package io.vertx.config.vault;

import io.vertx.config.spi.ConfigStore;
import io.vertx.config.vault.client.Auth;
import io.vertx.config.vault.client.Secret;
import io.vertx.config.vault.client.SlimVaultClient;
import io.vertx.config.vault.client.TokenRequest;
import io.vertx.config.vault.client.VaultException;
import io.vertx.core.AsyncResult;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.JsonObject;
import java.util.Objects;

/* loaded from: input_file:io/vertx/config/vault/VaultConfigStore.class */
public class VaultConfigStore implements ConfigStore {
    private final SlimVaultClient client;
    private final JsonObject config;
    private final String path;
    private final Vertx vertx;
    private boolean renewable;
    private long validity;
    private Context context;

    public VaultConfigStore(Vertx vertx, JsonObject jsonObject) {
        this.client = new SlimVaultClient(vertx, jsonObject);
        this.config = jsonObject;
        this.vertx = vertx;
        this.path = (String) Objects.requireNonNull(jsonObject.getString("path"), "The path of the secret must be set");
    }

    public void close(Handler<Void> handler) {
        this.client.close();
        handler.handle((Object) null);
    }

    public void get(Handler<AsyncResult<Buffer>> handler) {
        if (this.context == null) {
            this.context = this.vertx.getOrCreateContext();
        }
        Handler handler2 = r5 -> {
            authenticate(false).compose(r3 -> {
                return renew();
            }).compose(r32 -> {
                return retrieve();
            }).compose(this::extract).onComplete(handler);
        };
        if (Vertx.currentContext() == this.context) {
            handler2.handle((Object) null);
        } else {
            this.context.runOnContext(handler2);
        }
    }

    private Future<Buffer> extract(JsonObject jsonObject) {
        Promise promise = Promise.promise();
        if (jsonObject == null) {
            promise.complete(new JsonObject().toBuffer());
        } else if (this.config.getString("key") != null) {
            Object value = jsonObject.getValue(this.config.getString("key"));
            if (value == null) {
                promise.complete(new JsonObject().toBuffer());
            } else if (value instanceof String) {
                promise.complete(Buffer.buffer((String) value));
            } else if (value instanceof JsonObject) {
                promise.complete(((JsonObject) value).toBuffer());
            }
        } else {
            promise.complete(jsonObject.toBuffer());
        }
        return promise.future();
    }

    private Future<JsonObject> retrieve() {
        Promise promise = Promise.promise();
        this.client.read(this.path, asyncResult -> {
            if (asyncResult.failed() && !(asyncResult.cause() instanceof VaultException)) {
                promise.fail(asyncResult.cause());
                return;
            }
            if (asyncResult.failed() && ((VaultException) asyncResult.cause()).getStatusCode() == 404) {
                promise.complete((Object) null);
                return;
            }
            if (asyncResult.failed()) {
                promise.fail(asyncResult.cause());
                return;
            }
            Secret secret = (Secret) asyncResult.result();
            JsonObject copy = secret.getData().copy();
            copy.put("vault-lease-id", secret.getLeaseId());
            copy.put("vault-lease-duration", Long.valueOf(secret.getLeaseDuration()));
            copy.put("vault-renewable", Boolean.valueOf(secret.isRenewable()));
            promise.complete(copy);
        });
        return promise.future();
    }

    private Future<Void> renew() {
        Promise promise = Promise.promise();
        if (this.validity == 0) {
            promise.complete();
        } else {
            if (shouldBeRenewed() && this.renewable) {
                return renewToken();
            }
            if (shouldBeRenewed()) {
                return authenticate(true);
            }
            promise.complete();
        }
        return promise.future();
    }

    private Future<Void> renewToken() {
        Promise promise = Promise.promise();
        this.client.renewSelf(this.config.getLong("lease-duration", 3600L).longValue(), asyncResult -> {
            manageAuthenticationResult(promise, asyncResult);
        });
        return promise.future();
    }

    private Future<Void> authenticate(boolean z) {
        Promise promise = Promise.promise();
        if (!z && this.client.getToken() != null) {
            promise.complete();
            return promise.future();
        }
        String string = this.config.getString("auth-backend");
        Objects.requireNonNull(string, "If you don't provide a token, the auth-backend must be set");
        String lowerCase = string.toLowerCase();
        boolean z2 = -1;
        switch (lowerCase.hashCode()) {
            case -793050601:
                if (lowerCase.equals("approle")) {
                    z2 = true;
                    break;
                }
                break;
            case -265653668:
                if (lowerCase.equals("userpass")) {
                    z2 = 3;
                    break;
                }
                break;
            case 3050020:
                if (lowerCase.equals("cert")) {
                    z2 = 2;
                    break;
                }
                break;
            case 110541305:
                if (lowerCase.equals("token")) {
                    z2 = false;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                return loginWithToken();
            case true:
                return loginWithAppRole();
            case true:
                return loginWithCert();
            case true:
                return loginWithUserName();
            default:
                throw new IllegalArgumentException("Non supported auth-backend: " + string);
        }
    }

    private Future<Void> loginWithUserName() {
        Promise promise = Promise.promise();
        JsonObject jsonObject = this.config.getJsonObject("user-credentials");
        Objects.requireNonNull(jsonObject, "When using username, the `user-credentials` must be set in the configuration");
        String string = jsonObject.getString("username");
        String string2 = jsonObject.getString("password");
        jsonObject.getString("token");
        Objects.requireNonNull(string, "When using userpass, the username must be set in the `user-credentials` configuration");
        Objects.requireNonNull(string2, "When using userpass, the password must be set in the `user-credentials` configuration");
        this.client.loginWithUserCredentials(string, string2, asyncResult -> {
            manageAuthenticationResult(promise, asyncResult);
        });
        return promise.future();
    }

    private Future<Void> loginWithCert() {
        Promise promise = Promise.promise();
        this.client.loginWithCert(asyncResult -> {
            manageAuthenticationResult(promise, asyncResult);
        });
        return promise.future();
    }

    private Future<Void> loginWithAppRole() {
        Promise promise = Promise.promise();
        JsonObject jsonObject = this.config.getJsonObject("approle");
        Objects.requireNonNull(jsonObject, "When using approle, the `app-role` must be set in the configuration");
        String string = jsonObject.getString("role-id");
        String string2 = jsonObject.getString("secret-id");
        Objects.requireNonNull(string, "When using approle, the role-id must be set in the `approle` configuration");
        Objects.requireNonNull(string2, "When using approle, the secret-id must be set in the `approle` configuration");
        this.client.loginWithAppRole(string, string2, asyncResult -> {
            manageAuthenticationResult(promise, asyncResult);
        });
        return promise.future();
    }

    private Future<Void> loginWithToken() {
        Promise promise = Promise.promise();
        JsonObject jsonObject = this.config.getJsonObject("token-request");
        Objects.requireNonNull(jsonObject, "When using a token creation policy, the `token-request` must be set in the configuration");
        String string = jsonObject.getString("token");
        Objects.requireNonNull(jsonObject, "When using a token creation policy, the `token-request` must be set in the configuration and contains the `token` entry with the original token");
        this.client.setToken(string).createToken(new TokenRequest(jsonObject), asyncResult -> {
            manageAuthenticationResult(promise, asyncResult);
        });
        return promise.future();
    }

    private void manageAuthenticationResult(Promise<Void> promise, AsyncResult<Auth> asyncResult) {
        if (asyncResult.failed()) {
            promise.fail(asyncResult.cause());
            return;
        }
        Auth auth = (Auth) asyncResult.result();
        if (auth.getToken() == null) {
            promise.fail("Authentication failed, the token is null");
            return;
        }
        this.client.setToken(auth.getToken());
        this.renewable = auth.isRenewable();
        this.validity = System.currentTimeMillis() + (auth.getLeaseDuration() * 1000);
        promise.complete();
    }

    private boolean shouldBeRenewed() {
        return System.currentTimeMillis() >= this.validity - this.config.getLong("renew-window", 60000L).longValue();
    }

    public SlimVaultClient getVaultClient() {
        return this.client;
    }
}
