package org.springframework.vault.authentication;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.client.VaultResponses;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/KubernetesAuthentication.class */
public class KubernetesAuthentication implements ClientAuthentication, AuthenticationStepsFactory {
    private static final Log logger = LogFactory.getLog(KubernetesAuthentication.class);
    private final KubernetesAuthenticationOptions options;
    private final RestOperations restOperations;

    public KubernetesAuthentication(KubernetesAuthenticationOptions kubernetesAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(kubernetesAuthenticationOptions, "KubeAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.options = kubernetesAuthenticationOptions;
        this.restOperations = restOperations;
    }

    public static AuthenticationSteps createAuthenticationSteps(KubernetesAuthenticationOptions kubernetesAuthenticationOptions) {
        Assert.notNull(kubernetesAuthenticationOptions, "CubbyholeAuthenticationOptions must not be null");
        String str = kubernetesAuthenticationOptions.getJwtSupplier().get();
        return AuthenticationSteps.fromSupplier(() -> {
            return getKubernetesLogin(kubernetesAuthenticationOptions.getRole(), str);
        }).login("auth/{mount}/login", kubernetesAuthenticationOptions.getPath());
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() throws VaultException {
        try {
            VaultResponse vaultResponse = (VaultResponse) this.restOperations.postForObject("auth/{mount}/login", getKubernetesLogin(this.options.getRole(), this.options.getJwtSupplier().get()), VaultResponse.class, new Object[]{this.options.getPath()});
            Assert.state((vaultResponse == null || vaultResponse.getAuth() == null) ? false : true, "Auth field must not be null");
            logger.debug("Login successful using Kubernetes authentication");
            return LoginTokenUtil.from(vaultResponse.getAuth());
        } catch (HttpStatusCodeException e) {
            throw new VaultException(String.format("Cannot login using kubernetes: %s", VaultResponses.getError(e.getResponseBodyAsString())));
        }
    }

    @Override // org.springframework.vault.authentication.AuthenticationStepsFactory
    public AuthenticationSteps getAuthenticationSteps() {
        return createAuthenticationSteps(this.options);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, String> getKubernetesLogin(String str, String str2) {
        Assert.hasText(str, "Role must not be empty");
        Assert.hasText(str, "JWT must not be empty");
        HashMap hashMap = new HashMap();
        hashMap.put("jwt", str2);
        hashMap.put("role", str);
        return hashMap;
    }
}
