package org.gcube.application.cms.serviceaccount;

import java.security.Key;
import java.util.List;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.resources.discovery.icclient.ICFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cms-plugin-framework-1.0.6-SNAPSHOT.jar:org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.class */
public class IAMClientCredentialsReader {
    private static final Logger log = LoggerFactory.getLogger(IAMClientCredentialsReader.class);

    public static IAMClientCredentials getCredentials(String str, String str2, String str3) throws Exception {
        log.info("Searching SE in the scope: " + str + " with profile name: " + str2 + " and category name: " + str3);
        XQuery queryFor = ICFactory.queryFor(ServiceEndpoint.class);
        queryFor.addCondition("$resource/Profile/Name/text() eq '" + str2 + "'");
        queryFor.addCondition("$resource/Profile/Category/text() eq '" + str3 + "'");
        List submit = ICFactory.clientFor(ServiceEndpoint.class).submit(queryFor);
        if (submit.size() <= 0) {
            throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + str2 + "' and category name '" + str3 + "' in the scope: " + str);
        }
        log.info("The query returned " + submit.size() + " ServiceEndpoint/s");
        String str4 = null;
        String str5 = null;
        for (ServiceEndpoint.AccessPoint accessPoint : ((ServiceEndpoint) submit.get(0)).profile().accessPoints().asCollection()) {
            str4 = accessPoint.username();
            str5 = accessPoint.password();
            log.debug("Found clientId: " + str4 + " and encrypted secret: " + str5);
            if (str5 != null) {
                try {
                    str5 = StringEncrypter.getEncrypter().decrypt(str5, new Key[0]);
                    log.debug("Secret decrypted is: " + str5.substring(0, str5.length() / 2) + "_MASKED_TOKEN_");
                } catch (Exception e) {
                    throw new RuntimeException("Error on decrypting the pwd: ", e);
                }
            }
        }
        log.info("Returning keycloack credentials for SE {} read from SE", str2);
        return new IAMClientCredentials(str4, str5);
    }
}
