package io.quarkus.vault.runtime.client;

import io.quarkus.vault.runtime.config.VaultAuthenticationType;
import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
import io.vertx.core.Vertx;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.ProxyOptions;
import io.vertx.ext.web.client.WebClient;
import io.vertx.ext.web.client.WebClientOptions;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vault/runtime/client/MutinyVertxClientFactory.class */
public class MutinyVertxClientFactory {
    private static final Logger log = Logger.getLogger(MutinyVertxClientFactory.class.getName());

    public static WebClient createHttpClient(Vertx vertx, VaultRuntimeConfig vaultRuntimeConfig, boolean z) {
        WebClientOptions idleTimeout = new WebClientOptions().setConnectTimeout((int) vaultRuntimeConfig.connectTimeout().toMillis()).setIdleTimeout(((int) vaultRuntimeConfig.readTimeout().getSeconds()) * 2);
        if (vaultRuntimeConfig.proxyHost().isPresent()) {
            idleTimeout.setProxyOptions(new ProxyOptions().setHost(vaultRuntimeConfig.proxyHost().get()).setPort(vaultRuntimeConfig.proxyPort().intValue()));
        }
        if (vaultRuntimeConfig.nonProxyHosts().isPresent()) {
            idleTimeout.setNonProxyHosts(vaultRuntimeConfig.nonProxyHosts().get());
        }
        if (vaultRuntimeConfig.tls().skipVerify().orElseGet(() -> {
            return Boolean.valueOf(z);
        }).booleanValue()) {
            skipVerify(idleTimeout);
        } else if (vaultRuntimeConfig.tls().caCert().isPresent()) {
            cacert(idleTimeout, vaultRuntimeConfig.tls().caCert().get());
        } else if (vaultRuntimeConfig.getAuthenticationType() == VaultAuthenticationType.KUBERNETES && vaultRuntimeConfig.tls().useKubernetesCaCert()) {
            cacert(idleTimeout, VaultRuntimeConfig.KUBERNETES_CACERT);
        }
        return WebClient.create(vertx, idleTimeout);
    }

    private static void cacert(WebClientOptions webClientOptions, String str) {
        log.debug("configure tls with " + str);
        webClientOptions.setTrustOptions(new PemTrustOptions().addCertPath(str));
    }

    private static void skipVerify(WebClientOptions webClientOptions) {
        log.debug("configure tls with skip-verify");
        webClientOptions.setTrustAll(true);
        webClientOptions.setVerifyHost(false);
    }
}
