package com.microsoft.azure.keyvault.spring;

import com.azure.core.credential.TokenCredential;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.identity.ClientCertificateCredentialBuilder;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.microsoft.azure.telemetry.TelemetryData;
import com.microsoft.azure.telemetry.TelemetrySender;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/microsoft/azure/keyvault/spring/KeyVaultEnvironmentPostProcessorHelper.class */
class KeyVaultEnvironmentPostProcessorHelper {
    private static final Logger log = LoggerFactory.getLogger(KeyVaultEnvironmentPostProcessorHelper.class);
    private final ConfigurableEnvironment environment;

    public KeyVaultEnvironmentPostProcessorHelper(ConfigurableEnvironment configurableEnvironment) {
        this.environment = configurableEnvironment;
        sendTelemetry();
    }

    public void addKeyVaultPropertySource() {
        String property = getProperty(this.environment, Constants.AZURE_KEYVAULT_VAULT_URI);
        Long l = (Long) Optional.ofNullable(this.environment.getProperty(Constants.AZURE_KEYVAULT_REFRESH_INTERVAL)).map(Long::valueOf).orElse(Long.valueOf(Constants.DEFAULT_REFRESH_INTERVAL_MS));
        List list = (List) Binder.get(this.environment).bind(Constants.AZURE_KEYVAULT_SECRET_KEYS, Bindable.listOf(String.class)).orElse(Collections.emptyList());
        SecretClient buildClient = new SecretClientBuilder().vaultUrl(property).credential(getCredentials()).httpLogOptions(new HttpLogOptions().setApplicationId(Constants.SPRINGBOOT_KEY_VAULT_APPLICATION_ID)).buildClient();
        try {
            MutablePropertySources propertySources = this.environment.getPropertySources();
            KeyVaultOperation keyVaultOperation = new KeyVaultOperation(buildClient, property, l.longValue(), list);
            if (propertySources.contains("systemEnvironment")) {
                propertySources.addAfter("systemEnvironment", new KeyVaultPropertySource(keyVaultOperation));
            } else {
                propertySources.addFirst(new KeyVaultPropertySource(keyVaultOperation));
            }
        } catch (Exception e) {
            throw new IllegalStateException("Failed to configure KeyVault property source", e);
        }
    }

    public TokenCredential getCredentials() {
        if (this.environment.containsProperty(Constants.AZURE_KEYVAULT_CLIENT_ID) && this.environment.containsProperty(Constants.AZURE_KEYVAULT_CLIENT_KEY) && this.environment.containsProperty(Constants.AZURE_KEYVAULT_TENANT_ID)) {
            log.debug("Will use custom credentials");
            String property = getProperty(this.environment, Constants.AZURE_KEYVAULT_CLIENT_ID);
            return new ClientSecretCredentialBuilder().clientId(property).clientSecret(getProperty(this.environment, Constants.AZURE_KEYVAULT_CLIENT_KEY)).tenantId(getProperty(this.environment, Constants.AZURE_KEYVAULT_TENANT_ID)).build();
        }
        if (this.environment.containsProperty(Constants.AZURE_KEYVAULT_CLIENT_ID) && this.environment.containsProperty(Constants.AZURE_KEYVAULT_CERTIFICATE_PATH) && this.environment.containsProperty(Constants.AZURE_KEYVAULT_TENANT_ID)) {
            String property2 = this.environment.getProperty(Constants.AZURE_KEYVAULT_CERTIFICATE_PASSWORD);
            String property3 = getProperty(this.environment, Constants.AZURE_KEYVAULT_CERTIFICATE_PATH);
            return StringUtils.isEmpty(property2) ? new ClientCertificateCredentialBuilder().tenantId(getProperty(this.environment, Constants.AZURE_KEYVAULT_TENANT_ID)).clientId(getProperty(this.environment, Constants.AZURE_KEYVAULT_CLIENT_ID)).pemCertificate(property3).build() : new ClientCertificateCredentialBuilder().tenantId(getProperty(this.environment, Constants.AZURE_KEYVAULT_TENANT_ID)).clientId(getProperty(this.environment, Constants.AZURE_KEYVAULT_CLIENT_ID)).pfxCertificate(property3, property2).build();
        }
        if (this.environment.containsProperty(Constants.AZURE_KEYVAULT_CLIENT_ID)) {
            log.debug("Will use MSI credentials with specified clientId");
            return new ManagedIdentityCredentialBuilder().clientId(getProperty(this.environment, Constants.AZURE_KEYVAULT_CLIENT_ID)).build();
        }
        log.debug("Will use MSI credentials");
        return new ManagedIdentityCredentialBuilder().build();
    }

    private String getProperty(ConfigurableEnvironment configurableEnvironment, String str) {
        Assert.notNull(configurableEnvironment, "env must not be null!");
        Assert.notNull(str, "propertyName must not be null!");
        String property = configurableEnvironment.getProperty(str);
        if (property == null || property.isEmpty()) {
            throw new IllegalArgumentException("property " + str + " must not be null");
        }
        return property;
    }

    private boolean allowTelemetry(ConfigurableEnvironment configurableEnvironment) {
        Assert.notNull(configurableEnvironment, "env must not be null!");
        return ((Boolean) configurableEnvironment.getProperty(Constants.AZURE_KEYVAULT_ALLOW_TELEMETRY, Boolean.class, true)).booleanValue();
    }

    private void sendTelemetry() {
        if (allowTelemetry(this.environment)) {
            HashMap hashMap = new HashMap();
            TelemetrySender telemetrySender = new TelemetrySender();
            hashMap.put(TelemetryData.SERVICE_NAME, TelemetryData.getClassPackageSimpleName(KeyVaultEnvironmentPostProcessorHelper.class));
            telemetrySender.send(ClassUtils.getUserClass(getClass()).getSimpleName(), hashMap);
        }
    }
}
