package com.microsoft.azure.spring.cloud.config.stores;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretAsyncClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.microsoft.azure.spring.cloud.config.AzureCloudConfigProperties;
import com.microsoft.azure.spring.cloud.config.KeyVaultCredentialProvider;
import com.microsoft.azure.spring.cloud.context.core.config.AzureManagedIdentityProperties;
import java.net.URI;
import java.time.Duration;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/azure/spring/cloud/config/stores/KeyVaultClient.class */
public class KeyVaultClient {
    private SecretAsyncClient secretClient;

    public KeyVaultClient(URI uri, KeyVaultCredentialProvider keyVaultCredentialProvider, AzureCloudConfigProperties azureCloudConfigProperties) {
        SecretClientBuilder secretClientBuilder = new SecretClientBuilder();
        TokenCredential keyVaultCredential = keyVaultCredentialProvider != null ? keyVaultCredentialProvider.getKeyVaultCredential("https://" + uri.getHost()) : null;
        AzureManagedIdentityProperties managedIdentity = azureCloudConfigProperties.getManagedIdentity();
        if (keyVaultCredential != null && managedIdentity != null) {
            throw new IllegalArgumentException("More than 1 Conncetion method was set for connecting to Key Vault.");
        }
        if (keyVaultCredential != null) {
            secretClientBuilder.credential(keyVaultCredential);
        } else if (keyVaultCredential == null && managedIdentity != null && StringUtils.isNotEmpty(managedIdentity.getClientId())) {
            secretClientBuilder.credential(new ManagedIdentityCredentialBuilder().clientId(managedIdentity.getClientId()).build());
        } else if (keyVaultCredential == null) {
            secretClientBuilder.credential(new ManagedIdentityCredentialBuilder().build());
        }
        this.secretClient = secretClientBuilder.vaultUrl("https://" + uri.getHost()).buildAsyncClient();
    }

    public KeyVaultSecret getSecret(URI uri, int i) {
        String[] split = uri.getPath().split("/");
        return (KeyVaultSecret) this.secretClient.getSecret(split.length >= 3 ? split[2] : null, split.length >= 4 ? split[3] : null).block(Duration.ofSeconds(i));
    }
}
