package org.openmetadata.service.secrets;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.azure.security.keyvault.secrets.models.SecretProperties;
import java.util.regex.Pattern;
import org.apache.logging.log4j.util.Strings;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.service.exception.SecretsManagerException;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.security.auth.BotTokenCache;

/* loaded from: input_file:org/openmetadata/service/secrets/AzureKVSecretsManager.class */
public class AzureKVSecretsManager extends ExternalSecretsManager {
    private static AzureKVSecretsManager instance = null;
    private SecretClient client;
    public static final String CLIENT_ID = "clientId";
    public static final String CLIENT_SECRET = "clientSecret";
    public static final String TENANT_ID = "tenantId";
    public static final String VAULT_NAME = "vaultName";

    private AzureKVSecretsManager(SecretsManagerProvider secretsManagerProvider, SecretsManager.SecretsConfig secretsConfig) {
        super(secretsManagerProvider, secretsConfig, 100L);
        String str = (String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(VAULT_NAME, BotTokenCache.EMPTY_STRING);
        if (Strings.isBlank(str)) {
            throw new SecretsManagerException("Using Azure Secrets Manager we found a missing or empty `vaultName` parameter. Review your configuration. ");
        }
        this.client = new SecretClientBuilder().vaultUrl(String.format("https://%s.vault.azure.net/", str)).credential(buildAzureCredentials(secretsConfig)).buildClient();
    }

    private TokenCredential buildAzureCredentials(SecretsManager.SecretsConfig secretsConfig) {
        if (secretsConfig == null || secretsConfig.parameters() == null || Strings.isBlank((String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(TENANT_ID, BotTokenCache.EMPTY_STRING))) {
            return new DefaultAzureCredentialBuilder().build();
        }
        String str = (String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(CLIENT_ID, BotTokenCache.EMPTY_STRING);
        String str2 = (String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(CLIENT_SECRET, BotTokenCache.EMPTY_STRING);
        return new ClientSecretCredentialBuilder().clientId(str).clientSecret(str2).tenantId((String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(TENANT_ID, BotTokenCache.EMPTY_STRING)).build();
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    protected SecretsManager.SecretsIdConfig builSecretsIdConfig() {
        return new SecretsManager.SecretsIdConfig("-", Boolean.FALSE, BotTokenCache.EMPTY_STRING, Pattern.compile("[^A-Za-z0-9\\-]"));
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    void storeSecret(String str, String str2) {
        this.client.setSecret(new KeyVaultSecret(str, cleanNullOrEmpty(str2)).setProperties(new SecretProperties().setTags(SecretsManager.getTags(getSecretsConfig()))));
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    void updateSecret(String str, String str2) {
        storeSecret(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.openmetadata.service.secrets.SecretsManager
    public String getSecret(String str) {
        return this.client.getSecret(str).getValue();
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    protected void deleteSecretInternal(String str) {
        this.client.beginDeleteSecret(str).waitForCompletion();
    }

    public static AzureKVSecretsManager getInstance(SecretsManager.SecretsConfig secretsConfig) {
        if (instance == null) {
            instance = new AzureKVSecretsManager(SecretsManagerProvider.MANAGED_AZURE_KV, secretsConfig);
        }
        return instance;
    }
}
