package com.azure.spring.cloud.autoconfigure.implementation.keyvault.environment;

import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.spring.cloud.autoconfigure.context.AzureGlobalProperties;
import com.azure.spring.cloud.autoconfigure.implementation.keyvault.secrets.properties.AzureKeyVaultPropertySourceProperties;
import com.azure.spring.cloud.autoconfigure.implementation.keyvault.secrets.properties.AzureKeyVaultSecretProperties;
import com.azure.spring.cloud.core.implementation.util.AzurePropertiesUtils;
import com.azure.spring.cloud.core.implementation.util.AzureSpringIdentifier;
import com.azure.spring.cloud.service.implementation.keyvault.secrets.SecretClientBuilderFactory;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.logging.Log;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.boot.logging.DeferredLog;
import org.springframework.core.Ordered;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/keyvault/environment/KeyVaultEnvironmentPostProcessor.class */
public class KeyVaultEnvironmentPostProcessor implements EnvironmentPostProcessor, Ordered {
    public static final int ORDER = -2147483637;
    private static final String SKIP_CONFIGURE_REASON_FORMAT = "Skip configuring Key Vault PropertySource because %s.";
    private final Log logger;

    public KeyVaultEnvironmentPostProcessor(Log log) {
        this.logger = log;
    }

    public KeyVaultEnvironmentPostProcessor() {
        this.logger = new DeferredLog();
    }

    public void postProcessEnvironment(ConfigurableEnvironment configurableEnvironment, SpringApplication springApplication) {
        if (!isKeyVaultClientOnClasspath()) {
            this.logger.debug(String.format(SKIP_CONFIGURE_REASON_FORMAT, "com.azure:azure-security-keyvault-secrets doesn't exist in classpath"));
            return;
        }
        AzureKeyVaultSecretProperties loadProperties = loadProperties(configurableEnvironment);
        if (!loadProperties.isPropertySourceEnabled()) {
            this.logger.debug(String.format(SKIP_CONFIGURE_REASON_FORMAT, "spring.cloud.azure.keyvault.secret.property-source-enabled=false"));
            return;
        }
        if (loadProperties.getPropertySources().isEmpty()) {
            this.logger.debug(String.format(SKIP_CONFIGURE_REASON_FORMAT, "spring.cloud.azure.keyvault.secret.property-sources is empty"));
            return;
        }
        List<KeyVaultPropertySource> buildKeyVaultPropertySourceList = buildKeyVaultPropertySourceList(loadProperties.getPropertySources());
        MutablePropertySources propertySources = configurableEnvironment.getPropertySources();
        for (int size = buildKeyVaultPropertySourceList.size() - 1; size >= 0; size--) {
            KeyVaultPropertySource keyVaultPropertySource = buildKeyVaultPropertySourceList.get(size);
            this.logger.debug("Inserting Key Vault PropertySource. name = " + keyVaultPropertySource.getName());
            if (propertySources.contains("systemEnvironment")) {
                propertySources.addAfter("systemEnvironment", keyVaultPropertySource);
            } else {
                propertySources.addFirst(keyVaultPropertySource);
            }
        }
    }

    private List<KeyVaultPropertySource> buildKeyVaultPropertySourceList(List<AzureKeyVaultPropertySourceProperties> list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties = list.get(i);
            if (!azureKeyVaultPropertySourceProperties.isEnabled()) {
                this.logger.debug(String.format(SKIP_CONFIGURE_REASON_FORMAT, "spring.cloud.azure.keyvault.secret.property-sources[" + i + "].enabled = false"));
            } else if (StringUtils.hasText(azureKeyVaultPropertySourceProperties.getEndpoint())) {
                arrayList.add(buildKeyVaultPropertySource(azureKeyVaultPropertySourceProperties));
            } else {
                this.logger.debug(String.format(SKIP_CONFIGURE_REASON_FORMAT, "spring.cloud.azure.keyvault.secret.property-sources[" + i + "].endpoint is empty"));
            }
        }
        return arrayList;
    }

    private KeyVaultPropertySource buildKeyVaultPropertySource(AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties) {
        try {
            return new KeyVaultPropertySource(azureKeyVaultPropertySourceProperties.getName(), new KeyVaultOperation(buildSecretClient(azureKeyVaultPropertySourceProperties), azureKeyVaultPropertySourceProperties.getRefreshInterval(), azureKeyVaultPropertySourceProperties.getSecretKeys(), azureKeyVaultPropertySourceProperties.isCaseSensitive()));
        } catch (Exception e) {
            throw new IllegalStateException("Failed to configure KeyVault property source", e);
        }
    }

    private SecretClient buildSecretClient(AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties) {
        return buildSecretClient(toAzureKeyVaultSecretProperties(azureKeyVaultPropertySourceProperties));
    }

    private AzureKeyVaultSecretProperties toAzureKeyVaultSecretProperties(AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties) {
        AzureKeyVaultSecretProperties azureKeyVaultSecretProperties = new AzureKeyVaultSecretProperties();
        AzurePropertiesUtils.copyAzureCommonProperties(azureKeyVaultPropertySourceProperties, azureKeyVaultSecretProperties);
        azureKeyVaultSecretProperties.setEndpoint(azureKeyVaultPropertySourceProperties.getEndpoint());
        azureKeyVaultSecretProperties.setServiceVersion(azureKeyVaultPropertySourceProperties.getServiceVersion());
        return azureKeyVaultSecretProperties;
    }

    SecretClient buildSecretClient(AzureKeyVaultSecretProperties azureKeyVaultSecretProperties) {
        SecretClientBuilderFactory secretClientBuilderFactory = new SecretClientBuilderFactory(azureKeyVaultSecretProperties);
        secretClientBuilderFactory.setSpringIdentifier(AzureSpringIdentifier.AZURE_SPRING_KEY_VAULT_SECRETS);
        return ((SecretClientBuilder) secretClientBuilderFactory.build()).buildClient();
    }

    AzureKeyVaultSecretProperties loadProperties(ConfigurableEnvironment configurableEnvironment) {
        Binder binder = Binder.get(configurableEnvironment);
        AzureGlobalProperties azureGlobalProperties = (AzureGlobalProperties) binder.bind(AzureGlobalProperties.PREFIX, Bindable.of(AzureGlobalProperties.class)).orElseGet(AzureGlobalProperties::new);
        AzureKeyVaultSecretProperties azureKeyVaultSecretProperties = (AzureKeyVaultSecretProperties) binder.bind(AzureKeyVaultSecretProperties.PREFIX, Bindable.of(AzureKeyVaultSecretProperties.class)).orElseGet(AzureKeyVaultSecretProperties::new);
        List<AzureKeyVaultPropertySourceProperties> propertySources = azureKeyVaultSecretProperties.getPropertySources();
        for (int i = 0; i < propertySources.size(); i++) {
            propertySources.set(i, buildMergedProperties(azureGlobalProperties, propertySources.get(i)));
        }
        for (int i2 = 0; i2 < propertySources.size(); i2++) {
            AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties = propertySources.get(i2);
            if (!StringUtils.hasText(azureKeyVaultPropertySourceProperties.getName())) {
                azureKeyVaultPropertySourceProperties.setName(buildPropertySourceName(i2));
            }
        }
        return azureKeyVaultSecretProperties;
    }

    private AzureKeyVaultPropertySourceProperties buildMergedProperties(AzureGlobalProperties azureGlobalProperties, AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties) {
        AzureKeyVaultPropertySourceProperties azureKeyVaultPropertySourceProperties2 = new AzureKeyVaultPropertySourceProperties();
        AzurePropertiesUtils.mergeAzureCommonProperties(azureGlobalProperties, azureKeyVaultPropertySourceProperties, azureKeyVaultPropertySourceProperties2);
        azureKeyVaultPropertySourceProperties2.setEnabled(azureKeyVaultPropertySourceProperties.isEnabled());
        azureKeyVaultPropertySourceProperties2.setName(azureKeyVaultPropertySourceProperties.getName());
        azureKeyVaultPropertySourceProperties2.setEndpoint(azureKeyVaultPropertySourceProperties.getEndpoint());
        azureKeyVaultPropertySourceProperties2.setServiceVersion(azureKeyVaultPropertySourceProperties.getServiceVersion());
        azureKeyVaultPropertySourceProperties2.setCaseSensitive(Boolean.valueOf(azureKeyVaultPropertySourceProperties.isCaseSensitive()));
        azureKeyVaultPropertySourceProperties2.setSecretKeys(azureKeyVaultPropertySourceProperties.getSecretKeys());
        azureKeyVaultPropertySourceProperties2.setRefreshInterval(azureKeyVaultPropertySourceProperties.getRefreshInterval());
        return azureKeyVaultPropertySourceProperties2;
    }

    String buildPropertySourceName(int i) {
        return "azure-key-vault-secret-property-source-" + i;
    }

    private boolean isKeyVaultClientOnClasspath() {
        return ClassUtils.isPresent("com.azure.security.keyvault.secrets.SecretClient", KeyVaultEnvironmentPostProcessor.class.getClassLoader());
    }

    public int getOrder() {
        return ORDER;
    }
}
