package org.springframework.cloud.vault.config;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.bootstrap.config.PropertySourceLocator;
import org.springframework.cloud.vault.config.VaultBootstrapConfiguration;
import org.springframework.cloud.vault.config.VaultProperties;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.vault.core.VaultOperations;
import org.springframework.vault.core.lease.SecretLeaseContainer;

@EnableConfigurationProperties({VaultGenericBackendProperties.class, VaultKeyValueBackendProperties.class})
@Configuration
@ConditionalOnProperty(name = {"spring.cloud.vault.enabled"}, matchIfMissing = true)
@Order(2147483637)
/* loaded from: input_file:org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.class */
public class VaultBootstrapPropertySourceConfiguration implements InitializingBean {
    private final ConfigurableApplicationContext applicationContext;
    private Collection<VaultSecretBackendDescriptor> vaultSecretBackendDescriptors;
    private Collection<SecretBackendMetadataFactory<? super VaultSecretBackendDescriptor>> factories;

    public VaultBootstrapPropertySourceConfiguration(ConfigurableApplicationContext configurableApplicationContext) {
        this.applicationContext = configurableApplicationContext;
    }

    public void afterPropertiesSet() {
        this.vaultSecretBackendDescriptors = this.applicationContext.getBeansOfType(VaultSecretBackendDescriptor.class).values();
        this.factories = this.applicationContext.getBeansOfType(SecretBackendMetadataFactory.class).values();
    }

    @Bean
    public PropertySourceLocator vaultPropertySourceLocator(VaultOperations vaultOperations, VaultProperties vaultProperties, VaultKeyValueBackendProperties vaultKeyValueBackendProperties, VaultGenericBackendProperties vaultGenericBackendProperties, ObjectFactory<SecretLeaseContainer> objectFactory) {
        VaultConfigTemplate vaultConfigTemplate = new VaultConfigTemplate(vaultOperations, vaultProperties);
        PropertySourceLocatorConfiguration propertySourceConfiguration = getPropertySourceConfiguration(Arrays.asList(vaultKeyValueBackendProperties, vaultGenericBackendProperties));
        VaultProperties.Lifecycle lifecycle = vaultProperties.getConfig().getLifecycle();
        if (!lifecycle.isEnabled()) {
            return new VaultPropertySourceLocator(vaultConfigTemplate, vaultProperties, propertySourceConfiguration);
        }
        this.applicationContext.registerShutdownHook();
        SecretLeaseContainer secretLeaseContainer = (SecretLeaseContainer) objectFactory.getObject();
        if (lifecycle.getMinRenewal() != null) {
            secretLeaseContainer.setMinRenewal(lifecycle.getMinRenewal());
        }
        if (lifecycle.getExpiryThreshold() != null) {
            secretLeaseContainer.setExpiryThreshold(lifecycle.getExpiryThreshold());
        }
        if (lifecycle.getLeaseEndpoints() != null) {
            secretLeaseContainer.setLeaseEndpoints(lifecycle.getLeaseEndpoints());
        }
        secretLeaseContainer.start();
        return new LeasingVaultPropertySourceLocator(vaultProperties, propertySourceConfiguration, secretLeaseContainer);
    }

    private PropertySourceLocatorConfiguration getPropertySourceConfiguration(List<VaultKeyValueBackendPropertiesSupport> list) {
        Collection values = this.applicationContext.getBeansOfType(VaultConfigurer.class).values();
        DefaultSecretBackendConfigurer defaultSecretBackendConfigurer = new DefaultSecretBackendConfigurer();
        if (values.isEmpty()) {
            defaultSecretBackendConfigurer.registerDefaultGenericSecretBackends(true).registerDefaultDiscoveredSecretBackends(true);
        } else {
            Iterator it = values.iterator();
            while (it.hasNext()) {
                ((VaultConfigurer) it.next()).addSecretBackends(defaultSecretBackendConfigurer);
            }
        }
        if (defaultSecretBackendConfigurer.isRegisterDefaultGenericSecretBackends()) {
            for (VaultKeyValueBackendPropertiesSupport vaultKeyValueBackendPropertiesSupport : list) {
                if (vaultKeyValueBackendPropertiesSupport.isEnabled()) {
                    List<String> buildContexts = KeyValueSecretBackendMetadata.buildContexts(vaultKeyValueBackendPropertiesSupport, Arrays.asList(this.applicationContext.getEnvironment().getActiveProfiles()));
                    if ((vaultKeyValueBackendPropertiesSupport instanceof VaultKeyValueBackendProperties) && ((VaultKeyValueBackendProperties) vaultKeyValueBackendPropertiesSupport).getBackendVersion() == 2) {
                        Iterator<String> it2 = buildContexts.iterator();
                        while (it2.hasNext()) {
                            defaultSecretBackendConfigurer.add(KeyValueSecretBackendMetadata.create(vaultKeyValueBackendPropertiesSupport.getBackend(), it2.next()));
                        }
                    } else {
                        Iterator<String> it3 = buildContexts.iterator();
                        while (it3.hasNext()) {
                            defaultSecretBackendConfigurer.add(GenericSecretBackendMetadata.create(vaultKeyValueBackendPropertiesSupport.getBackend(), it3.next()));
                        }
                    }
                }
            }
            Collection<SecretBackendMetadata> createSecretBackendMetadata = SecretBackendFactories.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
            defaultSecretBackendConfigurer.getClass();
            createSecretBackendMetadata.forEach(defaultSecretBackendConfigurer::add);
        }
        if (defaultSecretBackendConfigurer.isRegisterDefaultDiscoveredSecretBackends()) {
            Collection<SecretBackendMetadata> createSecretBackendMetadata2 = SecretBackendFactories.createSecretBackendMetadata(this.vaultSecretBackendDescriptors, this.factories);
            defaultSecretBackendConfigurer.getClass();
            createSecretBackendMetadata2.forEach(defaultSecretBackendConfigurer::add);
        }
        return defaultSecretBackendConfigurer;
    }

    @ConditionalOnMissingBean
    @Bean
    @Lazy
    public SecretLeaseContainer secretLeaseContainer(VaultOperations vaultOperations, VaultBootstrapConfiguration.TaskSchedulerWrapper taskSchedulerWrapper) {
        return new SecretLeaseContainer(vaultOperations, taskSchedulerWrapper.getTaskScheduler());
    }
}
