package io.quarkus.vault.runtime;

import io.quarkus.credentials.CredentialsProvider;
import io.quarkus.vault.VaultException;
import io.quarkus.vault.VaultKVSecretEngine;
import io.quarkus.vault.runtime.config.CredentialsProviderConfig;
import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.util.HashMap;
import java.util.Map;

@ApplicationScoped
@Named("vault-credentials-provider")
/* loaded from: input_file:io/quarkus/vault/runtime/VaultCredentialsProvider.class */
public class VaultCredentialsProvider implements CredentialsProvider {

    @Inject
    VaultKVSecretEngine vaultKVSecretEngine;

    @Inject
    VaultDynamicCredentialsManager vaultDynamicCredentialsManager;

    @Inject
    VaultConfigHolder vaultConfigHolder;

    public Map<String, String> getCredentials(String str) {
        VaultRuntimeConfig config = getConfig();
        if (config == null) {
            throw new VaultException("missing Vault configuration required for credentials providers with name " + str);
        }
        CredentialsProviderConfig credentialsProviderConfig = config.credentialsProvider().get(str);
        if (credentialsProviderConfig == null) {
            throw new VaultException("unknown credentials provider with name " + str);
        }
        if (credentialsProviderConfig.databaseCredentialsRole().isPresent()) {
            return (Map) this.vaultDynamicCredentialsManager.getDynamicCredentials(CredentialsProviderConfig.DATABASE_DEFAULT_MOUNT, CredentialsProviderConfig.DEFAULT_REQUEST_PATH, credentialsProviderConfig.databaseCredentialsRole().get()).await().indefinitely();
        }
        if (credentialsProviderConfig.credentialsRole().isPresent()) {
            return (Map) this.vaultDynamicCredentialsManager.getDynamicCredentials(credentialsProviderConfig.credentialsMount(), credentialsProviderConfig.credentialsRequestPath(), credentialsProviderConfig.credentialsRole().get()).await().indefinitely();
        }
        if (!credentialsProviderConfig.kvPath().isPresent()) {
            throw new VaultException("one of database-credentials-role or kv-path is required on credentials provider " + str);
        }
        String str2 = this.vaultKVSecretEngine.readSecret(credentialsProviderConfig.kvPath().get()).get(credentialsProviderConfig.kvKey());
        HashMap hashMap = new HashMap();
        hashMap.put(VaultAuthManager.USERPASS_WRAPPING_TOKEN_PASSWORD_KEY, str2);
        return hashMap;
    }

    private VaultRuntimeConfig getConfig() {
        return this.vaultConfigHolder.getVaultRuntimeConfig();
    }
}
