package com.atlan.api;

import com.atlan.AtlanClient;
import com.atlan.exception.ApiConnectionException;
import com.atlan.exception.AtlanException;
import com.atlan.exception.ErrorCode;
import com.atlan.exception.InvalidRequestException;
import com.atlan.exception.PermissionException;
import com.atlan.net.ApiResource;
import com.atlan.net.RequestOptions;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.util.Map;
import lombok.Generated;

/* loaded from: input_file:com/atlan/api/ImpersonationEndpoint.class */
public class ImpersonationEndpoint extends AbstractEndpoint {
    private static final String SERVICE = "http://keycloak-http.keycloak.svc.cluster.local";
    private static final String endpoint = "/auth/realms/default/protocol/openid-connect/token";

    /* JADX INFO: Access modifiers changed from: private */
    @JsonDeserialize(builder = AccessTokenResponseBuilder.class)
    /* loaded from: input_file:com/atlan/api/ImpersonationEndpoint$AccessTokenResponse.class */
    public static final class AccessTokenResponse extends ApiResource {
        private static final long serialVersionUID = 2;

        @JsonProperty("access_token")
        String accessToken;

        @JsonProperty("expires_in")
        Long expiresIn;

        @JsonProperty("refresh_expires_in")
        Long refreshExpiresIn;

        @JsonProperty("refresh_token")
        String refreshToken;

        @JsonProperty("token_type")
        String tokenType;

        @JsonProperty("not-before-policy")
        Long notBeforePolicy;

        @JsonProperty("session_state")
        String sessionState;
        String scope;

        @Generated
        @JsonPOJOBuilder(withPrefix = "", buildMethodName = JsonPOJOBuilder.DEFAULT_BUILD_METHOD)
        /* loaded from: input_file:com/atlan/api/ImpersonationEndpoint$AccessTokenResponse$AccessTokenResponseBuilder.class */
        public static class AccessTokenResponseBuilder {

            @Generated
            private String accessToken;

            @Generated
            private Long expiresIn;

            @Generated
            private Long refreshExpiresIn;

            @Generated
            private String refreshToken;

            @Generated
            private String tokenType;

            @Generated
            private Long notBeforePolicy;

            @Generated
            private String sessionState;

            @Generated
            private String scope;

            @Generated
            AccessTokenResponseBuilder() {
            }

            @JsonProperty("access_token")
            @Generated
            public AccessTokenResponseBuilder accessToken(String str) {
                this.accessToken = str;
                return this;
            }

            @JsonProperty("expires_in")
            @Generated
            public AccessTokenResponseBuilder expiresIn(Long l) {
                this.expiresIn = l;
                return this;
            }

            @JsonProperty("refresh_expires_in")
            @Generated
            public AccessTokenResponseBuilder refreshExpiresIn(Long l) {
                this.refreshExpiresIn = l;
                return this;
            }

            @JsonProperty("refresh_token")
            @Generated
            public AccessTokenResponseBuilder refreshToken(String str) {
                this.refreshToken = str;
                return this;
            }

            @JsonProperty("token_type")
            @Generated
            public AccessTokenResponseBuilder tokenType(String str) {
                this.tokenType = str;
                return this;
            }

            @JsonProperty("not-before-policy")
            @Generated
            public AccessTokenResponseBuilder notBeforePolicy(Long l) {
                this.notBeforePolicy = l;
                return this;
            }

            @JsonProperty("session_state")
            @Generated
            public AccessTokenResponseBuilder sessionState(String str) {
                this.sessionState = str;
                return this;
            }

            @Generated
            public AccessTokenResponseBuilder scope(String str) {
                this.scope = str;
                return this;
            }

            @Generated
            public AccessTokenResponse build() {
                return new AccessTokenResponse(this.accessToken, this.expiresIn, this.refreshExpiresIn, this.refreshToken, this.tokenType, this.notBeforePolicy, this.sessionState, this.scope);
            }

            @Generated
            public String toString() {
                return "ImpersonationEndpoint.AccessTokenResponse.AccessTokenResponseBuilder(accessToken=" + this.accessToken + ", expiresIn=" + this.expiresIn + ", refreshExpiresIn=" + this.refreshExpiresIn + ", refreshToken=" + this.refreshToken + ", tokenType=" + this.tokenType + ", notBeforePolicy=" + this.notBeforePolicy + ", sessionState=" + this.sessionState + ", scope=" + this.scope + ")";
            }
        }

        @Generated
        AccessTokenResponse(String str, Long l, Long l2, String str2, String str3, Long l3, String str4, String str5) {
            this.accessToken = str;
            this.expiresIn = l;
            this.refreshExpiresIn = l2;
            this.refreshToken = str2;
            this.tokenType = str3;
            this.notBeforePolicy = l3;
            this.sessionState = str4;
            this.scope = str5;
        }

        @Generated
        public static AccessTokenResponseBuilder builder() {
            return new AccessTokenResponseBuilder();
        }

        @Generated
        public AccessTokenResponseBuilder toBuilder() {
            return new AccessTokenResponseBuilder().accessToken(this.accessToken).expiresIn(this.expiresIn).refreshExpiresIn(this.refreshExpiresIn).refreshToken(this.refreshToken).tokenType(this.tokenType).notBeforePolicy(this.notBeforePolicy).sessionState(this.sessionState).scope(this.scope);
        }

        @Generated
        public String getAccessToken() {
            return this.accessToken;
        }

        @Generated
        public Long getExpiresIn() {
            return this.expiresIn;
        }

        @Generated
        public Long getRefreshExpiresIn() {
            return this.refreshExpiresIn;
        }

        @Generated
        public String getRefreshToken() {
            return this.refreshToken;
        }

        @Generated
        public String getTokenType() {
            return this.tokenType;
        }

        @Generated
        public Long getNotBeforePolicy() {
            return this.notBeforePolicy;
        }

        @Generated
        public String getSessionState() {
            return this.sessionState;
        }

        @Generated
        public String getScope() {
            return this.scope;
        }
    }

    public ImpersonationEndpoint(AtlanClient atlanClient) {
        super(atlanClient);
    }

    protected String getBaseUrl() throws ApiConnectionException {
        if (this.client.isInternal()) {
            return SERVICE;
        }
        throw new ApiConnectionException(ErrorCode.INTERNAL_ONLY);
    }

    public String escalate() throws AtlanException {
        return escalate(null);
    }

    public String escalate(RequestOptions requestOptions) throws AtlanException {
        String format = String.format("%s%s", getBaseUrl(), endpoint);
        String str = System.getenv("CLIENT_ID");
        String str2 = System.getenv("CLIENT_SECRET");
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new InvalidRequestException(ErrorCode.MISSING_CREDENTIALS);
        }
        try {
            return ((AccessTokenResponse) ApiResource.request(this.client, ApiResource.RequestMethod.POST, format, (Map<String, Object>) Map.of("grant_type", "client_credentials", "client_id", str, "client_secret", str2, "scope", "openid"), AccessTokenResponse.class, requestOptions)).getAccessToken();
        } catch (AtlanException e) {
            throw new PermissionException(ErrorCode.UNABLE_TO_ESCALATE, e);
        }
    }

    public String user(String str) throws AtlanException {
        return user(str, null);
    }

    public String user(String str, RequestOptions requestOptions) throws AtlanException {
        String format = String.format("%s/auth/realms/default/protocol/openid-connect/token", getBaseUrl());
        String str2 = System.getenv("CLIENT_ID");
        String str3 = System.getenv("CLIENT_SECRET");
        if (str2 == null || str2.isEmpty() || str3 == null || str3.isEmpty()) {
            throw new InvalidRequestException(ErrorCode.MISSING_CREDENTIALS);
        }
        try {
            try {
                return ((AccessTokenResponse) ApiResource.request(this.client, ApiResource.RequestMethod.POST, format, (Map<String, Object>) Map.of("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange", "client_id", str2, "client_secret", str3, "subject_token", ((AccessTokenResponse) ApiResource.request(this.client, ApiResource.RequestMethod.POST, format, (Map<String, Object>) Map.of("grant_type", "client_credentials", "client_id", str2, "client_secret", str3), AccessTokenResponse.class, requestOptions)).getAccessToken(), "requested_subject", str), AccessTokenResponse.class, requestOptions)).getAccessToken();
            } catch (AtlanException e) {
                throw new PermissionException(ErrorCode.UNABLE_TO_IMPERSONATE, e);
            }
        } catch (AtlanException e2) {
            throw new PermissionException(ErrorCode.UNABLE_TO_ESCALATE, e2);
        }
    }
}
