package io.micronaut.oraclecloud.discovery.vault;

import com.oracle.bmc.secrets.SecretsClient;
import com.oracle.bmc.secrets.requests.GetSecretBundleRequest;
import com.oracle.bmc.vault.VaultsClient;
import com.oracle.bmc.vault.model.SecretSummary;
import com.oracle.bmc.vault.requests.ListSecretsRequest;
import com.oracle.bmc.vault.responses.ListSecretsResponse;
import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.context.annotation.Requirements;
import io.micronaut.context.annotation.Requires;
import io.micronaut.context.env.Environment;
import io.micronaut.context.env.PropertySource;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.discovery.config.ConfigurationClient;
import io.micronaut.oraclecloud.discovery.vault.OracleCloudVaultConfiguration;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.concurrent.ExecutorService;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Flux;
import reactor.core.scheduler.Scheduler;
import reactor.core.scheduler.Schedulers;

@Singleton
@Requirements({@Requires(classes = {SecretsClient.class, VaultsClient.class}), @Requires(beans = {VaultsClient.class, SecretsClient.class})})
@BootstrapContextCompatible
/* loaded from: input_file:io/micronaut/oraclecloud/discovery/vault/OracleCloudVaultConfigurationClient.class */
public class OracleCloudVaultConfigurationClient implements ConfigurationClient {
    private static final Logger LOG = LoggerFactory.getLogger(OracleCloudVaultConfigurationClient.class);
    private final OracleCloudVaultConfiguration oracleCloudVaultClientConfiguration;
    private final ExecutorService executorService;
    private final SecretsClient secretsClient;
    private final VaultsClient vaultsClient;

    public OracleCloudVaultConfigurationClient(OracleCloudVaultConfiguration oracleCloudVaultConfiguration, @Named("io") @Nullable ExecutorService executorService, SecretsClient secretsClient, VaultsClient vaultsClient) {
        this.oracleCloudVaultClientConfiguration = oracleCloudVaultConfiguration;
        this.executorService = executorService;
        this.secretsClient = secretsClient;
        this.vaultsClient = vaultsClient;
    }

    public Publisher<PropertySource> getPropertySources(Environment environment) {
        if (!this.oracleCloudVaultClientConfiguration.getDiscoveryConfiguration().isEnabled()) {
            return Flux.empty();
        }
        ArrayList arrayList = new ArrayList();
        Scheduler fromExecutor = this.executorService != null ? Schedulers.fromExecutor(this.executorService) : null;
        HashMap hashMap = new HashMap();
        for (OracleCloudVaultConfiguration.OracleCloudVault oracleCloudVault : this.oracleCloudVaultClientConfiguration.getVaults()) {
            int i = 0;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Retrieving secrets from Oracle Cloud Vault with OCID: {}", oracleCloudVault.getOcid());
            }
            ArrayList<ListSecretsResponse> arrayList2 = new ArrayList();
            ListSecretsResponse listSecrets = this.vaultsClient.listSecrets(buildRequest(oracleCloudVault.getOcid(), oracleCloudVault.getCompartmentOcid(), null));
            arrayList2.add(listSecrets);
            while (listSecrets.getOpcNextPage() != null) {
                listSecrets = this.vaultsClient.listSecrets(buildRequest(oracleCloudVault.getOcid(), oracleCloudVault.getCompartmentOcid(), listSecrets.getOpcNextPage()));
                arrayList2.add(listSecrets);
            }
            for (ListSecretsResponse listSecretsResponse : arrayList2) {
                i += listSecretsResponse.getItems().size();
                listSecretsResponse.getItems().forEach(secretSummary -> {
                    hashMap.put(secretSummary.getSecretName(), getSecretValue(secretSummary.getId()));
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Retrieved secret: {}", secretSummary.getSecretName());
                    }
                });
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("{} secrets where retrieved from Oracle Cloud Vault with OCID: {}", Integer.valueOf(i), oracleCloudVault.getOcid());
            }
        }
        Flux just = Flux.just(PropertySource.of(hashMap));
        if (fromExecutor != null) {
            just = just.subscribeOn(fromExecutor);
        }
        arrayList.add(just);
        return Flux.merge(arrayList);
    }

    private ListSecretsRequest buildRequest(String str, String str2, @Nullable String str3) {
        ListSecretsRequest.Builder lifecycleState = ListSecretsRequest.builder().vaultId(str).compartmentId(str2).lifecycleState(SecretSummary.LifecycleState.Active);
        if (str3 != null) {
            lifecycleState.page(str3);
        }
        return lifecycleState.build();
    }

    private String getSecretValue(String str) {
        return new String(Base64.getDecoder().decode(this.secretsClient.getSecretBundle(GetSecretBundleRequest.builder().secretId(str).stage(GetSecretBundleRequest.Stage.Current).build()).getSecretBundle().getSecretBundleContent().getContent()));
    }

    public String getDescription() {
        return "Retrieves secrets from Oracle Cloud vaults";
    }
}
