package io.camunda.connector.suppliers;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.microsoft.graph.serviceclient.GraphServiceClient;
import io.camunda.connector.model.authentication.BearerAuthentication;
import io.camunda.connector.model.authentication.ClientSecretAuthentication;
import io.camunda.connector.model.authentication.MSTeamsAuthentication;
import io.camunda.connector.model.authentication.RefreshTokenAuthentication;
import java.io.IOException;
import java.time.OffsetDateTime;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/camunda/connector/suppliers/GraphServiceClientSupplier.class */
public class GraphServiceClientSupplier {
    private static final String URL = "https://login.microsoftonline.com/%s/oauth2/v2.0/token";
    private static final String CLIENT_ID = "client_id";
    private static final String GRANT_TYPE = "grant_type";
    private static final String REFRESH_TOKEN = "refresh_token";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String DEFAULT_SCOPE = "https://graph.microsoft.com/.default";
    private final OkHttpClient okHttpClient;

    /* loaded from: input_file:io/camunda/connector/suppliers/GraphServiceClientSupplier$DelegateAuthenticationProvider.class */
    public static class DelegateAuthenticationProvider implements TokenCredential {
        private final String token;

        public DelegateAuthenticationProvider(String str) {
            this.token = str;
        }

        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
            return Mono.just(new AccessToken(this.token, OffsetDateTime.MAX));
        }

        public AccessToken getTokenSync(TokenRequestContext tokenRequestContext) {
            return new AccessToken(this.token, OffsetDateTime.MAX);
        }
    }

    public GraphServiceClientSupplier() {
        this.okHttpClient = new OkHttpClient();
    }

    public GraphServiceClientSupplier(OkHttpClient okHttpClient) {
        this.okHttpClient = okHttpClient;
    }

    public GraphServiceClient buildAndGetGraphServiceClient(ClientSecretAuthentication clientSecretAuthentication) {
        return new GraphServiceClient(new ClientSecretCredentialBuilder().tenantId(clientSecretAuthentication.tenantId()).clientId(clientSecretAuthentication.clientId()).clientSecret(clientSecretAuthentication.clientSecret()).build(), new String[]{DEFAULT_SCOPE});
    }

    public GraphServiceClient buildAndGetGraphServiceClient(RefreshTokenAuthentication refreshTokenAuthentication) {
        return buildAndGetGraphServiceClient(getAccessToken(buildRequest(refreshTokenAuthentication)));
    }

    public GraphServiceClient buildAndGetGraphServiceClient(BearerAuthentication bearerAuthentication) {
        return new GraphServiceClient(new DelegateAuthenticationProvider(bearerAuthentication.token()), new String[]{DEFAULT_SCOPE});
    }

    public GraphServiceClient buildAndGetGraphServiceClient(String str) {
        return new GraphServiceClient(new DelegateAuthenticationProvider(str), new String[]{DEFAULT_SCOPE});
    }

    @NotNull
    private Request buildRequest(RefreshTokenAuthentication refreshTokenAuthentication) {
        FormBody.Builder add = new FormBody.Builder().add(CLIENT_ID, refreshTokenAuthentication.clientId()).add(GRANT_TYPE, REFRESH_TOKEN).add(REFRESH_TOKEN, refreshTokenAuthentication.token());
        if (StringUtils.isNoneBlank(new CharSequence[]{refreshTokenAuthentication.clientSecret()})) {
            add.add(CLIENT_SECRET, refreshTokenAuthentication.clientSecret());
        }
        return new Request.Builder().url(String.format(URL, refreshTokenAuthentication.tenantId())).header(CONTENT_TYPE, X_WWW_FORM_URLENCODED).post(add.build()).build();
    }

    private String getAccessToken(Request request) {
        try {
            Response execute = this.okHttpClient.newCall(request).execute();
            try {
                if (!execute.isSuccessful() || execute.body() == null) {
                    throw new RuntimeException("Failed to fetch access token. Verify authentication details. Note: Client secret is optional, depending on the client's privacy status. Status code: " + execute.code() + ", message: " + execute.message());
                }
                JsonNode readTree = ObjectMapperSupplier.objectMapper().readTree(execute.body().string());
                if (!readTree.has(ACCESS_TOKEN)) {
                    throw new RuntimeException("Access token not found in the response");
                }
                String asText = readTree.get(ACCESS_TOKEN).asText();
                if (execute != null) {
                    execute.close();
                }
                return asText;
            } catch (Throwable th) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            throw new RuntimeException("Network error occurred", e);
        } catch (JsonProcessingException e2) {
            throw new RuntimeException("Error while parsing refresh token response", e2);
        }
    }

    public GraphServiceClient buildAndGetGraphServiceClient(MSTeamsAuthentication mSTeamsAuthentication) {
        if (mSTeamsAuthentication instanceof ClientSecretAuthentication) {
            return buildAndGetGraphServiceClient((ClientSecretAuthentication) mSTeamsAuthentication);
        }
        if (mSTeamsAuthentication instanceof RefreshTokenAuthentication) {
            return buildAndGetGraphServiceClient((RefreshTokenAuthentication) mSTeamsAuthentication);
        }
        if (mSTeamsAuthentication instanceof BearerAuthentication) {
            return buildAndGetGraphServiceClient((BearerAuthentication) mSTeamsAuthentication);
        }
        return null;
    }
}
