package org.springframework.cloud.config.server.environment;

import com.google.cloud.secretmanager.v1.Secret;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.cloud.config.environment.Environment;
import org.springframework.cloud.config.environment.PropertySource;
import org.springframework.cloud.config.server.environment.secretmanager.GoogleConfigProvider;
import org.springframework.cloud.config.server.environment.secretmanager.GoogleSecretComparatorByVersion;
import org.springframework.cloud.config.server.environment.secretmanager.GoogleSecretManagerAccessStrategy;
import org.springframework.cloud.config.server.environment.secretmanager.GoogleSecretManagerAccessStrategyFactory;
import org.springframework.cloud.config.server.environment.secretmanager.HttpHeaderGoogleConfigProvider;
import org.springframework.core.Ordered;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-server-3.1.7.jar:org/springframework/cloud/config/server/environment/GoogleSecretManagerEnvironmentRepository.class */
public class GoogleSecretManagerEnvironmentRepository implements EnvironmentRepository, Ordered {
    private String applicationLabel;
    private String profileLabel;
    private GoogleSecretManagerAccessStrategy accessStrategy;
    private boolean tokenMandatory;
    private GoogleConfigProvider configProvider;
    private final int order;

    public GoogleSecretManagerEnvironmentRepository(ObjectProvider<HttpServletRequest> objectProvider, RestTemplate restTemplate, GoogleSecretManagerEnvironmentProperties googleSecretManagerEnvironmentProperties) {
        this.applicationLabel = googleSecretManagerEnvironmentProperties.getApplicationLabel();
        this.profileLabel = googleSecretManagerEnvironmentProperties.getProfileLabel();
        this.configProvider = new HttpHeaderGoogleConfigProvider(objectProvider);
        this.accessStrategy = GoogleSecretManagerAccessStrategyFactory.forVersion(restTemplate, this.configProvider, googleSecretManagerEnvironmentProperties);
        this.tokenMandatory = googleSecretManagerEnvironmentProperties.getTokenMandatory().booleanValue();
        this.order = googleSecretManagerEnvironmentProperties.getOrder();
    }

    @Override // org.springframework.cloud.config.server.environment.EnvironmentRepository
    public Environment findOne(String str, String str2, String str3) {
        if (StringUtils.isEmpty(str3)) {
            str3 = "master";
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = "default";
        }
        if (!str2.startsWith("default")) {
            str2 = "default," + str2;
        }
        String[] trimArrayElements = org.springframework.util.StringUtils.trimArrayElements(org.springframework.util.StringUtils.commaDelimitedListToStringArray(str2));
        Environment environment = new Environment(str, str2, str3, null, null);
        if (!this.tokenMandatory) {
            addPropertySource(str, trimArrayElements, environment);
        } else if (this.accessStrategy.checkRemotePermissions().booleanValue()) {
            addPropertySource(str, trimArrayElements, environment);
        }
        return environment;
    }

    private void addPropertySource(String str, String[] strArr, Environment environment) {
        for (String str2 : strArr) {
            Map<?, ?> secrets = getSecrets(str, str2);
            if (!secrets.isEmpty()) {
                environment.add(new PropertySource("gsm:" + str + "-" + str2, secrets));
            }
        }
    }

    private Map<?, ?> getSecrets(String str, String str2) {
        HashMap hashMap = new HashMap();
        String value = this.configProvider.getValue(HttpHeaderGoogleConfigProvider.PREFIX_HEADER, false);
        for (Secret secret : this.accessStrategy.getSecrets()) {
            if (secret.getLabelsOrDefault(this.applicationLabel, "application").equalsIgnoreCase(str) && secret.getLabelsOrDefault(this.profileLabel, DefaultBeanDefinitionDocumentReader.PROFILE_ATTRIBUTE).equalsIgnoreCase(str2)) {
                hashMap.put(this.accessStrategy.getSecretName(secret), this.accessStrategy.getSecretValue(secret, new GoogleSecretComparatorByVersion()));
            } else if (StringUtils.isNotBlank(value) && this.accessStrategy.getSecretName(secret).startsWith(value)) {
                hashMap.put(StringUtils.removeStart(this.accessStrategy.getSecretName(secret), value), this.accessStrategy.getSecretValue(secret, new GoogleSecretComparatorByVersion()));
            }
        }
        return hashMap;
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return this.order;
    }
}
