package io.scalecube.security.vault;

import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestException;
import com.bettercloud.vault.rest.RestResponse;
import io.scalecube.utils.MaskUtil;
import java.util.Map;
import java.util.Objects;
import java.util.StringJoiner;
import java.util.function.BiFunction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/scalecube/security/vault/VaultServiceTokenSupplier.class */
public final class VaultServiceTokenSupplier {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultServiceTokenSupplier.class);
    private static final String VAULT_TOKEN_HEADER = "X-Vault-Token";
    private String serviceRole;
    private String vaultAddress;
    private Mono<String> vaultTokenSupplier;
    private BiFunction<String, Map<String, String>, String> serviceTokenNameBuilder;

    public VaultServiceTokenSupplier() {
    }

    private VaultServiceTokenSupplier(VaultServiceTokenSupplier vaultServiceTokenSupplier) {
        this.serviceRole = vaultServiceTokenSupplier.serviceRole;
        this.vaultAddress = vaultServiceTokenSupplier.vaultAddress;
        this.vaultTokenSupplier = vaultServiceTokenSupplier.vaultTokenSupplier;
        this.serviceTokenNameBuilder = vaultServiceTokenSupplier.serviceTokenNameBuilder;
    }

    private VaultServiceTokenSupplier copy() {
        return new VaultServiceTokenSupplier(this);
    }

    private void validate() {
        Objects.requireNonNull(this.serviceRole, "VaultServiceTokenSupplier.serviceRole");
        Objects.requireNonNull(this.vaultAddress, "VaultServiceTokenSupplier.vaultAddress");
        Objects.requireNonNull(this.vaultTokenSupplier, "VaultServiceTokenSupplier.vaultTokenSupplier");
        Objects.requireNonNull(this.serviceTokenNameBuilder, "VaultServiceTokenSupplier.serviceTokenNameBuilder");
    }

    public VaultServiceTokenSupplier serviceRole(String str) {
        VaultServiceTokenSupplier copy = copy();
        copy.serviceRole = str;
        return copy;
    }

    public VaultServiceTokenSupplier vaultAddress(String str) {
        VaultServiceTokenSupplier copy = copy();
        copy.vaultAddress = str;
        return copy;
    }

    public VaultServiceTokenSupplier vaultTokenSupplier(Mono<String> mono) {
        VaultServiceTokenSupplier copy = copy();
        copy.vaultTokenSupplier = mono;
        return copy;
    }

    public VaultServiceTokenSupplier serviceTokenNameBuilder(BiFunction<String, Map<String, String>, String> biFunction) {
        VaultServiceTokenSupplier copy = copy();
        copy.serviceTokenNameBuilder = biFunction;
        return copy;
    }

    public Mono<String> getToken(Map<String, String> map) {
        return Mono.fromRunnable(this::validate).then(Mono.defer(() -> {
            return this.vaultTokenSupplier;
        })).flatMap(str -> {
            String buildServiceTokenUri = buildServiceTokenUri(map);
            return Mono.fromCallable(() -> {
                return rpcGetToken(buildServiceTokenUri, str);
            }).doOnSubscribe(subscription -> {
                LOGGER.debug("[getToken] Getting vault service token, uri='{}', tags={}", buildServiceTokenUri, map);
            }).doOnSuccess(str -> {
                LOGGER.debug("[getToken][success] uri='{}', tags={}, result: {}", new Object[]{buildServiceTokenUri, map, MaskUtil.mask(str)});
            }).doOnError(th -> {
                LOGGER.error("[getToken][error] uri='{}', tags={}, cause: {}", new Object[]{buildServiceTokenUri, map, th.toString()});
            });
        });
    }

    private String rpcGetToken(String str, String str2) {
        try {
            RestResponse restResponse = new Rest().header(VAULT_TOKEN_HEADER, str2).url(str).get();
            verifyOk(restResponse.getStatus());
            return Json.parse(new String(restResponse.getBody())).asObject().get("data").asObject().get("token").asString();
        } catch (RestException e) {
            throw Exceptions.propagate(e);
        }
    }

    private static void verifyOk(int i) {
        if (i != 200) {
            LOGGER.error("[rpcGetToken] Not expected status ({}) returned", Integer.valueOf(i));
            throw new IllegalStateException("Not expected status returned, status=" + i);
        }
    }

    private String buildServiceTokenUri(Map<String, String> map) {
        return new StringJoiner("/", this.vaultAddress, "").add("/v1/identity/oidc/token").add(this.serviceTokenNameBuilder.apply(this.serviceRole, map)).toString();
    }
}
