package com.datastax.astra.sdk.iam;

import com.datastax.astra.sdk.iam.domain.CreateRoleResponse;
import com.datastax.astra.sdk.iam.domain.CreateTokenResponse;
import com.datastax.astra.sdk.iam.domain.IamToken;
import com.datastax.astra.sdk.iam.domain.InviteUserRequest;
import com.datastax.astra.sdk.iam.domain.ResponseAllIamTokens;
import com.datastax.astra.sdk.iam.domain.ResponseAllUsers;
import com.datastax.astra.sdk.iam.domain.Role;
import com.datastax.astra.sdk.iam.domain.RoleDefinition;
import com.datastax.astra.sdk.iam.domain.User;
import com.datastax.astra.sdk.utils.ApiDevopsSupport;
import com.datastax.astra.sdk.utils.IdUtils;
import com.datastax.stargate.sdk.core.ApiSupport;
import com.datastax.stargate.sdk.utils.Assert;
import com.datastax.stargate.sdk.utils.JsonUtils;
import com.fasterxml.jackson.core.type.TypeReference;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Stream;

/* loaded from: input_file:com/datastax/astra/sdk/iam/IamClient.class */
public class IamClient extends ApiDevopsSupport {
    public static final String PATH_ORGANIZATIONS = "/organizations";
    public static final String PATH_CURRENT_ORG = "/currentOrg";
    public static final String PATH_TOKENS = "/clientIdSecrets";

    public IamClient(String str) {
        super(str);
    }

    public String organizationId() {
        try {
            HttpResponse send = http().send(req(PATH_CURRENT_ORG).GET().build(), HttpResponse.BodyHandlers.ofString());
            ApiSupport.handleError(send);
            try {
                return (String) ((Map) om().readValue((String) send.body(), Map.class)).get("id");
            } catch (Exception e) {
                throw new RuntimeException("Cannot marshall organization id", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    public Stream<User> users() {
        try {
            HttpResponse<String> send = http().send(req("/organizations/users").GET().build(), HttpResponse.BodyHandlers.ofString());
            if (200 == send.statusCode()) {
                return ((ResponseAllUsers) om().readValue((String) send.body(), ResponseAllUsers.class)).getUsers().stream();
            }
            this.LOGGER.error("Error in 'roles'");
            throw processErrors(send);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public UserClient user(String str) {
        Assert.hasLength(str, "userId Id should not be null nor empty");
        return new UserClient(this, this.bearerAuthToken, str);
    }

    public Optional<User> findUserByEmail(String str) {
        Assert.hasLength(str, "User email should not be null nor empty");
        return users().filter(user -> {
            return user.getEmail().equalsIgnoreCase(str);
        }).findFirst();
    }

    public void inviteUser(String str, String... strArr) {
        Assert.notNull(str, "User email");
        Assert.notNull(strArr, "User roles");
        if (strArr.length == 0) {
            throw new IllegalArgumentException("Roles list cannot be empty");
        }
        InviteUserRequest inviteUserRequest = new InviteUserRequest(organizationId(), str);
        Arrays.asList(strArr).stream().forEach(str2 -> {
            if (IdUtils.isUUID(str2)) {
                inviteUserRequest.addRoles(str2);
                return;
            }
            Optional<Role> findRoleByName = findRoleByName(str2);
            if (!findRoleByName.isPresent()) {
                throw new IllegalArgumentException("Cannot find role with id " + str2);
            }
            inviteUserRequest.addRoles(findRoleByName.get().getId());
        });
        try {
            ApiSupport.handleError(http().send(req("/organizations/users").PUT(HttpRequest.BodyPublishers.ofString(om().writeValueAsString(inviteUserRequest))).build(), HttpResponse.BodyHandlers.ofString()));
        } catch (Exception e) {
            throw new RuntimeException("Cannot create a new role", e);
        }
    }

    public Stream<Role> roles() {
        try {
            HttpResponse<String> send = http().send(req("/organizations/roles").GET().build(), HttpResponse.BodyHandlers.ofString());
            if (200 == send.statusCode()) {
                return ((List) om().readValue((String) send.body(), new TypeReference<List<Role>>() { // from class: com.datastax.astra.sdk.iam.IamClient.1
                })).stream();
            }
            this.LOGGER.error("Error in 'roles'");
            throw processErrors(send);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public CreateRoleResponse createRole(RoleDefinition roleDefinition) {
        Assert.notNull(roleDefinition, "CreateRole request");
        try {
            HttpResponse send = http().send(req("/organizations/roles").POST(HttpRequest.BodyPublishers.ofString(om().writeValueAsString(roleDefinition))).build(), HttpResponse.BodyHandlers.ofString());
            ApiSupport.handleError(send);
            try {
                return (CreateRoleResponse) om().readValue((String) send.body(), CreateRoleResponse.class);
            } catch (Exception e) {
                throw new RuntimeException("Cannot marshall new role", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Cannot create a new role", e2);
        }
    }

    public RoleClient role(String str) {
        Assert.hasLength(str, "Role Id should not be null nor empty");
        return new RoleClient(this.bearerAuthToken, str);
    }

    public Optional<Role> findRoleByName(String str) {
        Assert.hasLength(str, "User email should not be null nor empty");
        return roles().filter(role -> {
            return role.getName().equalsIgnoreCase(str);
        }).findFirst();
    }

    public Stream<IamToken> tokens() {
        try {
            HttpResponse<String> send = http().send(req(PATH_TOKENS).GET().build(), HttpResponse.BodyHandlers.ofString());
            if (200 == send.statusCode()) {
                return ((ResponseAllIamTokens) om().readValue((String) send.body(), ResponseAllIamTokens.class)).getClients().stream();
            }
            this.LOGGER.error("Error in 'clientIdSecrets'");
            throw processErrors(send);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public TokenClient token(String str) {
        return new TokenClient(this, this.bearerAuthToken, str);
    }

    public CreateTokenResponse createToken(String str) {
        Assert.hasLength(str, "role");
        try {
            HttpResponse send = http().send(req(PATH_TOKENS).POST(HttpRequest.BodyPublishers.ofString("{ \"roles\": [ \"" + JsonUtils.escapeJson(str) + "\"]}")).build(), HttpResponse.BodyHandlers.ofString());
            ApiSupport.handleError(send);
            try {
                return (CreateTokenResponse) om().readValue((String) send.body(), CreateTokenResponse.class);
            } catch (Exception e) {
                throw new RuntimeException("Cannot marshall new token", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Cannot create a new token", e2);
        }
    }
}
