package co.elastic.gradle.vault;

import co.elastic.gradle.vault.VaultAuthenticationExtension;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.response.AuthResponse;
import java.util.concurrent.TimeUnit;
import java.util.function.BiConsumer;
import java.util.function.Function;
import org.gradle.api.GradleException;

/* loaded from: input_file:co/elastic/gradle/vault/VaultAccessStrategy.class */
public class VaultAccessStrategy {
    public Vault access(VaultExtension vaultExtension, VaultAuthenticationExtension.VaultAuthMethod vaultAuthMethod, BiConsumer<String, Long> biConsumer) {
        if (vaultAuthMethod instanceof VaultAuthenticationExtension.VaultTokenEnvVar) {
            return authWithToken(vaultExtension, (String) ((VaultAuthenticationExtension.VaultTokenEnvVar) vaultAuthMethod).getToken().get());
        }
        if (vaultAuthMethod instanceof VaultAuthenticationExtension.VaultTokenFile) {
            return authWithToken(vaultExtension, (String) ((VaultAuthenticationExtension.VaultTokenFile) vaultAuthMethod).getToken().get());
        }
        if (vaultAuthMethod instanceof VaultAuthenticationExtension.VaultRoleAndSecretID) {
            return authAndStoreToken(vaultExtension, vault -> {
                try {
                    VaultAuthenticationExtension.VaultRoleAndSecretID vaultRoleAndSecretID = (VaultAuthenticationExtension.VaultRoleAndSecretID) vaultAuthMethod;
                    return vault.auth().loginByAppRole((String) vaultRoleAndSecretID.getRoleId().get(), (String) vaultRoleAndSecretID.getSecretId().get());
                } catch (VaultException e) {
                    throw new GradleException("Failed to authenticate to vault", e);
                }
            }, biConsumer);
        }
        if (vaultAuthMethod instanceof VaultAuthenticationExtension.GithubTokenFile) {
            return authAndStoreToken(vaultExtension, vault2 -> {
                try {
                    return vault2.auth().loginByGithub((String) ((VaultAuthenticationExtension.GithubTokenFile) vaultAuthMethod).getToken().get());
                } catch (VaultException e) {
                    throw new GradleException("Failed to authenticate to vault", e);
                }
            }, biConsumer);
        }
        if (vaultAuthMethod instanceof VaultAuthenticationExtension.GithubTokenEnv) {
            return authAndStoreToken(vaultExtension, vault3 -> {
                try {
                    return vault3.auth().loginByGithub((String) ((VaultAuthenticationExtension.GithubTokenEnv) vaultAuthMethod).getToken().get());
                } catch (VaultException e) {
                    throw new GradleException("Failed to authenticate to vault", e);
                }
            }, biConsumer);
        }
        throw new IllegalStateException("Unsupported auth method " + vaultAuthMethod.getClass());
    }

    private Vault authAndStoreToken(VaultExtension vaultExtension, Function<Vault, AuthResponse> function, BiConsumer<String, Long> biConsumer) {
        try {
            AuthResponse apply = function.apply(new Vault(new VaultConfig().address((String) vaultExtension.getAddress().get()).engineVersion((Integer) vaultExtension.getEngineVersion().get()).build()).withRetries(((Integer) vaultExtension.getRetries().get()).intValue(), ((Integer) vaultExtension.getRetryDelayMillis().get()).intValue()));
            String authClientToken = apply.getAuthClientToken();
            biConsumer.accept(authClientToken, Long.valueOf(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(apply.getAuthLeaseDuration(), TimeUnit.SECONDS)));
            return authWithToken(vaultExtension, authClientToken);
        } catch (VaultException e) {
            throw new GradleException("Failed to connect to vault", e);
        }
    }

    private Vault authWithToken(VaultExtension vaultExtension, String str) {
        try {
            return new Vault(new VaultConfig().address((String) vaultExtension.getAddress().get()).engineVersion((Integer) vaultExtension.getEngineVersion().get()).token(str).build()).withRetries(((Integer) vaultExtension.getRetries().get()).intValue(), ((Integer) vaultExtension.getRetryDelayMillis().get()).intValue());
        } catch (VaultException e) {
            throw new GradleException("Failed to connect to vault", e);
        }
    }
}
