package io.scalecube.config.vault;

import com.bettercloud.vault.EnvironmentLoader;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import io.scalecube.config.ConfigProperty;
import io.scalecube.config.ConfigSourceNotAvailableException;
import io.scalecube.config.source.ConfigSource;
import io.scalecube.config.source.LoadedConfigProperty;
import io.scalecube.config.utils.ThrowableUtil;
import java.time.Duration;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/scalecube/config/vault/VaultConfigSource.class */
public class VaultConfigSource implements ConfigSource {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultConfigSource.class);
    private static final ThreadFactory THREAD_FACTORY = runnable -> {
        Thread thread = new Thread(runnable);
        thread.setDaemon(true);
        thread.setName(VaultConfigSource.class.getSimpleName().toLowerCase() + "-token-renewer");
        return thread;
    };
    private static final String VAULT_SECRETS_PATH = "VAULT_SECRETS_PATH";
    private static final String VAULT_RENEW_PERIOD = "VAULT_RENEW_PERIOD";
    private final Vault vault;
    private final String secretsPath;

    /* loaded from: input_file:io/scalecube/config/vault/VaultConfigSource$Builder.class */
    public static final class Builder {
        private Function<VaultConfig, VaultConfig> config;
        private VaultTokenSupplier tokenSupplier;
        private EnvironmentLoader environmentLoader;
        private String secretsPath;
        private Duration renewEvery;

        private Builder(EnvironmentLoader environmentLoader) {
            this.config = Function.identity();
            this.tokenSupplier = new VaultTokenSupplier() { // from class: io.scalecube.config.vault.VaultConfigSource.Builder.1
            };
            this.environmentLoader = environmentLoader;
        }

        public Builder renewEvery(Duration duration) {
            this.renewEvery = duration;
            return this;
        }

        public Builder secretsPath(String str) {
            this.secretsPath = str;
            return this;
        }

        public Builder config(UnaryOperator<VaultConfig> unaryOperator) {
            this.config = this.config.andThen(unaryOperator);
            return this;
        }

        public Builder tokenSupplier(VaultTokenSupplier vaultTokenSupplier) {
            this.tokenSupplier = vaultTokenSupplier;
            return this;
        }

        public VaultConfigSource build() {
            try {
                return new VaultConfigSource(this);
            } catch (VaultException e) {
                VaultConfigSource.LOGGER.error("Unable to build " + VaultConfigSource.class.getSimpleName(), e);
                throw ThrowableUtil.propagate(e);
            }
        }
    }

    private VaultConfigSource(Builder builder) throws VaultException {
        EnvironmentLoader environmentLoader = builder.environmentLoader != null ? builder.environmentLoader : new EnvironmentLoader();
        this.secretsPath = (String) Objects.requireNonNull(builder.secretsPath != null ? builder.secretsPath : environmentLoader.loadVariable(VAULT_SECRETS_PATH), "Missing secretsPath");
        VaultConfig build = ((VaultConfig) builder.config.apply(new VaultConfig())).environmentLoader(environmentLoader).build();
        this.vault = new Vault(build.token(builder.tokenSupplier.getToken(environmentLoader, build)));
        Duration duration = builder.renewEvery != null ? builder.renewEvery : duration(environmentLoader.loadVariable(VAULT_RENEW_PERIOD));
        if (duration != null) {
            scheduleVaultTokenRenew(duration);
        }
    }

    private void scheduleVaultTokenRenew(Duration duration) {
        Executors.newSingleThreadScheduledExecutor(THREAD_FACTORY).scheduleAtFixedRate(() -> {
            try {
                this.vault.auth().renewSelf();
                LOGGER.info("renew token success");
            } catch (VaultException e) {
                LOGGER.error("failed to renew token", e);
            }
        }, duration.toMillis(), duration.toMillis(), TimeUnit.MILLISECONDS);
    }

    private void checkVaultStatus() throws VaultException {
        if (this.vault.seal().sealStatus().getSealed().booleanValue()) {
            throw new VaultException("Vault is sealed");
        }
        if (!this.vault.debug().health().getInitialized().booleanValue()) {
            throw new VaultException("Vault not yet initialized");
        }
    }

    private Duration duration(String str) {
        if (str != null) {
            return Duration.parse(str);
        }
        return null;
    }

    public Map<String, ConfigProperty> loadConfig() {
        try {
            checkVaultStatus();
            return (Map) this.vault.logical().read(this.secretsPath).getData().entrySet().stream().map(LoadedConfigProperty::withNameAndValue).map((v0) -> {
                return v0.build();
            }).collect(Collectors.toMap((v0) -> {
                return v0.name();
            }, Function.identity()));
        } catch (VaultException e) {
            LOGGER.warn("unable to load config properties", e);
            throw new ConfigSourceNotAvailableException(e);
        }
    }

    public static Builder builder() {
        return builder(new EnvironmentLoader());
    }

    static Builder builder(EnvironmentLoader environmentLoader) {
        return new Builder(environmentLoader);
    }
}
