package org.wso2.cloud.secrets.utils;

import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.security.keyvault.certificates.CertificateClient;
import com.azure.security.keyvault.certificates.CertificateClientBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.nimbusds.jose.util.X509CertUtils;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import org.wso2.cloud.secrets.exception.EncryptionException;
import org.wso2.cloud.secrets.model.InputSecretIdentifiers;
import org.wso2.cloud.secrets.model.Secret;

/* loaded from: input_file:org/wso2/cloud/secrets/utils/AzureKeyVaultUtils.class */
public class AzureKeyVaultUtils {
    public static List<Secret> retrievePlainTextSecrets(InputSecretIdentifiers inputSecretIdentifiers, SecretClient secretClient) {
        if (inputSecretIdentifiers == null) {
            throw new EncryptionException("No input secret data");
        }
        ArrayList arrayList = new ArrayList();
        inputSecretIdentifiers.getSecrets().forEach(inputSecretIdentifier -> {
            arrayList.add(new Secret(inputSecretIdentifier.getIdentifier(), secretClient.getSecret(inputSecretIdentifier.getIdentifier(), inputSecretIdentifier.getVersion()).getValue()));
        });
        return arrayList;
    }

    public static void pushSecretsToAzureKeyVault(List<Secret> list, SecretClient secretClient) {
        if (list == null) {
            throw new EncryptionException("No secrets to push to Azure Key Vault. List of secrets cannot be null.");
        }
        list.forEach(secret -> {
            secretClient.setSecret(new KeyVaultSecret(secret.getIdentifier(), secret.getEncryptedPassword()));
        });
    }

    public static String getPublicKeyForEncryption(CertificateClient certificateClient) {
        return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.getEncoder().encode(certificateClient.getCertificate(System.getProperty("org.wso2.cloud.vault.encryption.key")).getCer()), StandardCharsets.UTF_8) + "\n" + X509CertUtils.PEM_END_MARKER;
    }

    public static SecretClient createSecretClient(String str) {
        return new SecretClientBuilder().vaultUrl("https://" + str + ".vault.azure.net").credential(createClientSecretCredential()).buildClient();
    }

    public static CertificateClient createCertificateClient(String str) {
        return new CertificateClientBuilder().vaultUrl("https://" + str + ".vault.azure.net").credential(createClientSecretCredential()).buildClient();
    }

    private static ClientSecretCredential createClientSecretCredential() {
        String property = System.getProperty("org.wso2.cloud.vault.sp.id");
        String property2 = System.getProperty("org.wso2.cloud.vault.sp.key");
        return new ClientSecretCredentialBuilder().clientId(property).clientSecret(property2).tenantId(System.getProperty("org.wso2.cloud.vault.tenant.id")).build();
    }
}
