package org.bitbucket.search.secrets.client;

import com.atlassian.asap.api.JwtBuilder;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.bitbucket.search.okhttp.HttpClients;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.kristofa.brave.Brave;
import java.time.Duration;
import java.util.Objects;
import javax.annotation.Nonnull;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import org.bitbucket.search.secrets.SecretsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import retrofit2.Retrofit;
import retrofit2.adapter.rxjava.RxJavaCallAdapterFactory;
import retrofit2.converter.jackson.JacksonConverterFactory;

/* loaded from: input_file:org/bitbucket/search/secrets/client/SecretsServiceFactory.class */
public class SecretsServiceFactory {
    private static final Logger log = LoggerFactory.getLogger(SecretsServiceFactory.class);
    private final Brave brave;
    private final ObjectMapper objectMapper;

    public SecretsServiceFactory(@Nonnull Brave brave, @Nonnull ObjectMapper objectMapper) {
        this.brave = (Brave) Objects.requireNonNull(brave, "brave");
        this.objectMapper = (ObjectMapper) Objects.requireNonNull(objectMapper, "objectMapper");
    }

    public SecretsService createSecretsService(SecretsServiceProperties secretsServiceProperties) {
        return new DefaultSecretsService(createSecretsRestApi(secretsServiceProperties.getAsapProperties(), secretsServiceProperties.getHttpProperties()));
    }

    private SecretsServiceRestApi createSecretsRestApi(AsapProperties asapProperties, HttpProperties httpProperties) {
        Duration connectTimeout = httpProperties.getConnectTimeout();
        Duration readTimeout = httpProperties.getReadTimeout();
        Duration writeTimeout = httpProperties.getWriteTimeout();
        Duration idleTimeout = httpProperties.getIdleTimeout();
        int maxConcurrentRequests = httpProperties.getMaxConcurrentRequests();
        OkHttpClient build = HttpClients.builder(this.brave).connectTimeout(connectTimeout).readTimeout(readTimeout).writeTimeout(writeTimeout).idleTimeout(idleTimeout).maxIdleConnections(5).addInterceptor(createAsapInterceptor(asapProperties)).userAgentPrefix(httpProperties.getUserAgent()).build();
        log.info("Creating secrets client with configuration: connect timeout -> {}ms, read timeout -> {}ms, write timeout -> {}ms, idle timeout -> {}ms, max concurrent connections: {}", new Object[]{Long.valueOf(connectTimeout.toMillis()), Long.valueOf(readTimeout.toMillis()), Long.valueOf(writeTimeout.toMillis()), Long.valueOf(idleTimeout.toMillis()), Integer.valueOf(maxConcurrentRequests)});
        return (SecretsServiceRestApi) new Retrofit.Builder().baseUrl(httpProperties.getSecretsServiceUrl().toASCIIString()).client(build).addConverterFactory(JacksonConverterFactory.create(this.objectMapper)).addCallAdapterFactory(RxJavaCallAdapterFactory.create()).build().create(SecretsServiceRestApi.class);
    }

    private Interceptor createAsapInterceptor(AsapProperties asapProperties) {
        return chain -> {
            return chain.proceed(chain.request().newBuilder().addHeader("Authorization", generateJwtHeader(asapProperties)).build());
        };
    }

    private String generateJwtHeader(AsapProperties asapProperties) {
        try {
            return asapProperties.getAsapAuthorizationHeaderGenerator().generateAuthorizationHeader(JwtBuilder.newJwt().keyId(asapProperties.getAsapKeyId()).audience(new String[]{asapProperties.getAsapAudience()}).issuer(asapProperties.getAsapIssuer()).build());
        } catch (InvalidTokenException | CannotRetrieveKeyException e) {
            throw new SecretsServiceClientException("Failed to apply ASAP authorization header", e);
        }
    }
}
