package io.scalecube.security.vault;

import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestException;
import com.bettercloud.vault.rest.RestResponse;
import java.util.Map;
import java.util.Objects;
import java.util.StringJoiner;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/scalecube/security/vault/VaultServiceTokenSupplier.class */
public class VaultServiceTokenSupplier {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultServiceTokenSupplier.class);
    private static final String VAULT_TOKEN_HEADER = "X-Vault-Token";
    private final String vaultAddress;
    private final String serviceRole;
    private final Supplier<String> vaultTokenSupplier;
    private final BiFunction<String, Map<String, String>, String> serviceTokenNameBuilder;

    /* loaded from: input_file:io/scalecube/security/vault/VaultServiceTokenSupplier$Builder.class */
    public static class Builder {
        private String vaultAddress;
        private String serviceRole;
        private Supplier<String> vaultTokenSupplier;
        private BiFunction<String, Map<String, String>, String> serviceTokenNameBuilder;

        public Builder vaultAddress(String str) {
            this.vaultAddress = str;
            return this;
        }

        public Builder serviceRole(String str) {
            this.serviceRole = str;
            return this;
        }

        public Builder vaultTokenSupplier(Supplier<String> supplier) {
            this.vaultTokenSupplier = supplier;
            return this;
        }

        public Builder serviceTokenNameBuilder(BiFunction<String, Map<String, String>, String> biFunction) {
            this.serviceTokenNameBuilder = biFunction;
            return this;
        }

        public VaultServiceTokenSupplier builder() {
            return new VaultServiceTokenSupplier(this);
        }
    }

    private VaultServiceTokenSupplier(Builder builder) {
        this.vaultAddress = (String) Objects.requireNonNull(builder.vaultAddress, "vaultAddress");
        this.serviceRole = (String) Objects.requireNonNull(builder.serviceRole, "serviceRole");
        this.vaultTokenSupplier = (Supplier) Objects.requireNonNull(builder.vaultTokenSupplier, "vaultTokenSupplier");
        this.serviceTokenNameBuilder = (BiFunction) Objects.requireNonNull(builder.serviceTokenNameBuilder, "serviceTokenNameBuilder");
    }

    public String getToken(Map<String, String> map) {
        try {
            String str = this.vaultTokenSupplier.get();
            String serviceTokenUri = toServiceTokenUri(map);
            String rpcGetToken = rpcGetToken(serviceTokenUri, str);
            LOGGER.debug("[getToken][success] uri={}, tags={}, result={}", new Object[]{serviceTokenUri, map, mask(rpcGetToken)});
            return rpcGetToken;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static String rpcGetToken(String str, String str2) {
        try {
            RestResponse restResponse = new Rest().header(VAULT_TOKEN_HEADER, str2).url(str).get();
            verifyOk(restResponse.getStatus());
            return Json.parse(new String(restResponse.getBody())).asObject().get("data").asObject().get("token").asString();
        } catch (RestException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private static void verifyOk(int i) {
        if (i != 200) {
            throw new IllegalStateException("Not expected status returned, status=" + i);
        }
    }

    private String toServiceTokenUri(Map<String, String> map) {
        return new StringJoiner("/", this.vaultAddress, "").add("/v1/identity/oidc/token").add(this.serviceTokenNameBuilder.apply(this.serviceRole, map)).toString();
    }

    private static String mask(String str) {
        return (str == null || str.length() < 5) ? "*****" : str.replace(str.substring(2, str.length() - 2), "***");
    }
}
