package org.github.gestalt.config.azure.transformer;

import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import java.lang.System;
import org.github.gestalt.config.azure.config.AzureModuleConfig;
import org.github.gestalt.config.azure.errors.AzureValidationErrors;
import org.github.gestalt.config.entity.ValidationError;
import org.github.gestalt.config.processor.config.ConfigNodeProcessorConfig;
import org.github.gestalt.config.processor.config.transform.Transformer;
import org.github.gestalt.config.utils.GResultOf;

/* loaded from: input_file:org/github/gestalt/config/azure/transformer/AzureSecretTransformer.class */
public final class AzureSecretTransformer implements Transformer {
    private static final System.Logger logger = System.getLogger(AzureSecretTransformer.class.getName());
    private SecretClient secretClient;

    public String name() {
        return "azureSecret";
    }

    public void applyConfig(ConfigNodeProcessorConfig configNodeProcessorConfig) {
        AzureModuleConfig azureModuleConfig = (AzureModuleConfig) configNodeProcessorConfig.getConfig().getModuleConfig(AzureModuleConfig.class);
        if (azureModuleConfig == null) {
            logger.log(System.Logger.Level.WARNING, "AzureModuleConfig has not been registered. if you wish to use the Azure module with string substitution ${azureSecret:key} then you must register an AzureModuleConfig config moduleConfig using the builder");
            return;
        }
        if (azureModuleConfig.hasSecretsClient()) {
            this.secretClient = azureModuleConfig.getSecretsClient();
            return;
        }
        if (azureModuleConfig.getKeyVaultUri() == null) {
            logger.log(System.Logger.Level.ERROR, "AzureModuleConfig was registered but neither the secret client nor the keyVaultUri was provided");
            return;
        }
        SecretClientBuilder vaultUrl = new SecretClientBuilder().vaultUrl(azureModuleConfig.getKeyVaultUri());
        if (azureModuleConfig.getCredential() != null) {
            vaultUrl.credential(azureModuleConfig.getCredential());
        } else {
            vaultUrl.credential(new DefaultAzureCredentialBuilder().build());
        }
        this.secretClient = vaultUrl.buildClient();
    }

    public GResultOf<String> process(String str, String str2, String str3) {
        if (str2 == null) {
            return GResultOf.errors(new ValidationError.InvalidStringSubstitutionPostProcess(str, str3, name()));
        }
        try {
            return this.secretClient == null ? GResultOf.errors(new AzureValidationErrors.AzureModuleConfigNotSet(str, str3)) : GResultOf.result(this.secretClient.getSecret(str2).getValue());
        } catch (Exception e) {
            return GResultOf.errors(new AzureValidationErrors.ExceptionProcessingAzureSecret(str, str2, name(), e));
        }
    }
}
