package org.gcube.application.cms.notifications.config.serviceaccount;

import java.security.Key;
import java.util.List;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.resources.discovery.icclient.ICFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gcube/application/cms/notifications/config/serviceaccount/IAMClientCredentialsReader.class */
public class IAMClientCredentialsReader {
    private static final Logger log = LoggerFactory.getLogger(IAMClientCredentialsReader.class);
    private static final String SE_PROFILE_NAME = "geoportal";
    private static final String SE_CATEGORY_NAME = "SystemClient";

    public static IAMClientCredentials getCredentials() throws Exception {
        String context = SecretManagerProvider.instance.get().getContext();
        log.info("Searching SE in the scope: " + context + " with profile name: " + SE_PROFILE_NAME + " and category name: " + SE_CATEGORY_NAME);
        XQuery queryFor = ICFactory.queryFor(ServiceEndpoint.class);
        queryFor.addCondition("$resource/Profile/Name/text() eq 'geoportal'");
        queryFor.addCondition("$resource/Profile/Category/text() eq 'SystemClient'");
        List submit = ICFactory.clientFor(ServiceEndpoint.class).submit(queryFor);
        if (submit.size() <= 0) {
            throw new RuntimeException("ServiceEndpoint not found. Searching for profile name 'geoportal' and category name 'SystemClient' in the scope: " + context);
        }
        log.info("The query returned " + submit.size() + " ServiceEndpoint/s");
        String str = null;
        String str2 = null;
        for (ServiceEndpoint.AccessPoint accessPoint : ((ServiceEndpoint) submit.get(0)).profile().accessPoints().asCollection()) {
            str = accessPoint.username();
            str2 = accessPoint.password();
            log.debug("Found clientId: " + str + " and encrypted secret: " + str2);
            if (str2 != null) {
                try {
                    str2 = StringEncrypter.getEncrypter().decrypt(str2, new Key[0]);
                    log.debug("Secret decrypted is: " + str2.substring(0, str2.length() / 2) + "_MASKED_TOKEN_");
                } catch (Exception e) {
                    throw new RuntimeException("Error on decrypting the pwd: ", e);
                }
            }
        }
        log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME);
        return new IAMClientCredentials(str, str2);
    }
}
