package io.scalecube.security.vault;

import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import io.scalecube.config.utils.ThrowableUtil;
import io.scalecube.config.vault.EnvironmentVaultTokenSupplier;
import io.scalecube.config.vault.KubernetesVaultTokenSupplier;
import io.scalecube.utils.MaskUtil;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/scalecube/security/vault/VaultClientTokenSupplier.class */
public final class VaultClientTokenSupplier {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultClientTokenSupplier.class);
    private String vaultAddress;
    private String vaultToken;
    private String vaultRole;

    public VaultClientTokenSupplier() {
    }

    private VaultClientTokenSupplier(VaultClientTokenSupplier vaultClientTokenSupplier) {
        this.vaultAddress = vaultClientTokenSupplier.vaultAddress;
        this.vaultToken = vaultClientTokenSupplier.vaultToken;
        this.vaultRole = vaultClientTokenSupplier.vaultRole;
    }

    private VaultClientTokenSupplier copy() {
        return new VaultClientTokenSupplier(this);
    }

    private void validate() {
        if (isNullOrNoneOrEmpty(this.vaultAddress)) {
            throw new IllegalArgumentException("Vault address is required");
        }
        if (isNullOrNoneOrEmpty(this.vaultToken) && isNullOrNoneOrEmpty(this.vaultRole)) {
            throw new IllegalArgumentException("Vault auth scheme is required (specify either VAULT_ROLE or VAULT_TOKEN)");
        }
    }

    public VaultClientTokenSupplier vaultAddress(String str) {
        VaultClientTokenSupplier copy = copy();
        copy.vaultAddress = str;
        return copy;
    }

    public VaultClientTokenSupplier vaultToken(String str) {
        VaultClientTokenSupplier copy = copy();
        copy.vaultToken = str;
        return copy;
    }

    public VaultClientTokenSupplier vaultRole(String str) {
        VaultClientTokenSupplier copy = copy();
        copy.vaultRole = str;
        return copy;
    }

    public Mono<String> getToken() {
        return Mono.fromRunnable(this::validate).then(Mono.fromCallable(this::getToken0)).doOnSuccess(str -> {
            LOGGER.debug("[getToken][success] result: {}", MaskUtil.mask(str));
        }).doOnError(th -> {
            LOGGER.error("[getToken][error] cause: {}", th.toString());
        });
    }

    private String getToken0() {
        KubernetesVaultTokenSupplier environmentVaultTokenSupplier;
        VaultConfig build;
        try {
            if (isNullOrNoneOrEmpty(this.vaultRole)) {
                environmentVaultTokenSupplier = new EnvironmentVaultTokenSupplier();
                build = new VaultConfig().address(this.vaultAddress).token(this.vaultToken).build();
            } else {
                if (!isNullOrNoneOrEmpty(this.vaultToken)) {
                    LOGGER.warn("Taking KubernetesVaultTokenSupplier by precedence rule, ignoring EnvironmentVaultTokenSupplier (specify either VAULT_ROLE or VAULT_TOKEN, not both)");
                }
                environmentVaultTokenSupplier = new KubernetesVaultTokenSupplier().vaultRole(this.vaultRole);
                build = new VaultConfig().address(this.vaultAddress).build();
            }
            return environmentVaultTokenSupplier.getToken(build);
        } catch (VaultException e) {
            throw ThrowableUtil.propagate(e);
        }
    }

    private static boolean isNullOrNoneOrEmpty(String str) {
        return Objects.isNull(str) || "none".equalsIgnoreCase(str) || "null".equals(str) || str.isEmpty();
    }
}
