package io.scalecube.services.security.vault;

import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestException;
import com.bettercloud.vault.rest.RestResponse;
import io.scalecube.utils.MaskUtil;
import java.util.Map;
import java.util.StringJoiner;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/scalecube/services/security/vault/VaultServiceTokenSupplier.class */
public final class VaultServiceTokenSupplier {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultServiceTokenSupplier.class);
    private static final String VAULT_TOKEN_HEADER = "X-Vault-Token";
    private String serviceRole;
    private String vaultAddress;
    private Supplier<String> vaultTokenSupplier;
    private BiFunction<String, Map<String, String>, String> serviceTokenNameBuilder;

    public VaultServiceTokenSupplier() {
    }

    private VaultServiceTokenSupplier(VaultServiceTokenSupplier vaultServiceTokenSupplier) {
        this.serviceRole = vaultServiceTokenSupplier.serviceRole;
        this.vaultAddress = vaultServiceTokenSupplier.vaultAddress;
        this.vaultTokenSupplier = vaultServiceTokenSupplier.vaultTokenSupplier;
        this.serviceTokenNameBuilder = vaultServiceTokenSupplier.serviceTokenNameBuilder;
    }

    public VaultServiceTokenSupplier serviceRole(String str) {
        VaultServiceTokenSupplier copy = copy();
        copy.serviceRole = str;
        return copy;
    }

    public VaultServiceTokenSupplier vaultAddress(String str) {
        VaultServiceTokenSupplier copy = copy();
        copy.vaultAddress = str;
        return copy;
    }

    public VaultServiceTokenSupplier vaultTokenSupplier(Supplier<String> supplier) {
        VaultServiceTokenSupplier copy = copy();
        copy.vaultTokenSupplier = supplier;
        return copy;
    }

    public VaultServiceTokenSupplier serviceTokenNameBuilder(BiFunction<String, Map<String, String>, String> biFunction) {
        VaultServiceTokenSupplier copy = copy();
        copy.serviceTokenNameBuilder = biFunction;
        return copy;
    }

    public Mono<String> getServiceToken(Map<String, String> map) {
        Supplier<String> supplier = this.vaultTokenSupplier;
        supplier.getClass();
        return Mono.fromCallable(supplier::get).map(str -> {
            return rpcGetServiceToken(map, str);
        }).doOnNext(restResponse -> {
            verifyOk(restResponse.getStatus());
        }).map(restResponse2 -> {
            return Json.parse(new String(restResponse2.getBody())).asObject().get("data").asObject().get("token").asString();
        }).doOnSuccess(str2 -> {
            LOGGER.info("[rpcGetServiceToken] Successfully obtained vault service token: {}", MaskUtil.mask(str2));
        });
    }

    private RestResponse rpcGetServiceToken(Map<String, String> map, String str) {
        String buildVaultServiceTokenUri = buildVaultServiceTokenUri(map);
        LOGGER.info("[rpcGetServiceToken] Getting vault service token (uri='{}')", buildVaultServiceTokenUri);
        try {
            return new Rest().header(VAULT_TOKEN_HEADER, str).url(buildVaultServiceTokenUri).get();
        } catch (RestException e) {
            LOGGER.error("[rpcGetServiceToken] Failed to get vault service token (uri='{}'), cause: {}", buildVaultServiceTokenUri, e.toString());
            throw Exceptions.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void verifyOk(int i) {
        if (i != 200) {
            LOGGER.error("[rpcGetServiceToken] Not expected status ({}) returned", Integer.valueOf(i));
            throw new IllegalStateException("Not expected status returned, status=" + i);
        }
    }

    private String buildVaultServiceTokenUri(Map<String, String> map) {
        return new StringJoiner("/", this.vaultAddress, "").add("v1/identity/oidc/token").add(this.serviceTokenNameBuilder.apply(this.serviceRole, map)).toString();
    }

    private VaultServiceTokenSupplier copy() {
        return new VaultServiceTokenSupplier(this);
    }
}
