package org.springframework.vault.authentication;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.authentication.AuthenticationSteps;
import org.springframework.vault.client.VaultHttpHeaders;
import org.springframework.vault.client.VaultResponses;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/CubbyholeAuthentication.class */
public class CubbyholeAuthentication implements ClientAuthentication, AuthenticationStepsFactory {
    private static final Log logger = LogFactory.getLog(CubbyholeAuthentication.class);
    private final CubbyholeAuthenticationOptions options;
    private final RestOperations restOperations;

    public CubbyholeAuthentication(CubbyholeAuthenticationOptions cubbyholeAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(cubbyholeAuthenticationOptions, "CubbyholeAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.options = cubbyholeAuthenticationOptions;
        this.restOperations = restOperations;
    }

    public static AuthenticationSteps createAuthenticationSteps(CubbyholeAuthenticationOptions cubbyholeAuthenticationOptions) {
        Assert.notNull(cubbyholeAuthenticationOptions, "CubbyholeAuthenticationOptions must not be null");
        return AuthenticationSteps.fromHttpRequest(AuthenticationSteps.HttpRequestBuilder.get(cubbyholeAuthenticationOptions.getPath(), new String[0]).with(VaultHttpHeaders.from(cubbyholeAuthenticationOptions.getInitialToken())).as(VaultResponse.class)).map((v0) -> {
            return v0.getData();
        }).login(map -> {
            return getToken(cubbyholeAuthenticationOptions, map);
        });
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() throws VaultException {
        VaultToken token = getToken(this.options, lookupToken());
        if (shouldEnhanceTokenWithSelfLookup(token)) {
            token = new LoginTokenAdapter(new TokenAuthentication(token), this.restOperations).login();
        }
        logger.debug("Login successful using Cubbyhole authentication");
        return token;
    }

    @Override // org.springframework.vault.authentication.AuthenticationStepsFactory
    public AuthenticationSteps getAuthenticationSteps() {
        return createAuthenticationSteps(this.options);
    }

    @Nullable
    private Map<String, Object> lookupToken() {
        try {
            ResponseEntity exchange = this.restOperations.exchange(this.options.getPath(), HttpMethod.GET, new HttpEntity(VaultHttpHeaders.from(this.options.getInitialToken())), VaultResponse.class, new Object[0]);
            Assert.state(exchange.getBody() != null, "Auth response must not be null");
            return ((VaultResponse) exchange.getBody()).getData();
        } catch (RestClientException e) {
            throw VaultLoginException.create("Cubbyhole", e);
        }
    }

    private boolean shouldEnhanceTokenWithSelfLookup(VaultToken vaultToken) {
        if (this.options.isSelfLookup()) {
            return ((vaultToken instanceof LoginToken) && ((LoginToken) vaultToken).getLeaseDuration().isZero()) ? false : true;
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static VaultToken getToken(CubbyholeAuthenticationOptions cubbyholeAuthenticationOptions, @Nullable Map<String, Object> map) {
        if (cubbyholeAuthenticationOptions.isWrappedToken()) {
            Assert.state(map != null, "Auth data must not be null");
            VaultResponse vaultResponse = (VaultResponse) VaultResponses.unwrap((String) map.get("response"), VaultResponse.class);
            Assert.state(vaultResponse.getAuth() != null, "Auth field must not be null");
            return LoginTokenUtil.from(vaultResponse.getAuth());
        }
        if (map == null || map.isEmpty()) {
            throw new VaultLoginException(String.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain a token", cubbyholeAuthenticationOptions.getPath()));
        }
        if (map.size() == 1) {
            return VaultToken.of((String) map.get(map.keySet().iterator().next()));
        }
        throw new VaultLoginException(String.format("Cannot retrieve Token from Cubbyhole: Response at %s does not contain an unique token", cubbyholeAuthenticationOptions.getPath()));
    }
}
