package io.scalecube.config.vault;

import com.bettercloud.vault.EnvironmentLoader;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import io.scalecube.config.utils.ThrowableUtil;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:io/scalecube/config/vault/KubernetesVaultTokenSupplier.class */
public class KubernetesVaultTokenSupplier implements VaultTokenSupplier {
    private static final EnvironmentLoader ENVIRONMENT_LOADER = new EnvironmentLoader();
    private final String vaultRole;
    private final String vaultJwtProvider;
    private final String serviceAccountTokenPath;

    /* loaded from: input_file:io/scalecube/config/vault/KubernetesVaultTokenSupplier$Builder.class */
    public static class Builder {
        private String vaultRole = KubernetesVaultTokenSupplier.ENVIRONMENT_LOADER.loadVariable(VaultInvokers.VAULT_ROLE_ENV);
        private String vaultJwtProvider = (String) Optional.ofNullable((String) Optional.ofNullable(KubernetesVaultTokenSupplier.ENVIRONMENT_LOADER.loadVariable(VaultInvokers.VAULT_JWT_PROVIDER_ENV)).orElse(KubernetesVaultTokenSupplier.ENVIRONMENT_LOADER.loadVariable(VaultInvokers.VAULT_MOUNT_POINT_ENV))).orElse("kubernetes");
        private String serviceAccountTokenPath = (String) Optional.ofNullable(KubernetesVaultTokenSupplier.ENVIRONMENT_LOADER.loadVariable("SERVICE_ACCOUNT_TOKEN_PATH")).orElse("/var/run/secrets/kubernetes.io/serviceaccount/token");

        public Builder vaultRole(String str) {
            this.vaultRole = str;
            return this;
        }

        public Builder vaultJwtProvider(String str) {
            this.vaultJwtProvider = str;
            return this;
        }

        public Builder serviceAccountTokenPath(String str) {
            this.serviceAccountTokenPath = str;
            return this;
        }

        public KubernetesVaultTokenSupplier build() {
            return new KubernetesVaultTokenSupplier(this);
        }
    }

    private KubernetesVaultTokenSupplier(Builder builder) {
        this.vaultRole = (String) Objects.requireNonNull(builder.vaultRole, "vault role");
        this.vaultJwtProvider = (String) Objects.requireNonNull(builder.vaultJwtProvider, "jwt provider");
        this.serviceAccountTokenPath = (String) Objects.requireNonNull(builder.serviceAccountTokenPath, "k8s service account token path");
    }

    @Override // io.scalecube.config.vault.VaultTokenSupplier
    public String getToken(VaultConfig vaultConfig) {
        try {
            Stream<String> lines = Files.lines(Paths.get(this.serviceAccountTokenPath, new String[0]));
            try {
                String authClientToken = new Vault(vaultConfig).auth().loginByJwt(this.vaultJwtProvider, this.vaultRole, (String) lines.collect(Collectors.joining())).getAuthClientToken();
                if (lines != null) {
                    lines.close();
                }
                return authClientToken;
            } finally {
            }
        } catch (Exception e) {
            throw ThrowableUtil.propagate(e);
        }
    }
}
