package com.github.secondbase.secrets.vault;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.github.secondbase.secrets.SecretHandler;
import com.github.secondbase.secrets.SecretHandlerException;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/secondbase/secrets/vault/VaultSecretHandler.class */
public final class VaultSecretHandler implements SecretHandler {
    private static final Logger LOG = LoggerFactory.getLogger(VaultSecretHandler.class);
    private static VaultConfig vaultConfig;
    private final Pattern p = Pattern.compile("(secret:vault:(.*):(.*))");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/secondbase/secrets/vault/VaultSecretHandler$SecretPath.class */
    public class SecretPath {
        String path;
        String value;
        String replaceString;

        SecretPath(String str, String str2, String str3) {
            this.path = str;
            this.value = str2;
            this.replaceString = str3;
        }
    }

    public String[] fetch(String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            Optional<SecretPath> vaultPath = getVaultPath(strArr[i]);
            if (vaultPath.isPresent()) {
                LOG.info("Secret recognised: " + strArr[i]);
                try {
                    strArr2[i] = strArr[i].replaceAll(vaultPath.get().replaceString, getVaultSecret(vaultPath.get()));
                } catch (VaultException e) {
                    throw new SecretHandlerException("Could not fetch secret from: " + strArr[i], e);
                }
            } else {
                strArr2[i] = strArr[i];
            }
        }
        return strArr2;
    }

    public static void setVaultConfig(VaultConfig vaultConfig2) {
        vaultConfig = vaultConfig2;
    }

    protected Optional<SecretPath> getVaultPath(String str) {
        if (str == null || str.isEmpty()) {
            return Optional.empty();
        }
        Matcher matcher = this.p.matcher(str);
        return !matcher.matches() ? Optional.empty() : Optional.of(new SecretPath(matcher.group(2), matcher.group(3), matcher.group(1)));
    }

    private String getVaultSecret(SecretPath secretPath) throws VaultException {
        LOG.info("Fetching secret from Vault");
        String str = (String) new Vault(vaultConfig == null ? new VaultConfig().build() : vaultConfig).logical().read(secretPath.path).getData().get(secretPath.value);
        LOG.info("Found secret");
        return str;
    }
}
