
        DEFAULT_SERVICE_RESOLVERS.add(DESTINATION);
        DEFAULT_SERVICE_RESOLVERS.add(CONNECTIVITY);
        DEFAULT_SERVICE_RESOLVERS.add(BUSINESS_RULES);
        DEFAULT_SERVICE_RESOLVERS.add(WORKFLOW);
        DEFAULT_SERVICE_RESOLVERS.add(BUSINESS_LOGGING);
        DEFAULT_SERVICE_RESOLVERS.add(IDENTITY_AUTHENTICATION);
        DEFAULT_SERVICE_RESOLVERS.add(AI_CORE);
    }
}
