package org.springframework.vault.authentication;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.client.VaultHttpHeaders;
import org.springframework.vault.client.VaultResponses;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/CubbyholeAuthentication.class */
public class CubbyholeAuthentication implements ClientAuthentication {
    private static final Log logger = LogFactory.getLog(CubbyholeAuthentication.class);
    private final CubbyholeAuthenticationOptions options;
    private final RestOperations restOperations;

    public CubbyholeAuthentication(CubbyholeAuthenticationOptions cubbyholeAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(cubbyholeAuthenticationOptions, "CubbyholeAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.options = cubbyholeAuthenticationOptions;
        this.restOperations = restOperations;
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() throws VaultException {
        VaultToken token = getToken(lookupToken());
        if (shouldEnhanceTokenWithSelfLookup(token)) {
            token = new LoginTokenAdapter(new TokenAuthentication(token), this.restOperations).login();
        }
        logger.debug("Login successful using Cubbyhole authentication");
        return token;
    }

    private Map<String, Object> lookupToken() {
        try {
            return ((VaultResponse) this.restOperations.exchange(this.options.getPath(), HttpMethod.GET, new HttpEntity(VaultHttpHeaders.from(this.options.getInitialToken())), VaultResponse.class, new Object[0]).getBody()).getData();
        } catch (HttpStatusCodeException e) {
            throw new VaultException(String.format("Cannot retrieve Token from Cubbyhole: %s %s", e.getStatusCode(), VaultResponses.getError(e.getResponseBodyAsString())));
        }
    }

    private boolean shouldEnhanceTokenWithSelfLookup(VaultToken vaultToken) {
        if (this.options.isSelfLookup()) {
            return ((vaultToken instanceof LoginToken) && ((LoginToken) vaultToken).getLeaseDuration() == 0) ? false : true;
        }
        return false;
    }

    private VaultToken getToken(Map<String, Object> map) {
        if (this.options.isWrappedToken()) {
            return LoginTokenUtil.from(((VaultResponse) VaultResponses.unwrap((String) map.get("response"), VaultResponse.class)).getAuth());
        }
        if (map == null || map.isEmpty()) {
            throw new VaultException(String.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain a token", this.options.getPath()));
        }
        if (map.size() == 1) {
            return VaultToken.of((String) map.get(map.keySet().iterator().next()));
        }
        throw new VaultException(String.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain an unique token", this.options.getPath()));
    }
}
