package com.microsoft.azure.spring.cloud.config.stores;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretAsyncClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.microsoft.azure.spring.cloud.config.AppConfigurationProperties;
import com.microsoft.azure.spring.cloud.config.KeyVaultCredentialProvider;
import com.microsoft.azure.spring.cloud.config.SecretClientBuilderSetup;
import com.microsoft.azure.spring.cloud.config.resource.AppConfigManagedIdentityProperties;
import java.net.URI;
import java.time.Duration;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/azure/spring/cloud/config/stores/KeyVaultClient.class */
public class KeyVaultClient {
    private SecretAsyncClient secretClient;
    private AppConfigurationProperties properties;
    private SecretClientBuilderSetup keyVaultClientProvider;
    private URI uri;
    private TokenCredential tokenCredential;

    public KeyVaultClient(AppConfigurationProperties appConfigurationProperties, URI uri, KeyVaultCredentialProvider keyVaultCredentialProvider, SecretClientBuilderSetup secretClientBuilderSetup) {
        this.properties = appConfigurationProperties;
        this.uri = uri;
        if (keyVaultCredentialProvider != null) {
            this.tokenCredential = keyVaultCredentialProvider.getKeyVaultCredential("https://" + uri.getHost());
        }
        this.keyVaultClientProvider = secretClientBuilderSetup;
    }

    KeyVaultClient build() {
        SecretClientBuilder builder = getBuilder();
        AppConfigManagedIdentityProperties managedIdentity = this.properties.getManagedIdentity();
        String str = "https://" + this.uri.getHost();
        if (this.tokenCredential != null && managedIdentity != null) {
            throw new IllegalArgumentException("More than 1 Conncetion method was set for connecting to Key Vault.");
        }
        if (this.tokenCredential != null) {
            builder.credential(this.tokenCredential);
        } else if (this.tokenCredential == null && managedIdentity != null && StringUtils.isNotEmpty(managedIdentity.getClientId())) {
            builder.credential(new ManagedIdentityCredentialBuilder().clientId(managedIdentity.getClientId()).build());
        } else if (this.tokenCredential == null) {
            builder.credential(new ManagedIdentityCredentialBuilder().build());
        }
        builder.vaultUrl(str);
        if (this.keyVaultClientProvider != null) {
            this.keyVaultClientProvider.setup(builder, str);
        }
        this.secretClient = builder.buildAsyncClient();
        return this;
    }

    public KeyVaultSecret getSecret(URI uri, int i) {
        if (this.secretClient == null) {
            build();
        }
        String[] split = uri.getPath().split("/");
        return (KeyVaultSecret) this.secretClient.getSecret(split.length >= 3 ? split[2] : null, split.length >= 4 ? split[3] : null).block(Duration.ofSeconds(i));
    }

    SecretClientBuilder getBuilder() {
        return new SecretClientBuilder();
    }
}
