package org.springframework.cloud.vault.config;

import java.util.HashMap;
import java.util.Map;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.LoginToken;
import org.springframework.vault.client.VaultResponses;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/cloud/vault/config/KubernetesAuthentication.class */
class KubernetesAuthentication implements ClientAuthentication {
    private final KubernetesAuthenticationOptions options;
    private final RestOperations restOperations;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KubernetesAuthentication(KubernetesAuthenticationOptions kubernetesAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(kubernetesAuthenticationOptions, "KubeAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.options = kubernetesAuthenticationOptions;
        this.restOperations = restOperations;
    }

    public VaultToken login() throws VaultException {
        try {
            VaultResponse vaultResponse = (VaultResponse) this.restOperations.postForObject("auth/{mount}/login", getKubernetesLogin(this.options.getRole(), this.options.getJwtSupplier().get()), VaultResponse.class, new Object[]{this.options.getPath()});
            Assert.state((vaultResponse == null || vaultResponse.getAuth() == null) ? false : true, "Auth field must not be null");
            return from(vaultResponse.getAuth());
        } catch (HttpStatusCodeException e) {
            throw new VaultException(String.format("Cannot login using kubernetes: %s", VaultResponses.getError(e.getResponseBodyAsString())));
        }
    }

    private static LoginToken from(Map<String, Object> map) {
        String str = (String) map.get("client_token");
        Boolean bool = (Boolean) map.get("renewable");
        Number number = (Number) map.get("lease_duration");
        return (bool == null || !bool.booleanValue()) ? number != null ? LoginToken.of(str, number.longValue()) : LoginToken.of(str) : LoginToken.renewable(str, number.longValue());
    }

    private static Map<String, String> getKubernetesLogin(String str, String str2) {
        Assert.hasText(str, "Role must not be empty");
        Assert.hasText(str, "JWT must not be empty");
        HashMap hashMap = new HashMap();
        hashMap.put("jwt", str2);
        hashMap.put("role", str);
        return hashMap;
    }
}
