package org.flywaydb.secretsmanagement;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import org.flywaydb.core.api.FlywayException;
import org.flywaydb.core.extensibility.ConfigurationExtension;
import org.flywaydb.core.extensibility.ConfigurationProvider;
import org.flywaydb.core.internal.configuration.ConfigUtils;
import org.flywaydb.core.internal.license.Edition;
import org.flywaydb.core.internal.license.FlywayTeamsUpgradeRequiredException;
import org.flywaydb.core.internal.license.VersionPrinter;

/* loaded from: input_file:org/flywaydb/secretsmanagement/VaultConfigurationProvider.class */
public class VaultConfigurationProvider implements ConfigurationProvider<VaultConfigurationExtension> {
    public Map<String, String> getConfiguration(VaultConfigurationExtension vaultConfigurationExtension) throws Exception {
        String vaultUrl = vaultConfigurationExtension.getVaultUrl();
        String vaultToken = vaultConfigurationExtension.getVaultToken();
        String[] vaultSecrets = vaultConfigurationExtension.getVaultSecrets();
        boolean z = (vaultUrl == null || vaultToken == null || vaultSecrets == null) ? false : true;
        if (z && VersionPrinter.EDITION != Edition.ENTERPRISE) {
            throw new FlywayTeamsUpgradeRequiredException("Vault");
        }
        if (!z) {
            return new HashMap();
        }
        Map<String, String> loadConfigurationFromString = ConfigUtils.loadConfigurationFromString(getConfiguration(vaultUrl, vaultToken, vaultSecrets));
        ConfigUtils.dumpConfiguration(loadConfigurationFromString);
        return loadConfigurationFromString;
    }

    public Class<? extends ConfigurationExtension> getConfigurationExtensionClass() {
        return VaultConfigurationExtension.class;
    }

    public static String getConfiguration(String str, String str2, String... strArr) throws Exception {
        String substring = str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
        StringBuilder sb = new StringBuilder();
        for (String str3 : strArr) {
            if (str3.contains("/")) {
                sb.append(readSecretWithPath(substring, str2, str3)).append("\n");
            } else {
                sb.append(readSecret(substring, str2, str3)).append("\n");
            }
        }
        return sb.toString();
    }

    private static String readSecretWithPath(String str, String str2, String str3) throws Exception {
        if (!str3.startsWith("/")) {
            str3 = "/" + str3;
        }
        return readSecret(str + str3.substring(0, str3.lastIndexOf("/")), str2, str3.substring(str3.lastIndexOf("/") + 1));
    }

    private static String readSecret(String str, String str2, String str3) throws Exception {
        return str.startsWith("https") ? readSecret((HttpsURLConnection) new URL(str).openConnection(), str2, str3) : readSecret((HttpURLConnection) new URL(str).openConnection(), str2, str3);
    }

    private static String readSecret(URLConnection uRLConnection, String str, String str2) throws Exception {
        JsonObject asJsonObject;
        JsonObject jsonObject = (JsonObject) new Gson().fromJson(getSecretFromVault(uRLConnection, str), JsonObject.class);
        if (isKV1Response(jsonObject)) {
            asJsonObject = jsonObject.getAsJsonObject("data");
        } else {
            if (!isKV2Response(jsonObject)) {
                throw new FlywayException("Vault response unaccepted. Expected a KV1 or KV2 secret, but was: " + jsonObject);
            }
            asJsonObject = jsonObject.getAsJsonObject("data").getAsJsonObject("data");
        }
        if (asJsonObject.has(str2)) {
            return asJsonObject.get(str2).getAsString();
        }
        throw new FlywayException("'" + str2 + "' is not a valid Vault secret");
    }

    private static String getSecretFromVault(URLConnection uRLConnection, String str) throws Exception {
        uRLConnection.setRequestProperty("X-Vault-Token", str);
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(uRLConnection.getInputStream()));
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return sb.toString();
                    }
                    sb.append(readLine);
                } finally {
                }
            }
        } catch (FileNotFoundException e) {
            throw new FlywayException("Vault secret location '" + uRLConnection.getURL() + "' could not be found. Ensure the path to your secret is correct.");
        }
    }

    private static boolean isKV1Response(JsonObject jsonObject) {
        try {
            JsonObject asJsonObject = jsonObject.getAsJsonObject("data");
            try {
                if (!asJsonObject.has("data")) {
                    return true;
                }
                asJsonObject.getAsJsonObject("data");
                return false;
            } catch (ClassCastException e) {
                return true;
            }
        } catch (ClassCastException e2) {
            return false;
        }
    }

    private static boolean isKV2Response(JsonObject jsonObject) {
        try {
            jsonObject.getAsJsonObject("data").getAsJsonObject("data");
            return true;
        } catch (ClassCastException e) {
            return false;
        }
    }
}
