package io.scalecube.config.vault;

import com.bettercloud.vault.EnvironmentLoader;
import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import io.scalecube.config.ConfigProperty;
import io.scalecube.config.ConfigSourceNotAvailableException;
import io.scalecube.config.source.ConfigSource;
import io.scalecube.config.source.LoadedConfigProperty;
import io.scalecube.config.utils.ThrowableUtil;
import java.time.Duration;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/scalecube/config/vault/VaultConfigSource.class */
public class VaultConfigSource implements ConfigSource {
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultConfigSource.class);
    private final Vault vault;
    private final String secretsPath;
    private final Duration renewEvery;

    /* loaded from: input_file:io/scalecube/config/vault/VaultConfigSource$Builder.class */
    public static final class Builder {
        private final String secretsPath;
        final VaultConfig config = new VaultConfig();
        private Duration renewEvery = null;

        Builder(String str, String str2, String str3) {
            this.config.address((String) Objects.requireNonNull(str, "Missing address")).token((String) Objects.requireNonNull(str2, "Missing token")).sslConfig(new SslConfig());
            this.secretsPath = (String) Objects.requireNonNull(str3, "Missing secretsPath");
        }

        public Builder connectTimeout(int i) {
            this.config.openTimeout(Integer.valueOf(i));
            return this;
        }

        public Builder readTimeout(int i) {
            this.config.readTimeout(Integer.valueOf(i));
            return this;
        }

        public Builder renewEvery(Duration duration) {
            this.renewEvery = duration;
            return this;
        }

        public VaultConfigSource build() {
            try {
                this.config.build();
                return new VaultConfigSource(this);
            } catch (VaultException e) {
                VaultConfigSource.LOGGER.error("Unable to build " + VaultConfigSource.class.getSimpleName(), e);
                throw ThrowableUtil.propagate(e);
            }
        }

        public String secretsPath() {
            return this.secretsPath;
        }
    }

    private VaultConfigSource(Builder builder) {
        this.secretsPath = builder.secretsPath();
        this.renewEvery = builder.renewEvery;
        this.vault = new Vault(builder.config);
        if (this.renewEvery != null) {
            Executors.newScheduledThreadPool(1, runnable -> {
                Thread thread = new Thread(runnable);
                thread.setDaemon(true);
                thread.setName(VaultConfigSource.class.getSimpleName() + " token renewer");
                return thread;
            }).scheduleAtFixedRate(() -> {
                try {
                    this.vault.auth().renewSelf();
                    LOGGER.info("renew token success");
                } catch (VaultException e) {
                    LOGGER.error("failed to renew token", e);
                }
            }, this.renewEvery.toMillis(), this.renewEvery.toMillis(), TimeUnit.MILLISECONDS);
        }
    }

    private void checkVaultStatus() throws VaultException {
        if (this.vault.seal().sealStatus().getSealed().booleanValue()) {
            throw new VaultException("Vault is sealed");
        }
        if (!this.vault.debug().health().getInitialized().booleanValue()) {
            throw new VaultException("Vault not yet initialized");
        }
    }

    public Map<String, ConfigProperty> loadConfig() {
        try {
            checkVaultStatus();
            return (Map) this.vault.logical().read(this.secretsPath).getData().entrySet().stream().map(LoadedConfigProperty::withNameAndValue).map((v0) -> {
                return v0.build();
            }).collect(Collectors.toMap((v0) -> {
                return v0.name();
            }, Function.identity()));
        } catch (VaultException e) {
            LOGGER.warn("unable to load config properties", e);
            throw new ConfigSourceNotAvailableException(e);
        }
    }

    public static Builder builder() {
        return builder(new EnvironmentLoader());
    }

    static Builder builder(EnvironmentLoader environmentLoader) {
        return builder(environmentLoader.loadVariable("VAULT_ADDR"), environmentLoader.loadVariable("VAULT_TOKEN"), environmentLoader.loadVariable("VAULT_SECRETS_PATH"));
    }

    public static Builder builder(String str, String str2, String str3) {
        return new Builder(str, str2, str3);
    }
}
