package io.apicurio.registry.mt;

import io.apicurio.registry.storage.RegistryStorage;
import io.apicurio.registry.types.Current;
import io.apicurio.registry.utils.OptionalBean;
import io.apicurio.rest.client.JdkHttpClientProvider;
import io.apicurio.rest.client.auth.Auth;
import io.apicurio.rest.client.auth.OidcAuth;
import io.apicurio.rest.client.auth.exception.AuthErrorHandler;
import io.apicurio.rest.client.spi.ApicurioHttpClient;
import io.apicurio.tenantmanager.client.TenantManagerClient;
import io.apicurio.tenantmanager.client.TenantManagerClientImpl;
import io.quarkus.runtime.configuration.ProfileManager;
import java.time.Duration;
import java.util.Collections;
import java.util.HashMap;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.DeploymentException;
import javax.inject.Inject;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/apicurio/registry/mt/TenantManagerClientProducer.class */
public class TenantManagerClientProducer {

    @Inject
    Logger log;

    @Inject
    @Current
    RegistryStorage storage;

    @Inject
    MultitenancyProperties properties;

    @ApplicationScoped
    @Produces
    OptionalBean<TenantManagerClient> produce() {
        if (!this.properties.isMultitenancyEnabled()) {
            return OptionalBean.empty();
        }
        if ("prod".equals(ProfileManager.getActiveProfile()) && !this.storage.supportsMultiTenancy()) {
            throw new DeploymentException("Unsupported configuration, \"registry.enable.multitenancy\" is enabled but the storage implementation being used (" + this.storage.storageName() + ") does not support multitenancy");
        }
        if (this.properties.getTenantManagerUrl().isEmpty()) {
            throw new DeploymentException("Unsupported configuration, \"registry.enable.multitenancy\" is enabled but the no \"registry.tenant.manager.url\" is provided");
        }
        HashMap hashMap = new HashMap();
        if (this.properties.getTenantManagerCAFilePath().isPresent() && !this.properties.getTenantManagerCAFilePath().get().isBlank()) {
            hashMap.put("apicurio.rest.request.ssl.ca-bundle.location", this.properties.getTenantManagerCAFilePath().get());
        }
        OidcAuth oidcAuth = null;
        if (this.properties.isTenantManagerAuthEnabled()) {
            if (this.properties.getTenantManagerAuthUrl().isEmpty() || this.properties.getTenantManagerClientId().isEmpty() || this.properties.getTenantManagerClientSecret().isEmpty()) {
                throw new DeploymentException("Unsupported configuration, \"registry.enable.multitenancy\" is enabled \"registry.enable.auth\" is enabled but the no auth properties aren't properly configured");
            }
            ApicurioHttpClient create = new JdkHttpClientProvider().create(this.properties.getTenantManagerAuthUrl().get(), Collections.emptyMap(), (Auth) null, new AuthErrorHandler());
            Duration duration = null;
            if (this.properties.getTenantManagerAuthTokenExpirationReductionMs().isPresent()) {
                this.log.info("Using configured tenant-manager auth token expiration reduction {}", this.properties.getTenantManagerAuthTokenExpirationReductionMs().get());
                duration = Duration.ofMillis(this.properties.getTenantManagerAuthTokenExpirationReductionMs().get().longValue());
            }
            oidcAuth = new OidcAuth(create, this.properties.getTenantManagerClientId().get(), this.properties.getTenantManagerClientSecret().get(), duration);
        }
        return OptionalBean.of(new TenantManagerClientImpl(this.properties.getTenantManagerUrl().get(), hashMap, oidcAuth));
    }
}
