package org.curioswitch.curiostack.gcloud.core.auth;

import com.google.auth.Credentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.linecorp.armeria.client.ClientDecoration;
import com.linecorp.armeria.client.ClientOptionValue;
import com.linecorp.armeria.client.ClientOptions;
import com.linecorp.armeria.client.Clients;
import com.linecorp.armeria.client.WebClient;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigBeanFactory;
import dagger.Module;
import dagger.Provides;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.inject.Qualifier;
import javax.inject.Singleton;
import org.curioswitch.curiostack.gcloud.core.GcloudModule;
import org.curioswitch.curiostack.gcloud.core.GoogleApis;
import org.curioswitch.curiostack.gcloud.core.RetryingGoogleApis;
import org.curioswitch.curiostack.gcloud.core.auth.AccessTokenProvider;
import org.curioswitch.curiostack.gcloud.core.auth.GoogleCredentialsDecoratingClient;

@Module(includes = {GcloudModule.class})
/* loaded from: input_file:org/curioswitch/curiostack/gcloud/core/auth/GcloudAuthModule.class */
public abstract class GcloudAuthModule {

    @Qualifier
    @Retention(RetentionPolicy.CLASS)
    /* loaded from: input_file:org/curioswitch/curiostack/gcloud/core/auth/GcloudAuthModule$GoogleAccounts.class */
    @interface GoogleAccounts {
    }

    @Provides
    @Singleton
    public static GcloudAuthConfig config(Config config) {
        return ((ModifiableGcloudAuthConfig) ConfigBeanFactory.create(config.getConfig("gcloud.auth"), ModifiableGcloudAuthConfig.class)).toImmutable();
    }

    @Provides
    @Singleton
    public static Credentials credentials(GcloudAuthConfig gcloudAuthConfig) {
        GoogleCredentials fromStream;
        try {
            if (gcloudAuthConfig.getServiceAccountBase64().isEmpty()) {
                fromStream = GoogleCredentials.getApplicationDefault();
            } else {
                InputStream wrap = Base64.getDecoder().wrap(new ByteArrayInputStream(gcloudAuthConfig.getServiceAccountBase64().getBytes(StandardCharsets.UTF_8)));
                try {
                    fromStream = GoogleCredentials.fromStream(wrap);
                    if (wrap != null) {
                        wrap.close();
                    }
                } finally {
                }
            }
            return (!fromStream.createScopedRequired() || gcloudAuthConfig.mo20getCredentialScopes().isEmpty()) ? fromStream : fromStream.createScoped(gcloudAuthConfig.mo20getCredentialScopes());
        } catch (IOException e) {
            throw new UncheckedIOException("Could not read credentials.", e);
        }
    }

    @Provides
    @Singleton
    public static AccessTokenProvider accessTokenProvider(AccessTokenProvider.Factory factory, Credentials credentials) {
        return factory.create(credentials);
    }

    @Provides
    @Singleton
    @AuthenticatedGoogleApis
    public static WebClient authenticatedGoogleApisClient(@GoogleApis WebClient webClient, GoogleCredentialsDecoratingClient.Factory factory) {
        return authenticated(webClient, factory);
    }

    @Provides
    @Singleton
    @RetryingAuthenticatedGoogleApis
    public static WebClient retryingAuthenticatedGoogleApisClient(@RetryingGoogleApis WebClient webClient, GoogleCredentialsDecoratingClient.Factory factory) {
        return authenticated(webClient, factory);
    }

    private static WebClient authenticated(WebClient webClient, GoogleCredentialsDecoratingClient.Factory factory) {
        return (WebClient) Clients.newDerivedClient(webClient, new ClientOptionValue[]{(ClientOptionValue) ClientOptions.DECORATION.newValue(ClientDecoration.of(factory.newAccessTokenDecorator()))});
    }

    private GcloudAuthModule() {
    }
}
