package com.atlassian.crowd.integration.rest.service;

import com.atlassian.asap.api.JwtBuilder;
import com.atlassian.asap.api.client.http.AuthorizationHeaderGenerator;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCrowdServiceException;
import com.atlassian.crowd.integration.rest.service.RestExecutor;
import com.atlassian.crowd.service.client.AuthenticationMethod;
import com.atlassian.crowd.service.client.ClientProperties;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.util.Optional;
import java.util.Set;
import org.apache.http.HttpHost;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;

/* loaded from: input_file:com/atlassian/crowd/integration/rest/service/AsapRestExecutor.class */
public class AsapRestExecutor extends RestExecutor {
    public static final String AUDIENCE = "crowd";
    private final AuthorizationHeaderGenerator authorizationHeaderGenerator;
    private final ClientProperties clientProperties;

    public static AsapRestExecutor createFrom(ClientProperties clientProperties, AuthorizationHeaderGenerator authorizationHeaderGenerator, CloseableHttpClient closeableHttpClient) {
        Preconditions.checkArgument(clientProperties.getAuthenticationMethod() == AuthenticationMethod.ASAP, "Client properties should specify ASAP auth as the authentication method");
        Preconditions.checkNotNull(clientProperties.getAsapIssuer(), "Missing required Crowd client issuer name");
        Preconditions.checkNotNull(clientProperties.getAsapKeyIdentifier(), "Missing required Crowd client key identifier");
        return new AsapRestExecutor(createBaseUrl(clientProperties.getBaseURL()), createHttpHost(clientProperties), createCredentialsProvider(clientProperties), closeableHttpClient, authorizationHeaderGenerator, clientProperties);
    }

    @VisibleForTesting
    AsapRestExecutor(String str, HttpHost httpHost, CredentialsProvider credentialsProvider, CloseableHttpClient closeableHttpClient, AuthorizationHeaderGenerator authorizationHeaderGenerator, ClientProperties clientProperties) {
        super(str, httpHost, credentialsProvider, closeableHttpClient);
        this.authorizationHeaderGenerator = authorizationHeaderGenerator;
        this.clientProperties = clientProperties;
    }

    @Override // com.atlassian.crowd.integration.rest.service.RestExecutor
    protected RestExecutor.MethodExecutor createMethodExecutor(HttpUriRequest httpUriRequest, Set<Integer> set) {
        return new RestExecutor.MethodExecutor(httpUriRequest, set) { // from class: com.atlassian.crowd.integration.rest.service.AsapRestExecutor.1
            @Override // com.atlassian.crowd.integration.rest.service.RestExecutor.MethodExecutor
            int executeCrowdServiceMethod() throws InvalidCrowdServiceException, IOException, InvalidAuthenticationException {
                try {
                    this.request.addHeader("Authorization", AsapRestExecutor.this.authorizationHeaderGenerator.generateAuthorizationHeader(JwtBuilder.newJwt().issuer(AsapRestExecutor.this.clientProperties.getAsapIssuer()).audience(new String[]{AsapRestExecutor.AUDIENCE}).keyId(AsapRestExecutor.this.clientProperties.getAsapKeyIdentifier()).subject(AsapRestExecutor.this.clientProperties.isAsapSubjectRequired() ? Optional.of(AsapRestExecutor.this.clientProperties.getApplicationName()) : Optional.empty()).build()));
                    return super.executeCrowdServiceMethod();
                } catch (InvalidTokenException | CannotRetrieveKeyException e) {
                    throw new InvalidAuthenticationException(e);
                }
            }
        };
    }
}
