package io.github.jopenlibs.vault.api.pki;

import io.github.jopenlibs.vault.VaultConfig;
import io.github.jopenlibs.vault.VaultException;
import io.github.jopenlibs.vault.api.OperationsBase;
import io.github.jopenlibs.vault.json.Json;
import io.github.jopenlibs.vault.json.JsonObject;
import io.github.jopenlibs.vault.response.PkiResponse;
import io.github.jopenlibs.vault.rest.RestResponse;
import java.nio.charset.StandardCharsets;
import java.util.List;

/* loaded from: input_file:io/github/jopenlibs/vault/api/pki/Pki.class */
public class Pki extends OperationsBase {
    private final String mountPath;
    private String nameSpace;

    public Pki withNameSpace(String str) {
        this.nameSpace = str;
        return this;
    }

    public Pki(VaultConfig vaultConfig) {
        this(vaultConfig, "pki");
    }

    public Pki(VaultConfig vaultConfig, String str) {
        super(vaultConfig);
        this.mountPath = str;
        if (this.config.getNameSpace() == null || this.config.getNameSpace().isEmpty()) {
            return;
        }
        this.nameSpace = this.config.getNameSpace();
    }

    public PkiResponse createOrUpdateRole(String str) throws VaultException {
        return createOrUpdateRole(str, null);
    }

    public PkiResponse createOrUpdateRole(String str, RoleOptions roleOptions) throws VaultException {
        return (PkiResponse) retry(i -> {
            RestResponse post = getRest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).header("X-Vault-Request", "true").body(roleOptionsToJson(roleOptions).getBytes(StandardCharsets.UTF_8)).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).post();
            if (post.getStatus() == 204 || post.getStatus() == 200) {
                return new PkiResponse(post, i);
            }
            throw new VaultException("Vault responded with HTTP status code: " + post.getStatus(), post.getStatus());
        });
    }

    public PkiResponse getRole(String str) throws VaultException {
        return (PkiResponse) retry(i -> {
            RestResponse restResponse = getRest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).header("X-Vault-Request", "true").connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).get();
            if (restResponse.getStatus() == 200 || restResponse.getStatus() == 404) {
                return new PkiResponse(restResponse, i);
            }
            throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
        });
    }

    public PkiResponse revoke(String str) throws VaultException {
        return (PkiResponse) retry(i -> {
            JsonObject jsonObject = new JsonObject();
            if (str != null) {
                jsonObject.add("serial_number", str);
            }
            RestResponse post = getRest().url(String.format("%s/v1/%s/revoke", this.config.getAddress(), this.mountPath)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).header("X-Vault-Request", "true").connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).body(jsonObject.toString().getBytes(StandardCharsets.UTF_8)).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).post();
            if (post.getStatus() != 200) {
                throw new VaultException("Vault responded with HTTP status code: " + post.getStatus(), post.getStatus());
            }
            return new PkiResponse(post, i);
        });
    }

    public PkiResponse deleteRole(String str) throws VaultException {
        return (PkiResponse) retry(i -> {
            RestResponse delete = getRest().url(String.format("%s/v1/%s/roles/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).header("X-Vault-Request", "true").connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).delete();
            if (delete.getStatus() != 204) {
                throw new VaultException("Vault responded with HTTP status code: " + delete.getStatus(), delete.getStatus());
            }
            return new PkiResponse(delete, i);
        });
    }

    public PkiResponse issue(String str, String str2, List<String> list, List<String> list2, String str3, CredentialFormat credentialFormat) throws VaultException {
        return issue(str, str2, list, list2, str3, credentialFormat, "");
    }

    public PkiResponse issue(String str, String str2, List<String> list, List<String> list2, String str3, CredentialFormat credentialFormat, String str4) throws VaultException {
        return (PkiResponse) retry(i -> {
            JsonObject object = Json.object();
            if (str2 != null) {
                object.add("common_name", str2);
            }
            if (list != null && !list.isEmpty()) {
                StringBuilder sb = new StringBuilder();
                for (int i = 0; i < list.size(); i++) {
                    sb.append((String) list.get(i));
                    if (i + 1 < list.size()) {
                        sb.append(',');
                    }
                }
                object.add("alt_names", sb.toString());
            }
            if (list2 != null && !list2.isEmpty()) {
                StringBuilder sb2 = new StringBuilder();
                for (int i2 = 0; i2 < list2.size(); i2++) {
                    sb2.append((String) list2.get(i2));
                    if (i2 + 1 < list2.size()) {
                        sb2.append(',');
                    }
                }
                object.add("ip_sans", sb2.toString());
            }
            if (str3 != null) {
                object.add("ttl", str3);
            }
            if (credentialFormat != null) {
                object.add("format", credentialFormat.toString());
            }
            if (str4 != null) {
                object.add("csr", str4);
            }
            RestResponse post = getRest().url(String.format((str4 == null || str4.isEmpty()) ? "%s/v1/%s/issue/%s" : "%s/v1/%s/sign/%s", this.config.getAddress(), this.mountPath, str)).header("X-Vault-Token", this.config.getToken()).header("X-Vault-Namespace", this.nameSpace).header("X-Vault-Request", "true").body(object.toString().getBytes(StandardCharsets.UTF_8)).connectTimeoutSeconds(this.config.getOpenTimeout()).readTimeoutSeconds(this.config.getReadTimeout()).sslVerification(Boolean.valueOf(this.config.getSslConfig().isVerify())).sslContext(this.config.getSslConfig().getSslContext()).post();
            if (post.getStatus() == 200 || post.getStatus() == 404) {
                return new PkiResponse(post, i);
            }
            throw new VaultException("Vault responded with HTTP status code: " + post.getStatus() + " " + (post.getBody() != null ? new String(post.getBody()) : "(no body)"), post.getStatus());
        });
    }

    private String roleOptionsToJson(RoleOptions roleOptions) {
        JsonObject object = Json.object();
        if (roleOptions != null) {
            addJsonFieldIfNotNull(object, "ttl", roleOptions.getTtl());
            addJsonFieldIfNotNull(object, "max_ttl", roleOptions.getMaxTtl());
            addJsonFieldIfNotNull(object, "allow_localhost", roleOptions.getAllowLocalhost());
            if (roleOptions.getAllowedDomains() != null && roleOptions.getAllowedDomains().size() > 0) {
                addJsonFieldIfNotNull(object, "allowed_domains", String.join(",", roleOptions.getAllowedDomains()));
            }
            addJsonFieldIfNotNull(object, "allow_spiffe_name", roleOptions.getAllowSpiffename());
            addJsonFieldIfNotNull(object, "allow_bare_domains", roleOptions.getAllowBareDomains());
            addJsonFieldIfNotNull(object, "allow_subdomains", roleOptions.getAllowSubdomains());
            addJsonFieldIfNotNull(object, "allow_any_name", roleOptions.getAllowAnyName());
            addJsonFieldIfNotNull(object, "enforce_hostnames", roleOptions.getEnforceHostnames());
            addJsonFieldIfNotNull(object, "allow_ip_sans", roleOptions.getAllowIpSans());
            addJsonFieldIfNotNull(object, "server_flag", roleOptions.getServerFlag());
            addJsonFieldIfNotNull(object, "client_flag", roleOptions.getClientFlag());
            addJsonFieldIfNotNull(object, "code_signing_flag", roleOptions.getCodeSigningFlag());
            addJsonFieldIfNotNull(object, "email_protection_flag", roleOptions.getEmailProtectionFlag());
            addJsonFieldIfNotNull(object, "key_type", roleOptions.getKeyType());
            addJsonFieldIfNotNull(object, "key_bits", roleOptions.getKeyBits());
            addJsonFieldIfNotNull(object, "use_csr_common_name", roleOptions.getUseCsrCommonName());
            addJsonFieldIfNotNull(object, "use_csr_sans", roleOptions.getUseCsrSans());
            if (roleOptions.getKeyUsage() != null && roleOptions.getKeyUsage().size() > 0) {
                addJsonFieldIfNotNull(object, "key_usage", String.join(",", roleOptions.getKeyUsage()));
            }
        }
        return object.toString();
    }

    private JsonObject addJsonFieldIfNotNull(JsonObject jsonObject, String str, Object obj) {
        if (obj == null) {
            return jsonObject;
        }
        if (obj instanceof String) {
            jsonObject.add(str, (String) obj);
        } else if (obj instanceof Boolean) {
            jsonObject.add(str, ((Boolean) obj).booleanValue());
        } else if (obj instanceof Long) {
            jsonObject.add(str, ((Long) obj).longValue());
        }
        return jsonObject;
    }
}
