package com.bettercloud.vault.api.pki;

import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.response.PkiResponse;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestResponse;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:com/bettercloud/vault/api/pki/Pki.class */
public class Pki {
    private final VaultConfig config;
    private final String mountPath;
    private String nameSpace;

    public Pki withNameSpace(String str) {
        this.nameSpace = str;
        return this;
    }

    public Pki(VaultConfig vaultConfig) {
        this.config = vaultConfig;
        this.mountPath = "pki";
        if (this.config.getNameSpace() == null || this.config.getNameSpace().isEmpty()) {
            return;
        }
        this.nameSpace = this.config.getNameSpace();
    }

    public Pki(VaultConfig vaultConfig, String str) {
        this.config = vaultConfig;
        this.mountPath = str;
        if (this.config.getNameSpace() == null || this.config.getNameSpace().isEmpty()) {
            return;
        }
        this.nameSpace = this.config.getNameSpace();
    }

    public PkiResponse createOrUpdateRole(String str) throws VaultException {
        return createOrUpdateRole(str, null);
    }

    public PkiResponse createOrUpdateRole(String str, RoleOptions roleOptions) throws VaultException {
        int i = 0;
        while (true) {
            try {
                RestResponse post = new Rest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).body(roleOptionsToJson(roleOptions).getBytes(StandardCharsets.UTF_8)).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).post();
                if (post.getStatus() != 204) {
                    throw new VaultException("Vault responded with HTTP status code: " + post.getStatus(), post.getStatus());
                }
                return new PkiResponse(post, i);
            } catch (Exception e) {
                if (i >= this.config.getMaxRetries()) {
                    if (e instanceof VaultException) {
                        throw ((VaultException) e);
                    }
                    throw new VaultException(e);
                }
                i++;
                try {
                    Thread.sleep(this.config.getRetryIntervalMilliseconds());
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    public PkiResponse getRole(String str) throws VaultException {
        int i = 0;
        while (true) {
            try {
                RestResponse restResponse = new Rest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).get();
                if (restResponse.getStatus() == 200 || restResponse.getStatus() == 404) {
                    return new PkiResponse(restResponse, i);
                }
                throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
            } catch (Exception e) {
                if (i >= this.config.getMaxRetries()) {
                    if (e instanceof VaultException) {
                        throw ((VaultException) e);
                    }
                    throw new VaultException(e);
                }
                i++;
                try {
                    Thread.sleep(this.config.getRetryIntervalMilliseconds());
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    public PkiResponse revoke(String str) throws VaultException {
        int i = 0;
        while (true) {
            JsonObject jsonObject = new JsonObject();
            if (str != null) {
                jsonObject.add("serial_number", str);
            }
            try {
                RestResponse post = new Rest().url(String.format("%s/v1/%s/revoke", this.config.getAddress(), this.mountPath)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).body(jsonObject.toString().getBytes(StandardCharsets.UTF_8)).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).post();
                if (post.getStatus() != 200) {
                    throw new VaultException("Vault responded with HTTP status code: " + post.getStatus(), post.getStatus());
                }
                return new PkiResponse(post, i);
            } catch (Exception e) {
                if (i >= this.config.getMaxRetries()) {
                    if (e instanceof VaultException) {
                        throw ((VaultException) e);
                    }
                    throw new VaultException(e);
                }
                i++;
                try {
                    Thread.sleep(this.config.getRetryIntervalMilliseconds());
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    public PkiResponse deleteRole(String str) throws VaultException {
        int i = 0;
        while (true) {
            try {
                RestResponse delete = new Rest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).delete();
                if (delete.getStatus() != 204) {
                    throw new VaultException("Vault responded with HTTP status code: " + delete.getStatus(), delete.getStatus());
                }
                return new PkiResponse(delete, i);
            } catch (Exception e) {
                if (i >= this.config.getMaxRetries()) {
                    if (e instanceof VaultException) {
                        throw ((VaultException) e);
                    }
                    throw new VaultException(e);
                }
                i++;
                try {
                    Thread.sleep(this.config.getRetryIntervalMilliseconds());
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    public PkiResponse issue(String str, String str2, List<String> list, List<String> list2, String str3, CredentialFormat credentialFormat) throws VaultException {
        return issue(str, str2, list, list2, str3, credentialFormat, "");
    }

    /* JADX WARN: Code restructure failed: missing block: B:50:0x0118, code lost:
    
        r0 = "%s/v1/%s/issue/%s";
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x011f, code lost:
    
        r0 = new com.bettercloud.vault.rest.Rest().url(java.lang.String.format(r0, r7.config.getAddress(), r7.mountPath, r8)).header("X-Vault-Token", r7.config.getToken()).header("X-Vault-Namespace", r7.nameSpace).body(r0.getBytes(java.nio.charset.StandardCharsets.UTF_8)).connectTimeoutSeconds(r7.config.getOpenTimeout()).readTimeoutSeconds(r7.config.getReadTimeout()).sslVerification(java.lang.Boolean.valueOf(r7.config.getSslConfig().isVerify())).sslContext(r7.config.getSslConfig().getSslContext()).post();
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x01a7, code lost:
    
        if (r0.getStatus() == 200) goto L56;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x01b2, code lost:
    
        if (r0.getStatus() == 404) goto L56;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x01ba, code lost:
    
        if (r0.getBody() == null) goto L53;
     */
    /* JADX WARN: Code restructure failed: missing block: B:57:0x01bd, code lost:
    
        r0 = new java.lang.String(r0.getBody());
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x01fd, code lost:
    
        throw new com.bettercloud.vault.VaultException("Vault responded with HTTP status code: " + r0.getStatus() + " " + r0, r0.getStatus());
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x01cc, code lost:
    
        r0 = "(no body)";
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x0209, code lost:
    
        return new com.bettercloud.vault.response.PkiResponse(r0, r15);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.bettercloud.vault.response.PkiResponse issue(java.lang.String r8, java.lang.String r9, java.util.List<java.lang.String> r10, java.util.List<java.lang.String> r11, java.lang.String r12, com.bettercloud.vault.api.pki.CredentialFormat r13, java.lang.String r14) throws com.bettercloud.vault.VaultException {
        /*
            Method dump skipped, instructions count: 594
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.bettercloud.vault.api.pki.Pki.issue(java.lang.String, java.lang.String, java.util.List, java.util.List, java.lang.String, com.bettercloud.vault.api.pki.CredentialFormat, java.lang.String):com.bettercloud.vault.response.PkiResponse");
    }

    private String roleOptionsToJson(RoleOptions roleOptions) {
        JsonObject object = Json.object();
        if (roleOptions != null) {
            addJsonFieldIfNotNull(object, "ttl", roleOptions.getTtl());
            addJsonFieldIfNotNull(object, "max_ttl", roleOptions.getMaxTtl());
            addJsonFieldIfNotNull(object, "allow_localhost", roleOptions.getAllowLocalhost());
            if (roleOptions.getAllowedDomains() != null && roleOptions.getAllowedDomains().size() > 0) {
                addJsonFieldIfNotNull(object, "allowed_domains", String.join(StringArrayPropertyEditor.DEFAULT_SEPARATOR, roleOptions.getAllowedDomains()));
            }
            addJsonFieldIfNotNull(object, "allow_spiffe_name", roleOptions.getAllowSpiffename());
            addJsonFieldIfNotNull(object, "allow_bare_domains", roleOptions.getAllowBareDomains());
            addJsonFieldIfNotNull(object, "allow_subdomains", roleOptions.getAllowSubdomains());
            addJsonFieldIfNotNull(object, "allow_any_name", roleOptions.getAllowAnyName());
            addJsonFieldIfNotNull(object, "enforce_hostnames", roleOptions.getEnforceHostnames());
            addJsonFieldIfNotNull(object, "allow_ip_sans", roleOptions.getAllowIpSans());
            addJsonFieldIfNotNull(object, "server_flag", roleOptions.getServerFlag());
            addJsonFieldIfNotNull(object, "client_flag", roleOptions.getClientFlag());
            addJsonFieldIfNotNull(object, "code_signing_flag", roleOptions.getCodeSigningFlag());
            addJsonFieldIfNotNull(object, "email_protection_flag", roleOptions.getEmailProtectionFlag());
            addJsonFieldIfNotNull(object, "key_type", roleOptions.getKeyType());
            addJsonFieldIfNotNull(object, "key_bits", roleOptions.getKeyBits());
            addJsonFieldIfNotNull(object, "use_csr_common_name", roleOptions.getUseCsrCommonName());
            addJsonFieldIfNotNull(object, "use_csr_sans", roleOptions.getUseCsrSans());
            if (roleOptions.getKeyUsage() != null && roleOptions.getKeyUsage().size() > 0) {
                addJsonFieldIfNotNull(object, "key_usage", String.join(StringArrayPropertyEditor.DEFAULT_SEPARATOR, roleOptions.getKeyUsage()));
            }
        }
        return object.toString();
    }

    private JsonObject addJsonFieldIfNotNull(JsonObject jsonObject, String str, Object obj) {
        if (obj == null) {
            return jsonObject;
        }
        if (obj instanceof String) {
            jsonObject.add(str, (String) obj);
        } else if (obj instanceof Boolean) {
            jsonObject.add(str, ((Boolean) obj).booleanValue());
        } else if (obj instanceof Long) {
            jsonObject.add(str, ((Long) obj).longValue());
        }
        return jsonObject;
    }
}
