package io.quarkus.vault.client;

import io.quarkus.vault.client.api.VaultAuthAccessor;
import io.quarkus.vault.client.api.VaultSecretsAccessor;
import io.quarkus.vault.client.api.VaultSysAccessor;
import io.quarkus.vault.client.auth.VaultAppRoleAuthOptions;
import io.quarkus.vault.client.auth.VaultAppRoleTokenProvider;
import io.quarkus.vault.client.auth.VaultAuthRequest;
import io.quarkus.vault.client.auth.VaultKubernetesAuthOptions;
import io.quarkus.vault.client.auth.VaultKubernetesTokenProvider;
import io.quarkus.vault.client.auth.VaultStaticClientTokenAuthOptions;
import io.quarkus.vault.client.auth.VaultStaticClientTokenProvider;
import io.quarkus.vault.client.auth.VaultTokenProvider;
import io.quarkus.vault.client.auth.VaultUserPassAuthOptions;
import io.quarkus.vault.client.auth.VaultUserPassTokenProvider;
import io.quarkus.vault.client.common.VaultRequest;
import io.quarkus.vault.client.common.VaultRequestExecutor;
import io.quarkus.vault.client.common.VaultResponse;
import io.quarkus.vault.client.common.VaultTracingExecutor;
import io.quarkus.vault.client.logging.LogConfidentialityLevel;
import java.net.URL;
import java.nio.file.Path;
import java.time.Duration;
import java.time.InstantSource;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:io/quarkus/vault/client/VaultClient.class */
public class VaultClient implements VaultRequestExecutor {
    private final AtomicReference<VaultSecretsAccessor> secrets = new AtomicReference<>();
    private final AtomicReference<VaultAuthAccessor> auth = new AtomicReference<>();
    private final URL baseUrl;
    private final String apiVersion;
    private final VaultRequestExecutor executor;
    private final Duration requestTimeout;
    private final LogConfidentialityLevel logConfidentialityLevel;
    private final VaultTokenProvider tokenProvider;
    private final String namespace;
    private final InstantSource instantSource;

    /* loaded from: input_file:io/quarkus/vault/client/VaultClient$Builder.class */
    public static class Builder {
        private URL baseUrl;
        private String apiVersion;
        private VaultRequestExecutor executor;
        private VaultTokenProvider tokenProvider;
        private String namespace;
        private Duration requestTimeout;
        private LogConfidentialityLevel logConfidentialityLevel;
        private InstantSource instantSource = InstantSource.system();
        static final /* synthetic */ boolean $assertionsDisabled;

        public Builder baseUrl(URL url) {
            this.baseUrl = (URL) Objects.requireNonNull(url, "baseUrl is required");
            return this;
        }

        public Builder baseUrl(String str) {
            try {
                return baseUrl(new URL(str));
            } catch (Exception e) {
                throw new IllegalArgumentException("Invalid URL: " + str, e);
            }
        }

        public Builder apiVersion(String str) {
            this.apiVersion = (String) Objects.requireNonNull(str, "apiVersion is required");
            if ($assertionsDisabled || str.startsWith("v")) {
                return this;
            }
            throw new AssertionError();
        }

        public Builder executor(VaultRequestExecutor vaultRequestExecutor) {
            this.executor = vaultRequestExecutor;
            return this;
        }

        public Builder clientToken(String str) {
            return clientToken(VaultStaticClientTokenAuthOptions.builder().token(str).build());
        }

        public Builder clientToken(VaultStaticClientTokenAuthOptions vaultStaticClientTokenAuthOptions) {
            return tokenProvider(new VaultStaticClientTokenProvider(vaultStaticClientTokenAuthOptions));
        }

        public Builder userPass(String str, String str2) {
            return userPass(VaultUserPassAuthOptions.builder().username(str).password(str2).build());
        }

        public Builder userPass(VaultUserPassAuthOptions vaultUserPassAuthOptions) {
            return tokenProvider(new VaultUserPassTokenProvider(vaultUserPassAuthOptions).caching(vaultUserPassAuthOptions.cachingRenewGracePeriod));
        }

        public Builder appRole(String str, String str2) {
            return appRole(VaultAppRoleAuthOptions.builder().roleId(str).secretId(str2).build());
        }

        public Builder appRole(VaultAppRoleAuthOptions vaultAppRoleAuthOptions) {
            return tokenProvider(new VaultAppRoleTokenProvider(vaultAppRoleAuthOptions).caching(vaultAppRoleAuthOptions.cachingRenewGracePeriod));
        }

        public Builder kubernetes(String str, Path path) {
            return kubernetes(VaultKubernetesAuthOptions.builder().role(str).jwtTokenPath(path).build());
        }

        public Builder kubernetes(VaultKubernetesAuthOptions vaultKubernetesAuthOptions) {
            return tokenProvider(new VaultKubernetesTokenProvider(vaultKubernetesAuthOptions).caching(vaultKubernetesAuthOptions.cachingRenewGracePeriod));
        }

        public Builder tokenProvider(VaultTokenProvider vaultTokenProvider) {
            this.tokenProvider = vaultTokenProvider;
            return this;
        }

        public Builder namespace(String str) {
            this.namespace = str;
            return this;
        }

        public Builder requestTimeout(Duration duration) {
            this.requestTimeout = duration;
            return this;
        }

        public Builder logConfidentialityLevel(LogConfidentialityLevel logConfidentialityLevel) {
            this.logConfidentialityLevel = logConfidentialityLevel != null ? logConfidentialityLevel : LogConfidentialityLevel.HIGH;
            return this;
        }

        public Builder traceRequests() {
            Objects.requireNonNull(this.executor, "executor must be configured before tracing");
            if (!(this.executor instanceof VaultTracingExecutor)) {
                this.executor = new VaultTracingExecutor(this.executor);
            }
            return this;
        }

        public Builder instantSource(InstantSource instantSource) {
            this.instantSource = instantSource;
            return this;
        }

        public VaultClient build() {
            return new VaultClient(this);
        }

        static {
            $assertionsDisabled = !VaultClient.class.desiredAssertionStatus();
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private VaultClient(Builder builder) {
        this.baseUrl = (URL) Objects.requireNonNull(builder.baseUrl, "baseUrl is required");
        this.executor = (VaultRequestExecutor) Objects.requireNonNull(builder.executor, "executor is required");
        this.apiVersion = builder.apiVersion;
        this.logConfidentialityLevel = builder.logConfidentialityLevel;
        this.requestTimeout = builder.requestTimeout;
        this.tokenProvider = builder.tokenProvider;
        this.namespace = builder.namespace;
        this.instantSource = builder.instantSource;
    }

    public VaultSecretsAccessor secrets() {
        if (this.secrets.get() == null) {
            this.secrets.set(new VaultSecretsAccessor(this));
        }
        return this.secrets.get();
    }

    public VaultAuthAccessor auth() {
        if (this.auth.get() == null) {
            this.auth.set(new VaultAuthAccessor(this));
        }
        return this.auth.get();
    }

    public VaultSysAccessor sys() {
        return new VaultSysAccessor(this);
    }

    public URL getBaseUrl() {
        return this.baseUrl;
    }

    public String getApiVersion() {
        return this.apiVersion;
    }

    public VaultRequestExecutor getExecutor() {
        return this.executor;
    }

    public Duration getRequestTimeout() {
        return this.requestTimeout;
    }

    public LogConfidentialityLevel getLogConfidentialityLevel() {
        return this.logConfidentialityLevel;
    }

    public VaultTokenProvider getTokenProvider() {
        return this.tokenProvider;
    }

    public String getNamespace() {
        return this.namespace;
    }

    @Override // io.quarkus.vault.client.common.VaultRequestExecutor
    public <T> CompletionStage<VaultResponse<T>> execute(VaultRequest<T> vaultRequest) {
        VaultRequest.Builder<T> builder = vaultRequest.builder();
        builder.baseUrl(this.baseUrl);
        if (this.requestTimeout != null) {
            builder.timeout(this.requestTimeout);
        }
        if (this.apiVersion != null) {
            builder.apiVersion(this.apiVersion);
        }
        if (this.logConfidentialityLevel != null) {
            builder.logConfidentialityLevel(this.logConfidentialityLevel);
        }
        if (!vaultRequest.hasNamespace() && this.namespace != null) {
            builder.namespace(this.namespace);
        }
        if (vaultRequest.hasToken() || this.tokenProvider == null) {
            return this.executor.execute(builder.rebuild());
        }
        AtomicReference atomicReference = new AtomicReference(null);
        CompletionStage completionStage = (CompletionStage) this.tokenProvider.apply(VaultAuthRequest.of(this, vaultRequest, this.instantSource));
        return CompletableFuture.completedStage(0).thenCompose(new Retry(() -> {
            return completionStage.thenCompose(vaultToken -> {
                atomicReference.set(vaultToken);
                if (vaultToken == null) {
                    builder.noToken();
                } else {
                    builder.token(vaultToken.getClientToken());
                }
                return this.executor.execute(builder.rebuild());
            });
        }, 1L, atomicReference));
    }

    public Builder configure() {
        Builder builder = new Builder();
        builder.baseUrl = this.baseUrl;
        builder.apiVersion = this.apiVersion;
        builder.executor = this.executor;
        builder.tokenProvider = this.tokenProvider;
        builder.namespace = this.namespace;
        builder.requestTimeout = this.requestTimeout;
        builder.logConfidentialityLevel = this.logConfidentialityLevel;
        return builder;
    }
}
