package io.axual.utilities.config.providers;

import io.axual.utilities.config.providers.exceptions.VaultConfigurationException;
import io.axual.utilities.config.providers.exceptions.VaultKeyStoreProviderException;
import io.axual.utilities.config.providers.keystore.KeyData;
import io.axual.utilities.config.providers.keystore.KeyStoreCreator;
import io.axual.utilities.config.providers.keystore.KeyStoreData;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.kafka.common.config.ConfigData;
import org.apache.kafka.common.config.provider.ConfigProvider;
import org.apache.kafka.common.config.types.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/utilities/config/providers/VaultKeyStoreProvider.class */
public class VaultKeyStoreProvider implements ConfigProvider {
    public static final Logger LOG = LoggerFactory.getLogger(VaultKeyStoreProvider.class);
    public static final String KEY_ALIAS = "key";
    private final SecureRandom passwordLongGenerator;
    private final KeyStoreCreator creator;
    private String keyNamePrivateKey;
    private String keyNameCertificateChain;
    private String temporaryStorageDirectory;
    private String truststoreLocation;
    private Password truststorePassword;
    protected Optional<VaultHelper> vaultHelper;

    VaultKeyStoreProvider(KeyStoreCreator keyStoreCreator, VaultHelper vaultHelper) {
        this.creator = keyStoreCreator;
        this.passwordLongGenerator = new SecureRandom();
        this.vaultHelper = Optional.ofNullable(vaultHelper);
    }

    public VaultKeyStoreProvider() {
        this(KeyStoreCreator.INSTANCE, null);
    }

    public void configure(Map<String, ?> map) {
        LOG.debug("Configuring provider");
        if (this.vaultHelper.isPresent()) {
            LOG.error("Previous configuration found, will not configure provider");
            return;
        }
        VaultKeyStoreProviderConfig vaultKeyStoreProviderConfig = new VaultKeyStoreProviderConfig((Map<?, ?>) map, true);
        this.vaultHelper = Optional.ofNullable(createVaultHelper(vaultKeyStoreProviderConfig));
        this.vaultHelper.ifPresent((v0) -> {
            v0.testConnection();
        });
        this.keyNamePrivateKey = vaultKeyStoreProviderConfig.getPrivateKeyKeyName().orElseThrow(() -> {
            return new VaultKeyStoreProviderException("No key name for the private key entry supplied");
        });
        this.keyNameCertificateChain = vaultKeyStoreProviderConfig.getCertificateChainKeyName().orElseThrow(() -> {
            return new VaultKeyStoreProviderException("No key name for the certificate chain entry supplied");
        });
        this.temporaryStorageDirectory = vaultKeyStoreProviderConfig.getTemporaryStorageDirectory().orElseThrow(() -> {
            return new VaultKeyStoreProviderException("No temporary storage directory supplied");
        });
        if (!Files.exists(Paths.get(this.temporaryStorageDirectory, new String[0]), new LinkOption[0])) {
            throw new VaultKeyStoreProviderException("Provided temporary storage directory does not exist");
        }
        this.truststoreLocation = vaultKeyStoreProviderConfig.getTrustStoreLocation().orElseThrow(() -> {
            return new VaultKeyStoreProviderException("No truststore location supplied");
        });
        this.truststorePassword = vaultKeyStoreProviderConfig.getTrustStorePassword().orElseThrow(() -> {
            return new VaultKeyStoreProviderException("No truststore password supplied");
        });
    }

    public ConfigData get(String str) {
        LOG.info("Get keystore data from vault path {}", str);
        return get(str, Collections.emptySet());
    }

    public ConfigData get(String str, Set<String> set) {
        VaultHelper orElseThrow = this.vaultHelper.orElseThrow(() -> {
            return new VaultConfigurationException("Provider is not yet configured");
        });
        Set<String> set2 = (Set) set.stream().filter(str2 -> {
            return (str2 == null || str2.trim().isEmpty()) ? false : true;
        }).collect(Collectors.toSet());
        LOG.info("Get keystore data from vault path {} with keys {}", str, set2);
        Map<String, String> data = orElseThrow.getData(str).getData();
        logMap("Retrieved data", data);
        if (!data.containsKey(this.keyNamePrivateKey)) {
            throw new VaultKeyStoreProviderException("Path '" + str + "' does not contain key for private key. Expected: " + this.keyNamePrivateKey);
        }
        if (!data.containsKey(this.keyNameCertificateChain)) {
            throw new VaultKeyStoreProviderException("Path '" + str + "' does not contain key for certificate chain. Expected: " + this.keyNameCertificateChain);
        }
        Password createPassword = createPassword();
        KeyData keyData = new KeyData(data.get(this.keyNamePrivateKey), data.get(this.keyNameCertificateChain), createPassword);
        try {
            File createTempFile = File.createTempFile("keystore_", "_generated.jks", new File(this.temporaryStorageDirectory));
            KeyStoreData keyStoreData = new KeyStoreData(createTempFile.toPath(), createPassword);
            keyStoreData.putEntry(KEY_ALIAS, keyData);
            this.creator.createKeystore(keyStoreData, true);
            HashMap hashMap = new HashMap();
            hashMap.put("ssl.keystore.location", createTempFile.getAbsolutePath());
            hashMap.put("ssl.keystore.password", createPassword.value());
            hashMap.put("ssl.key.password", createPassword.value());
            hashMap.put("ssl.truststore.location", this.truststoreLocation);
            hashMap.put("ssl.truststore.password", this.truststorePassword.value());
            Objects.requireNonNull(hashMap);
            set2.removeIf((v1) -> {
                return r1.containsKey(v1);
            });
            if (set2.isEmpty()) {
                for (Map.Entry<String, String> entry : data.entrySet()) {
                    hashMap.putIfAbsent(entry.getKey(), entry.getValue());
                }
            } else {
                for (String str3 : set2) {
                    if (!data.containsKey(str3)) {
                        throw new VaultKeyStoreProviderException("Did not find required key: " + str3);
                    }
                    hashMap.putIfAbsent(str3, data.get(str3));
                }
            }
            hashMap.remove(this.keyNamePrivateKey);
            hashMap.remove(this.keyNameCertificateChain);
            logMap("Returning data", hashMap);
            return new ConfigData(hashMap);
        } catch (IOException e) {
            throw new VaultKeyStoreProviderException("Could not create temporary file", e);
        }
    }

    private void logMap(String str, Map<String, String> map) {
        if (LOG.isDebugEnabled()) {
            StringBuilder append = new StringBuilder().append(String.format("%s%n", str));
            ArrayList<String> arrayList = new ArrayList(map.keySet());
            Collections.sort(arrayList);
            for (String str2 : arrayList) {
                append.append(String.format("\t'%s' = '%s'%n", str2, map.get(str2)));
            }
            LOG.debug(append.toString());
        }
    }

    Password createPassword() {
        return new Password(new UUID(this.passwordLongGenerator.nextLong(), this.passwordLongGenerator.nextLong()).toString());
    }

    VaultHelper createVaultHelper(VaultHelperConfig vaultHelperConfig) {
        return new VaultHelper(vaultHelperConfig, LOG);
    }

    public void close() {
        LOG.debug("Closing provider");
        this.vaultHelper = Optional.empty();
    }
}
