package io.axual.utilities.config.providers;

import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.response.AuthResponse;
import io.axual.utilities.config.providers.exceptions.VaultConfigurationException;
import io.axual.utilities.config.providers.exceptions.VaultConfigurationProviderException;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.types.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/utilities/config/providers/VaultHelperConfig.class */
public class VaultHelperConfig extends AbstractConfig {
    public static final String VAULT_ADDRESS_CONFIG = "address";
    private static final String VAULT_ADDRESS_DOC = "The URL where HashiCorp Vault can be reached";
    public static final String VAULT_TIMEOUT_OPEN_CONFIG = "timeout.open";
    private static final String VAULT_TIMEOUT_OPEN_DOC = "The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.";
    public static final String VAULT_TIMEOUT_READ_CONFIG = "timeout.read";
    private static final String VAULT_TIMEOUT_READ_DOC = "After an HTTP(S) connection has already been established, this is the number of seconds to wait for all data to finish downloading.";
    public static final String VAULT_NAMESPACE_CONFIG = "namespace";
    private static final String VAULT_NAMESPACE_DOC = "Sets a global namespace to the Vault server instance.";
    public static final String VAULT_GLOBAL_ENGINE_VERSION_CONFIG = "global.engine.version";
    private static final String VAULT_GLOBAL_ENGINE_VERSION_DOC = "Sets the KV Secrets Engine version of the Vault server instance.";
    public static final String VAULT_PREFIX_PATH_DEPTH_CONFIG = "prefix.path.depth";
    private static final String VAULT_PREFIX_PATH_DEPTH_DOC = "Set the \"path depth\" of the prefix path.";
    public static final String VAULT_PREFIX_PATH_CONFIG = "prefix.path";
    private static final String VAULT_PREFIX_PATH_DOC = "Set the \"path depth\" of the prefix path by specifying the path. /a/b/c would result in a prefix path depth of 3.";
    private static final String VAULT_SSL_PREFIX = "ssl";
    public static final String VAULT_SSL_VERIFY_CONFIG = "ssl.verify";
    private static final String VAULT_SSL_VERIFY_DOC = "Determines whether or not HTTPS connections to the Vault server should verify that a valid SSL certificate is being used.";
    public static final String VAULT_SSL_TRUSTSTORE_LOCATION_CONFIG = "ssl.truststore.location";
    private static final String VAULT_SSL_TRUSTSTORE_LOCATION_DOC = "The path to a JKS keystore file, containing the Vault TLS Certificate or Certificate Authorities.";
    public static final String VAULT_SSL_TRUSTSTORE_PASSWORD_CONFIG = "ssl.truststore.password";
    private static final String VAULT_SSL_TRUSTSTORE_PASSWORD_DOC = "The password to access the JKS keystore file containing the Vault TLS Certificate or Certificate Authorities.";
    public static final String VAULT_AUTH_METHOD_APPROLE = "APPROLE";
    public static final String VAULT_AUTH_METHOD_CONFIG = "auth.method";
    static final String VAULT_AUTH_METHOD_DEFAULT = "APPROLE";
    private static final String VAULT_AUTH_METHOD_DOC = "The authentication method to use. Valid values is APPROLE";
    public static final String VAULT_CREDENTIAL_APPROLE_PATH_CONFIG = "approle.path";
    static final String VAULT_CREDENTIAL_APPROLE_PATH_DEFAULT = "approle";
    private static final String VAULT_CREDENTIAL_APPROLE_PATH_DOC = "The path on which the authentication is performed when using AppRole authentication, following the \"/v1/auth/\" prefix (e.g. \"approle\").";
    public static final String VAULT_CREDENTIAL_APPROLE_ROLE_ID_CONFIG = "approle.role.id";
    private static final String VAULT_CREDENTIAL_APPROLE_ID_DOC = "The Vault role id to use for communicating with Vault when using AppRole authentication.";
    public static final String VAULT_CREDENTIAL_APPROLE_SECRET_ID_CONFIG = "approle.secret.id";
    private static final String VAULT_CREDENTIAL_APPROLE_SECRET_ID_DOC = "The Vault secret id to use for communicating with Vault when using AppRole authentication.";
    public static final String VAULT_TEST_PATH_CONFIG = "test.path";
    private static final String VAULT_TEST_PATH_DOC = "The path of the data to retrieve from Vault during configuration.";
    private final Optional<String> testPath;
    private final Optional<String> address;
    private final Optional<Integer> openTimeout;
    private final Optional<Integer> readTimeout;
    private final Optional<String> namespace;
    private final Optional<Integer> globalEngineVersion;
    private final Optional<Integer> prefixPathDepth;
    private final Optional<String> prefixPath;
    private final Optional<Boolean> sslVerify;
    private final Optional<String> truststoreLocation;
    private final Optional<Password> truststorePassword;
    private final Optional<String> authMethod;
    private final Optional<String> appRolePath;
    private final Optional<String> appRoleId;
    private final Optional<Password> appRoleSecretId;
    private VaultConfig vaultConfig;
    public static final Logger LOG = LoggerFactory.getLogger(VaultHelperConfig.class);
    static final Integer VAULT_TIMEOUT_OPEN_DEFAULT = 30;
    static final Integer VAULT_TIMEOUT_READ_DEFAULT = 30;
    static final String VAULT_NAMESPACE_DEFAULT = null;
    static final Integer VAULT_GLOBAL_ENGINE_VERSION_DEFAULT = 2;
    static final boolean VAULT_SSL_VERIFY_DEFAULT = true;
    static final Integer VAULT_PREFIX_PATH_DEPTH_DEFAULT = Integer.valueOf(VAULT_SSL_VERIFY_DEFAULT);
    static final String VAULT_PREFIX_PATH_DEFAULT = null;
    static final String VAULT_SSL_TRUSTSTORE_LOCATION_DEFAULT = null;
    static final String VAULT_SSL_TRUSTSTORE_PASSWORD_DEFAULT = null;
    static final String VAULT_CREDENTIAL_APPROLE_ID_DEFAULT = null;
    static final String VAULT_CREDENTIAL_APPROLE_SECRET_ID_DEFAULT = null;
    static final String VAULT_TEST_PATH_DEFAULT = null;
    private static final ConfigDef CONFIG_DEF = addVaultHelperConfigDefinitions(new ConfigDef());

    public static ConfigDef addVaultHelperConfigDefinitions(ConfigDef configDef) {
        configDef.define(VAULT_TEST_PATH_CONFIG, ConfigDef.Type.STRING, VAULT_TEST_PATH_DEFAULT, ConfigDef.Importance.LOW, VAULT_TEST_PATH_DOC);
        configDef.define(VAULT_ADDRESS_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, VAULT_ADDRESS_DOC).define(VAULT_TIMEOUT_OPEN_CONFIG, ConfigDef.Type.INT, VAULT_TIMEOUT_OPEN_DEFAULT, ConfigDef.Importance.MEDIUM, VAULT_TIMEOUT_OPEN_DOC).define(VAULT_TIMEOUT_READ_CONFIG, ConfigDef.Type.INT, VAULT_TIMEOUT_READ_DEFAULT, ConfigDef.Importance.MEDIUM, VAULT_TIMEOUT_READ_DOC).define(VAULT_NAMESPACE_CONFIG, ConfigDef.Type.STRING, VAULT_NAMESPACE_DEFAULT, ConfigDef.Importance.LOW, VAULT_NAMESPACE_DOC).define(VAULT_GLOBAL_ENGINE_VERSION_CONFIG, ConfigDef.Type.INT, VAULT_GLOBAL_ENGINE_VERSION_DEFAULT, ConfigDef.Importance.LOW, VAULT_GLOBAL_ENGINE_VERSION_DOC).define(VAULT_PREFIX_PATH_DEPTH_CONFIG, ConfigDef.Type.INT, VAULT_PREFIX_PATH_DEPTH_DEFAULT, ConfigDef.Importance.LOW, VAULT_PREFIX_PATH_DEPTH_DOC).define(VAULT_PREFIX_PATH_CONFIG, ConfigDef.Type.STRING, VAULT_PREFIX_PATH_DEFAULT, ConfigDef.Importance.LOW, VAULT_PREFIX_PATH_DOC);
        configDef.define(VAULT_SSL_VERIFY_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.MEDIUM, VAULT_SSL_VERIFY_DOC).define(VAULT_SSL_TRUSTSTORE_LOCATION_CONFIG, ConfigDef.Type.STRING, VAULT_SSL_TRUSTSTORE_LOCATION_DEFAULT, ConfigDef.Importance.MEDIUM, VAULT_SSL_TRUSTSTORE_LOCATION_DOC).define(VAULT_SSL_TRUSTSTORE_PASSWORD_CONFIG, ConfigDef.Type.PASSWORD, VAULT_SSL_TRUSTSTORE_PASSWORD_DEFAULT, ConfigDef.Importance.MEDIUM, VAULT_SSL_TRUSTSTORE_PASSWORD_DOC);
        configDef.define(VAULT_AUTH_METHOD_CONFIG, ConfigDef.Type.STRING, "APPROLE", ConfigDef.Importance.HIGH, VAULT_AUTH_METHOD_DOC).define(VAULT_CREDENTIAL_APPROLE_PATH_CONFIG, ConfigDef.Type.STRING, VAULT_CREDENTIAL_APPROLE_PATH_DEFAULT, ConfigDef.Importance.LOW, VAULT_CREDENTIAL_APPROLE_PATH_DOC).define(VAULT_CREDENTIAL_APPROLE_ROLE_ID_CONFIG, ConfigDef.Type.STRING, VAULT_CREDENTIAL_APPROLE_ID_DEFAULT, ConfigDef.Importance.LOW, VAULT_CREDENTIAL_APPROLE_ID_DOC).define(VAULT_CREDENTIAL_APPROLE_SECRET_ID_CONFIG, ConfigDef.Type.PASSWORD, VAULT_CREDENTIAL_APPROLE_SECRET_ID_DEFAULT, ConfigDef.Importance.LOW, VAULT_CREDENTIAL_APPROLE_SECRET_ID_DOC);
        return configDef;
    }

    protected static ConfigDef verifyVaultHelperConfigDefinition(ConfigDef configDef) {
        Set names = configDef.names();
        Set set = (Set) CONFIG_DEF.names().stream().filter(str -> {
            return !names.contains(str);
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            return configDef;
        }
        throw new IllegalArgumentException("ConfigDef is missing configurations : " + String.join(",", set));
    }

    public VaultHelperConfig(Map<?, ?> map) {
        this(CONFIG_DEF, map, true);
    }

    public VaultHelperConfig(Map<?, ?> map, boolean z) {
        this(CONFIG_DEF, map, z);
    }

    public VaultHelperConfig(ConfigDef configDef, Map<?, ?> map) {
        this(configDef, map, true);
    }

    public VaultHelperConfig(ConfigDef configDef, Map<?, ?> map, boolean z) {
        super(verifyVaultHelperConfigDefinition(configDef), map, z);
        this.vaultConfig = null;
        this.testPath = getOptionalString(VAULT_TEST_PATH_CONFIG);
        this.address = getOptionalString(VAULT_ADDRESS_CONFIG);
        this.openTimeout = getOptionalInt(VAULT_TIMEOUT_OPEN_CONFIG);
        this.readTimeout = getOptionalInt(VAULT_TIMEOUT_READ_CONFIG);
        this.namespace = getOptionalString(VAULT_NAMESPACE_CONFIG);
        this.globalEngineVersion = getOptionalInt(VAULT_GLOBAL_ENGINE_VERSION_CONFIG);
        this.prefixPathDepth = getOptionalInt(VAULT_PREFIX_PATH_DEPTH_CONFIG);
        this.prefixPath = getOptionalString(VAULT_PREFIX_PATH_CONFIG);
        this.sslVerify = getOptionalBoolean(VAULT_SSL_VERIFY_CONFIG);
        this.truststoreLocation = getOptionalString(VAULT_SSL_TRUSTSTORE_LOCATION_CONFIG);
        this.truststorePassword = getOptionalPassword(VAULT_SSL_TRUSTSTORE_PASSWORD_CONFIG);
        this.authMethod = getOptionalString(VAULT_AUTH_METHOD_CONFIG);
        this.appRolePath = getOptionalString(VAULT_CREDENTIAL_APPROLE_PATH_CONFIG);
        this.appRoleId = getOptionalString(VAULT_CREDENTIAL_APPROLE_ROLE_ID_CONFIG);
        this.appRoleSecretId = getOptionalPassword(VAULT_CREDENTIAL_APPROLE_SECRET_ID_CONFIG);
    }

    public synchronized VaultConfig getVaultConfig() {
        if (this.vaultConfig == null) {
            VaultConfig vaultConfig = new VaultConfig();
            Optional<SslConfig> createSslConfig = createSslConfig();
            Objects.requireNonNull(vaultConfig);
            createSslConfig.ifPresent(vaultConfig::sslConfig);
            Optional<String> optional = this.address;
            Objects.requireNonNull(vaultConfig);
            optional.ifPresent(vaultConfig::address);
            Optional<Integer> optional2 = this.globalEngineVersion;
            Objects.requireNonNull(vaultConfig);
            optional2.ifPresent(vaultConfig::engineVersion);
            Optional<Integer> optional3 = this.openTimeout;
            Objects.requireNonNull(vaultConfig);
            optional3.ifPresent(vaultConfig::openTimeout);
            Optional<Integer> optional4 = this.readTimeout;
            Objects.requireNonNull(vaultConfig);
            optional4.ifPresent(vaultConfig::readTimeout);
            Optional<Integer> optional5 = this.prefixPathDepth;
            Objects.requireNonNull(vaultConfig);
            optional5.ifPresent((v1) -> {
                r1.prefixPathDepth(v1);
            });
            Optional<String> optional6 = this.prefixPath;
            Objects.requireNonNull(vaultConfig);
            optional6.ifPresent(vaultConfig::prefixPath);
            try {
                if (this.namespace.isPresent()) {
                    vaultConfig.nameSpace(this.namespace.get());
                }
                vaultConfig.build();
                this.vaultConfig = vaultConfig;
            } catch (VaultException e) {
                throw new VaultConfigurationException((Throwable) e);
            }
        }
        return this.vaultConfig;
    }

    private Optional<SslConfig> createSslConfig() {
        if (originalsWithPrefix(VAULT_SSL_PREFIX, false).isEmpty()) {
            return Optional.empty();
        }
        SslConfig sslConfig = new SslConfig();
        Optional<Boolean> optional = this.sslVerify;
        Objects.requireNonNull(sslConfig);
        optional.ifPresent(sslConfig::verify);
        handleKeystore(this::getSslTruststoreLocation, this::getSslTruststorePassword, (keyStore, str) -> {
            sslConfig.trustStore(keyStore);
        });
        return Optional.of(sslConfig);
    }

    private void handleKeystore(Supplier<Optional<String>> supplier, Supplier<Optional<Password>> supplier2, BiConsumer<KeyStore, String> biConsumer) {
        Optional<String> optional = supplier.get();
        Optional<Password> optional2 = supplier2.get();
        optional.ifPresent(str -> {
            String str = (String) optional2.map((v0) -> {
                return v0.value();
            }).orElse(null);
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, str == null ? null : str.toCharArray());
                    biConsumer.accept(keyStore, str);
                    fileInputStream.close();
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new VaultConfigurationProviderException("Could not create keystore object", e);
            }
        });
    }

    public synchronized AuthResponse login(Vault vault) {
        if (!this.authMethod.isPresent()) {
            throw new VaultConfigurationException("No Authentication Method set");
        }
        String str = this.authMethod.get();
        if (!"APPROLE".equals(str)) {
            throw new VaultConfigurationException("Unknown Authentication Method set " + str);
        }
        LOG.debug("Using APPROLE authentication");
        if (!this.appRoleId.isPresent() || !this.appRoleSecretId.isPresent() || !this.appRolePath.isPresent()) {
            throw new VaultConfigurationException("Path, role id and secret id are required for AppRole authentication");
        }
        try {
            return vault.auth().loginByAppRole(this.appRolePath.get(), this.appRoleId.get(), this.appRoleSecretId.get().value());
        } catch (VaultException e) {
            throw new VaultConfigurationException("Could not log in with AppRole Authentication", e);
        }
    }

    protected Optional<String> getOptionalString(String str) {
        return values().containsKey(str) ? Optional.ofNullable(getString(str)) : Optional.empty();
    }

    protected Optional<Integer> getOptionalInt(String str) {
        return values().containsKey(str) ? Optional.ofNullable(getInt(str)) : Optional.empty();
    }

    protected Optional<Boolean> getOptionalBoolean(String str) {
        return values().containsKey(str) ? Optional.ofNullable(getBoolean(str)) : Optional.empty();
    }

    public Optional<Password> getOptionalPassword(String str) {
        return values().containsKey(str) ? Optional.ofNullable(getPassword(str)) : Optional.empty();
    }

    public Optional<String> getTestPath() {
        return this.testPath;
    }

    public Optional<String> getAddress() {
        return this.address;
    }

    public Optional<Integer> getOpenTimeout() {
        return this.openTimeout;
    }

    public Optional<Integer> getReadTimeout() {
        return this.readTimeout;
    }

    public Optional<String> getNameSpace() {
        return this.namespace;
    }

    public Optional<Integer> getGlobalEngineVersion() {
        return this.globalEngineVersion;
    }

    public Optional<Integer> getPrefixPathDepth() {
        return this.prefixPathDepth;
    }

    public Optional<String> getPrefixPath() {
        return this.prefixPath;
    }

    public Optional<Boolean> getSslVerify() {
        return this.sslVerify;
    }

    public Optional<String> getSslTruststoreLocation() {
        return this.truststoreLocation;
    }

    public Optional<Password> getSslTruststorePassword() {
        return this.truststorePassword;
    }

    public Optional<String> getAuthMethod() {
        return this.authMethod;
    }

    public Optional<String> getAppRolePath() {
        return this.appRolePath;
    }

    public Optional<String> getAppRoleId() {
        return this.appRoleId;
    }

    public Optional<Password> getAppRoleSecretId() {
        return this.appRoleSecretId;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof VaultHelperConfig) || !super.equals(obj)) {
            return false;
        }
        VaultHelperConfig vaultHelperConfig = (VaultHelperConfig) obj;
        return this.testPath.equals(vaultHelperConfig.testPath) && this.address.equals(vaultHelperConfig.address) && this.openTimeout.equals(vaultHelperConfig.openTimeout) && this.readTimeout.equals(vaultHelperConfig.readTimeout) && this.namespace.equals(vaultHelperConfig.namespace) && this.globalEngineVersion.equals(vaultHelperConfig.globalEngineVersion) && this.prefixPathDepth.equals(vaultHelperConfig.prefixPathDepth) && this.prefixPath.equals(vaultHelperConfig.prefixPath) && this.sslVerify.equals(vaultHelperConfig.sslVerify) && this.truststoreLocation.equals(vaultHelperConfig.truststoreLocation) && this.truststorePassword.equals(vaultHelperConfig.truststorePassword) && this.authMethod.equals(vaultHelperConfig.authMethod) && this.appRolePath.equals(vaultHelperConfig.appRolePath) && this.appRoleId.equals(vaultHelperConfig.appRoleId) && this.appRoleSecretId.equals(vaultHelperConfig.appRoleSecretId) && Objects.equals(this.vaultConfig, vaultHelperConfig.vaultConfig);
    }

    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.testPath, this.address, this.openTimeout, this.readTimeout, this.namespace, this.globalEngineVersion, this.prefixPathDepth, this.prefixPath, this.sslVerify, this.truststoreLocation, this.truststorePassword, this.authMethod, this.appRolePath, this.appRoleId, this.appRoleSecretId, this.vaultConfig);
    }
}
