package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.security.AuthTokenAccessor;
import com.sap.cloud.sdk.cloudplatform.tenant.TenantAccessor;
import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/DestinationRetrievalStrategyResolver.class */
class DestinationRetrievalStrategyResolver {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(DestinationRetrievalStrategyResolver.class);
    private static final Strategy tokenExchangeOnlyStrategy = new Strategy(OnBehalfOf.NAMED_USER_CURRENT_TENANT, false);
    private final Supplier<String> providerTenantIdSupplier;
    private final Function<Strategy, DestinationServiceV1Response> destinationRetriever;
    private final Function<OnBehalfOf, List<DestinationProperties>> allDestinationRetriever;
    static final String JWT_ATTR_EXT = "ext_attr";
    static final String JWT_ATTR_ENHANCER = "enhancer";
    static final String JWT_ATTR_XSUAA = "XSUAA";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/DestinationRetrievalStrategyResolver$Strategy.class */
    public static final class Strategy {
        private final OnBehalfOf behalf;
        private final boolean forwardToken;

        @Generated
        public Strategy(OnBehalfOf onBehalfOf, boolean z) {
            this.behalf = onBehalfOf;
            this.forwardToken = z;
        }

        @Generated
        public OnBehalfOf getBehalf() {
            return this.behalf;
        }

        @Generated
        public boolean isForwardToken() {
            return this.forwardToken;
        }

        @Generated
        public boolean equals(@Nullable Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Strategy)) {
                return false;
            }
            Strategy strategy = (Strategy) obj;
            if (isForwardToken() != strategy.isForwardToken()) {
                return false;
            }
            OnBehalfOf behalf = getBehalf();
            OnBehalfOf behalf2 = strategy.getBehalf();
            return behalf == null ? behalf2 == null : behalf.equals(behalf2);
        }

        @Generated
        public int hashCode() {
            int i = (1 * 59) + (isForwardToken() ? 79 : 97);
            OnBehalfOf behalf = getBehalf();
            return (i * 59) + (behalf == null ? 43 : behalf.hashCode());
        }

        @Nonnull
        @Generated
        public String toString() {
            return "DestinationRetrievalStrategyResolver.Strategy(behalf=" + getBehalf() + ", forwardToken=" + isForwardToken() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DestinationRetrievalStrategyResolver forSingleDestination(Supplier<String> supplier, Function<Strategy, DestinationServiceV1Response> function) {
        return new DestinationRetrievalStrategyResolver(supplier, function, onBehalfOf -> {
            return Collections.emptyList();
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DestinationRetrievalStrategyResolver forAllDestinations(Supplier<String> supplier, Function<OnBehalfOf, List<DestinationProperties>> function) {
        return new DestinationRetrievalStrategyResolver(supplier, strategy -> {
            return null;
        }, function);
    }

    Strategy resolveSingleRequestStrategy(@Nonnull DestinationServiceRetrievalStrategy destinationServiceRetrievalStrategy, @Nonnull DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy) {
        OnBehalfOf onBehalfOf;
        switch (destinationServiceRetrievalStrategy) {
            case ALWAYS_PROVIDER:
                onBehalfOf = OnBehalfOf.TECHNICAL_USER_PROVIDER;
                break;
            case CURRENT_TENANT:
            case ONLY_SUBSCRIBER:
                onBehalfOf = OnBehalfOf.TECHNICAL_USER_CURRENT_TENANT;
                break;
            default:
                throw new IllegalStateException("Unexpected retrieval strategy " + destinationServiceRetrievalStrategy + " when building a request towards the destination service.");
        }
        switch (destinationServiceTokenExchangeStrategy) {
            case FORWARD_USER_TOKEN:
                return new Strategy(onBehalfOf, true);
            case LOOKUP_ONLY:
                return new Strategy(onBehalfOf, false);
            case EXCHANGE_ONLY:
                return new Strategy(OnBehalfOf.NAMED_USER_CURRENT_TENANT, false);
            default:
                throw new IllegalStateException("Unexpected token exchange strategy " + destinationServiceTokenExchangeStrategy + " when building a request towards the destination service.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DestinationRetrieval prepareSupplier(@Nonnull DestinationOptions destinationOptions) {
        DestinationServiceRetrievalStrategy destinationServiceRetrievalStrategy = (DestinationServiceRetrievalStrategy) DestinationServiceOptionsAugmenter.getRetrievalStrategy(destinationOptions).getOrElse(DestinationServiceRetrievalStrategy.CURRENT_TENANT);
        DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy = (DestinationServiceTokenExchangeStrategy) DestinationServiceOptionsAugmenter.getTokenExchangeStrategy(destinationOptions).getOrElse(this::getDefaultTokenExchangeStrategy);
        log.debug("Loading destination from reuse-destination-service with retrieval strategy {} and token exchange strategy {}.", destinationServiceRetrievalStrategy, destinationServiceTokenExchangeStrategy);
        return prepareSupplier(destinationServiceRetrievalStrategy, destinationServiceTokenExchangeStrategy);
    }

    @Nonnull
    private DestinationServiceTokenExchangeStrategy getDefaultTokenExchangeStrategy() {
        Map map = (Map) AuthTokenAccessor.tryGetCurrentToken().map(authToken -> {
            return authToken.getJwt().getClaim(JWT_ATTR_EXT).asMap();
        }).getOrNull();
        if (map != null && JWT_ATTR_XSUAA.equalsIgnoreCase(map.get(JWT_ATTR_ENHANCER))) {
            return DestinationServiceTokenExchangeStrategy.FORWARD_USER_TOKEN;
        }
        log.debug("Falling back to {}. Current user token may not originate from XSUAA.", DestinationServiceTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE);
        return DestinationServiceTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE;
    }

    DestinationRetrieval prepareSupplier(@Nonnull DestinationServiceRetrievalStrategy destinationServiceRetrievalStrategy, @Nonnull DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy) throws DestinationAccessException {
        log.debug("Preparing request(s) towards the destination service based on the strategies {} and {}", destinationServiceRetrievalStrategy, destinationServiceTokenExchangeStrategy);
        warnOrThrowOnUnsupportedCombinations(destinationServiceRetrievalStrategy, destinationServiceTokenExchangeStrategy);
        if (destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.LOOKUP_THEN_EXCHANGE) {
            Strategy resolveSingleRequestStrategy = resolveSingleRequestStrategy(destinationServiceRetrievalStrategy, DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY);
            return new DestinationRetrieval(() -> {
                DestinationServiceV1Response apply = this.destinationRetriever.apply(resolveSingleRequestStrategy);
                if (!doesDestinationConfigurationRequireUserTokenExchange(apply)) {
                    return apply;
                }
                if (destinationServiceRetrievalStrategy != DestinationServiceRetrievalStrategy.ALWAYS_PROVIDER || currentTenantIsProvider()) {
                    return this.destinationRetriever.apply(tokenExchangeOnlyStrategy);
                }
                throw new DestinationAccessException("Can't perform token exchange, the current token is not issued for the provider tenant.");
            }, resolveSingleRequestStrategy.getBehalf());
        }
        Strategy resolveSingleRequestStrategy2 = resolveSingleRequestStrategy(destinationServiceRetrievalStrategy, destinationServiceTokenExchangeStrategy);
        return new DestinationRetrieval(() -> {
            return this.destinationRetriever.apply(resolveSingleRequestStrategy2);
        }, resolveSingleRequestStrategy2.getBehalf());
    }

    private void warnOrThrowOnUnsupportedCombinations(@Nonnull DestinationServiceRetrievalStrategy destinationServiceRetrievalStrategy, @Nullable DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy) {
        if (destinationServiceRetrievalStrategy == DestinationServiceRetrievalStrategy.ONLY_SUBSCRIBER && currentTenantIsProvider()) {
            throw new DestinationAccessException("The current tenant is the provider tenant, which should not be the case with the option " + DestinationServiceRetrievalStrategy.ONLY_SUBSCRIBER + ". Cannot retrieve destination.");
        }
        if (destinationServiceRetrievalStrategy != DestinationServiceRetrievalStrategy.ALWAYS_PROVIDER || currentTenantIsProvider()) {
            return;
        }
        if (destinationServiceTokenExchangeStrategy == DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY) {
            throw new DestinationAccessException("The current tenant is not the provider tenant, which should not be the case with the options " + DestinationServiceRetrievalStrategy.ALWAYS_PROVIDER + " and " + DestinationServiceTokenExchangeStrategy.EXCHANGE_ONLY + ". Cannot retrieve destination.");
        }
        if (destinationServiceTokenExchangeStrategy != DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY) {
            log.warn("The current tenant is not the provider tenant. Only destinations which don't require a user token will be supported. Use retrieval strategy {} to avoid this warning.", DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Supplier<List<DestinationProperties>> prepareSupplierAllDestinations(@Nonnull DestinationOptions destinationOptions) {
        DestinationServiceTokenExchangeStrategy destinationServiceTokenExchangeStrategy = (DestinationServiceTokenExchangeStrategy) DestinationServiceOptionsAugmenter.getTokenExchangeStrategy(destinationOptions).getOrElse(DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY);
        if (destinationServiceTokenExchangeStrategy != DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY) {
            log.warn("The provided token exchange strategy {} is not applicable while retrieving all destinations, hence switching to {} ", destinationServiceTokenExchangeStrategy, DestinationServiceTokenExchangeStrategy.LOOKUP_ONLY);
        }
        return prepareSupplierAllDestinations((DestinationServiceRetrievalStrategy) DestinationServiceOptionsAugmenter.getRetrievalStrategy(destinationOptions).getOrElse(DestinationServiceRetrievalStrategy.CURRENT_TENANT));
    }

    Supplier<List<DestinationProperties>> prepareSupplierAllDestinations(@Nonnull DestinationServiceRetrievalStrategy destinationServiceRetrievalStrategy) throws IllegalArgumentException {
        warnOrThrowOnUnsupportedCombinations(destinationServiceRetrievalStrategy, null);
        switch (destinationServiceRetrievalStrategy) {
            case ALWAYS_PROVIDER:
                return () -> {
                    return this.allDestinationRetriever.apply(OnBehalfOf.TECHNICAL_USER_PROVIDER);
                };
            case CURRENT_TENANT:
            case ONLY_SUBSCRIBER:
                return () -> {
                    return this.allDestinationRetriever.apply(OnBehalfOf.TECHNICAL_USER_CURRENT_TENANT);
                };
            default:
                throw new IllegalArgumentException("The provided destination retrieval strategy " + destinationServiceRetrievalStrategy + " is not valid.");
        }
    }

    boolean doesDestinationConfigurationRequireUserTokenExchange(@Nonnull DestinationServiceV1Response destinationServiceV1Response) {
        Map<String, String> destinationConfiguration = destinationServiceV1Response.getDestinationConfiguration();
        Try<AuthenticationType> determineAuthenticationType = determineAuthenticationType(destinationConfiguration);
        if (determineAuthenticationType.isSuccess()) {
            return DestinationUtility.requiresUserTokenExchange((AuthenticationType) determineAuthenticationType.get(), destinationConfiguration.get(DestinationProperty.SYSTEM_USER.getKeyName()));
        }
        log.warn("No configuration value set for 'Authentication' in destination {}.", destinationConfiguration.get(DestinationProperty.NAME.getKeyName()));
        return false;
    }

    private boolean currentTenantIsProvider() {
        return Objects.equals((String) TenantAccessor.tryGetCurrentTenant().map((v0) -> {
            return v0.getTenantId();
        }).getOrNull(), this.providerTenantIdSupplier.get());
    }

    private Try<AuthenticationType> determineAuthenticationType(Map<String, String> map) {
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(map);
        String str = (String) treeMap.get(DestinationProperty.AUTH_TYPE.getKeyName());
        return Try.of(() -> {
            return AuthenticationType.ofIdentifier(str);
        });
    }

    @Generated
    public DestinationRetrievalStrategyResolver(Supplier<String> supplier, Function<Strategy, DestinationServiceV1Response> function, Function<OnBehalfOf, List<DestinationProperties>> function2) {
        this.providerTenantIdSupplier = supplier;
        this.destinationRetriever = function;
        this.allDestinationRetriever = function2;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1190979736:
                if (implMethodName.equals("lambda$determineAuthenticationType$df8885b2$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/DestinationRetrievalStrategyResolver") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Lcom/sap/cloud/sdk/cloudplatform/connectivity/AuthenticationType;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return AuthenticationType.ofIdentifier(str);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
