package com.microsoft.azure.keyvault.spring;

import com.azure.core.credential.TokenCredential;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.identity.ClientCertificateCredentialBuilder;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.microsoft.azure.keyvault.spring.KeyVaultProperties;
import com.microsoft.azure.telemetry.TelemetryData;
import com.microsoft.azure.telemetry.TelemetrySender;
import com.microsoft.azure.utils.ApplicationId;
import com.microsoft.azure.utils.Constants;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/microsoft/azure/keyvault/spring/KeyVaultEnvironmentPostProcessorHelper.class */
class KeyVaultEnvironmentPostProcessorHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyVaultEnvironmentPostProcessorHelper.class);
    private final ConfigurableEnvironment environment;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultEnvironmentPostProcessorHelper(ConfigurableEnvironment configurableEnvironment) {
        this.environment = configurableEnvironment;
        Assert.notNull(configurableEnvironment, "environment must not be null!");
        sendTelemetry();
    }

    public void addKeyVaultPropertySource(String str) {
        String propertyValue = getPropertyValue(str, KeyVaultProperties.Property.URI);
        Assert.notNull(propertyValue, "vaultUri must not be null!");
        Long l = (Long) Optional.ofNullable(getPropertyValue(str, KeyVaultProperties.Property.REFRESH_INTERVAL)).map(Long::valueOf).orElse(Long.valueOf(Constants.DEFAULT_REFRESH_INTERVAL_MS));
        List list = (List) Binder.get(this.environment).bind(KeyVaultProperties.getPropertyName(str, KeyVaultProperties.Property.SECRET_KEYS), Bindable.listOf(String.class)).orElse(Collections.emptyList());
        SecretClient buildClient = new SecretClientBuilder().vaultUrl(propertyValue).credential(getCredentials(str)).httpLogOptions(new HttpLogOptions().setApplicationId(ApplicationId.AZURE_SPRING_KEY_VAULT)).buildClient();
        try {
            MutablePropertySources propertySources = this.environment.getPropertySources();
            KeyVaultPropertySource keyVaultPropertySource = new KeyVaultPropertySource((String) Optional.of(str).map((v0) -> {
                return v0.trim();
            }).filter(str2 -> {
                return !str2.isEmpty();
            }).orElse(Constants.AZURE_KEYVAULT_PROPERTYSOURCE_NAME), new KeyVaultOperation(buildClient, l.longValue(), list, Boolean.parseBoolean(getPropertyValue(str, KeyVaultProperties.Property.CASE_SENSITIVE_KEYS))));
            if (propertySources.contains("systemEnvironment")) {
                propertySources.addAfter("systemEnvironment", keyVaultPropertySource);
            } else {
                propertySources.addFirst(keyVaultPropertySource);
            }
        } catch (Exception e) {
            throw new IllegalStateException("Failed to configure KeyVault property source", e);
        }
    }

    public TokenCredential getCredentials() {
        return getCredentials("");
    }

    public TokenCredential getCredentials(String str) {
        String propertyValue = getPropertyValue(str, KeyVaultProperties.Property.CLIENT_ID);
        String propertyValue2 = getPropertyValue(str, KeyVaultProperties.Property.CLIENT_KEY);
        String propertyValue3 = getPropertyValue(str, KeyVaultProperties.Property.TENANT_ID);
        String propertyValue4 = getPropertyValue(str, KeyVaultProperties.Property.CERTIFICATE_PATH);
        String propertyValue5 = getPropertyValue(str, KeyVaultProperties.Property.CERTIFICATE_PASSWORD);
        if (propertyValue != null && propertyValue3 != null && propertyValue2 != null) {
            LOGGER.debug("Will use custom credentials");
            return new ClientSecretCredentialBuilder().clientId(propertyValue).clientSecret(propertyValue2).tenantId(propertyValue3).build();
        }
        if (propertyValue != null && propertyValue3 != null && propertyValue4 != null) {
            return StringUtils.isEmpty(propertyValue5) ? new ClientCertificateCredentialBuilder().tenantId(propertyValue3).clientId(propertyValue).pemCertificate(propertyValue4).build() : new ClientCertificateCredentialBuilder().tenantId(propertyValue3).clientId(propertyValue).pfxCertificate(propertyValue4, propertyValue5).build();
        }
        if (propertyValue != null) {
            LOGGER.debug("Will use MSI credentials with specified clientId");
            return new ManagedIdentityCredentialBuilder().clientId(propertyValue).build();
        }
        LOGGER.debug("Will use MSI credentials");
        return new ManagedIdentityCredentialBuilder().build();
    }

    private String getPropertyValue(KeyVaultProperties.Property property) {
        Optional map = Optional.of(property).map(KeyVaultProperties::getPropertyName);
        ConfigurableEnvironment configurableEnvironment = this.environment;
        Objects.requireNonNull(configurableEnvironment);
        return (String) map.map(configurableEnvironment::getProperty).orElse(null);
    }

    private String getPropertyValue(String str, KeyVaultProperties.Property property) {
        Optional of = Optional.of(KeyVaultProperties.getPropertyName(str, property));
        ConfigurableEnvironment configurableEnvironment = this.environment;
        Objects.requireNonNull(configurableEnvironment);
        return (String) of.map(configurableEnvironment::getProperty).orElse(null);
    }

    private boolean allowTelemetry() {
        return Boolean.parseBoolean(getPropertyValue(KeyVaultProperties.Property.ALLOW_TELEMETRY));
    }

    private void sendTelemetry() {
        if (allowTelemetry()) {
            HashMap hashMap = new HashMap();
            TelemetrySender telemetrySender = new TelemetrySender();
            hashMap.put(TelemetryData.SERVICE_NAME, TelemetryData.getClassPackageSimpleName(KeyVaultEnvironmentPostProcessorHelper.class));
            telemetrySender.send(ClassUtils.getUserClass(getClass()).getSimpleName(), hashMap);
        }
    }
}
