package io.quarkus.vault.runtime;

import io.quarkus.vault.VaultKubernetesAuthService;
import io.quarkus.vault.auth.VaultKubernetesAuthConfig;
import io.quarkus.vault.auth.VaultKubernetesAuthRole;
import io.quarkus.vault.runtime.client.VaultClientException;
import io.quarkus.vault.runtime.client.authmethod.VaultInternalKubernetesAuthMethod;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthConfigData;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthListRolesData;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthRoleData;
import java.util.Collections;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/vault/runtime/VaultKubernetesAuthManager.class */
public class VaultKubernetesAuthManager implements VaultKubernetesAuthService {

    @Inject
    private VaultAuthManager vaultAuthManager;

    @Inject
    private VaultInternalKubernetesAuthMethod vaultInternalKubernetesAuthMethod;

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public void configure(VaultKubernetesAuthConfig vaultKubernetesAuthConfig) {
        this.vaultInternalKubernetesAuthMethod.configureAuth(this.vaultAuthManager.getClientToken(), new VaultKubernetesAuthConfigData().setIssuer(vaultKubernetesAuthConfig.issuer).setKubernetesCaCert(vaultKubernetesAuthConfig.kubernetesCaCert).setKubernetesHost(vaultKubernetesAuthConfig.kubernetesHost).setPemKeys(vaultKubernetesAuthConfig.pemKeys).setTokenReviewerJwt(vaultKubernetesAuthConfig.tokenReviewerJwt));
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public VaultKubernetesAuthConfig getConfig() {
        VaultKubernetesAuthConfigData vaultKubernetesAuthConfigData = (VaultKubernetesAuthConfigData) this.vaultInternalKubernetesAuthMethod.readAuthConfig(this.vaultAuthManager.getClientToken()).data;
        return new VaultKubernetesAuthConfig().setKubernetesCaCert(vaultKubernetesAuthConfigData.kubernetesCaCert).setKubernetesHost(vaultKubernetesAuthConfigData.kubernetesHost).setIssuer(vaultKubernetesAuthConfigData.issuer).setPemKeys(vaultKubernetesAuthConfigData.pemKeys).setTokenReviewerJwt(vaultKubernetesAuthConfigData.tokenReviewerJwt);
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public VaultKubernetesAuthRole getRole(String str) {
        VaultKubernetesAuthRoleData vaultKubernetesAuthRoleData = (VaultKubernetesAuthRoleData) this.vaultInternalKubernetesAuthMethod.getVaultAuthRole(this.vaultAuthManager.getClientToken(), str).data;
        return new VaultKubernetesAuthRole().setBoundServiceAccountNames(vaultKubernetesAuthRoleData.boundServiceAccountNames).setBoundServiceAccountNamespaces(vaultKubernetesAuthRoleData.boundServiceAccountNamespaces).setAudience(vaultKubernetesAuthRoleData.audience).setTokenTtl(vaultKubernetesAuthRoleData.tokenTtl).setTokenMaxTtl(vaultKubernetesAuthRoleData.tokenMaxTtl).setTokenPolicies(vaultKubernetesAuthRoleData.tokenPolicies).setTokenBoundCidrs(vaultKubernetesAuthRoleData.tokenBoundCidrs).setTokenExplicitMaxTtl(vaultKubernetesAuthRoleData.tokenExplicitMaxTtl).setTokenNoDefaultPolicy(vaultKubernetesAuthRoleData.tokenNoDefaultPolicy).setTokenNumUses(vaultKubernetesAuthRoleData.tokenNumUses).setTokenPeriod(vaultKubernetesAuthRoleData.tokenPeriod).setTokenType(vaultKubernetesAuthRoleData.tokenType);
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public void createRole(String str, VaultKubernetesAuthRole vaultKubernetesAuthRole) {
        this.vaultInternalKubernetesAuthMethod.createAuthRole(this.vaultAuthManager.getClientToken(), str, new VaultKubernetesAuthRoleData().setBoundServiceAccountNames(vaultKubernetesAuthRole.boundServiceAccountNames).setBoundServiceAccountNamespaces(vaultKubernetesAuthRole.boundServiceAccountNamespaces).setAudience(vaultKubernetesAuthRole.audience).setTokenTtl(vaultKubernetesAuthRole.tokenTtl).setTokenMaxTtl(vaultKubernetesAuthRole.tokenMaxTtl).setTokenPolicies(vaultKubernetesAuthRole.tokenPolicies).setTokenBoundCidrs(vaultKubernetesAuthRole.tokenBoundCidrs).setTokenExplicitMaxTtl(vaultKubernetesAuthRole.tokenExplicitMaxTtl).setTokenNoDefaultPolicy(vaultKubernetesAuthRole.tokenNoDefaultPolicy).setTokenNumUses(vaultKubernetesAuthRole.tokenNumUses).setTokenPeriod(vaultKubernetesAuthRole.tokenPeriod).setTokenType(vaultKubernetesAuthRole.tokenType));
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public List<String> getRoles() {
        try {
            return ((VaultKubernetesAuthListRolesData) this.vaultInternalKubernetesAuthMethod.listAuthRoles(this.vaultAuthManager.getClientToken()).data).keys;
        } catch (VaultClientException e) {
            if (e.getStatus() == 404) {
                return Collections.emptyList();
            }
            throw e;
        }
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthService
    public void deleteRole(String str) {
        this.vaultInternalKubernetesAuthMethod.deleteAuthRoles(this.vaultAuthManager.getClientToken(), str);
    }
}
