package de.stklcode.jvault.connector;

import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Objects;

/* loaded from: input_file:de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.class */
public final class HTTPVaultConnectorBuilder {
    private static final String ENV_VAULT_ADDR = "VAULT_ADDR";
    private static final String ENV_VAULT_CACERT = "VAULT_CACERT";
    private static final String ENV_VAULT_TOKEN = "VAULT_TOKEN";
    private static final String ENV_VAULT_MAX_RETRIES = "VAULT_MAX_RETRIES";
    public static final String DEFAULT_HOST = "127.0.0.1";
    public static final Integer DEFAULT_PORT = 8200;
    public static final boolean DEFAULT_TLS = true;
    public static final String DEFAULT_TLS_VERSION = "TLSv1.2";
    public static final String DEFAULT_PREFIX = "/v1/";
    public static final int DEFAULT_NUMBER_OF_RETRIES = 0;
    private X509Certificate trustedCA;
    private Integer timeout;
    private String token;
    private String host = DEFAULT_HOST;
    private Integer port = DEFAULT_PORT;
    private boolean tls = true;
    private String tlsVersion = "TLSv1.2";
    private String prefix = DEFAULT_PREFIX;
    private int numberOfRetries = 0;

    public HTTPVaultConnectorBuilder withBaseURL(String str) throws URISyntaxException {
        return withBaseURL(new URI(str));
    }

    public HTTPVaultConnectorBuilder withBaseURL(URI uri) {
        return withTLS(!"http".equalsIgnoreCase((String) Objects.requireNonNullElse(uri.getScheme(), ""))).withHost(uri.getHost()).withPort(Integer.valueOf(uri.getPort())).withPrefix(uri.getPath());
    }

    public HTTPVaultConnectorBuilder withHost(String str) {
        this.host = str;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHost() {
        return this.host;
    }

    public HTTPVaultConnectorBuilder withPort(Integer num) {
        if (num.intValue() < 0) {
            this.port = null;
        } else {
            if (num.intValue() < 1 || num.intValue() > 65535) {
                throw new IllegalArgumentException("Port number " + num + " out of range");
            }
            this.port = num;
        }
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Integer getPort() {
        return this.port;
    }

    public HTTPVaultConnectorBuilder withTLS(boolean z) {
        this.tls = z;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isWithTLS() {
        return this.tls;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTlsVersion() {
        return this.tlsVersion;
    }

    public HTTPVaultConnectorBuilder withTLS(boolean z, String str) {
        this.tls = z;
        this.tlsVersion = str;
        return this;
    }

    public HTTPVaultConnectorBuilder withTLS(String str) {
        return withTLS(true, str);
    }

    public HTTPVaultConnectorBuilder withTLS() {
        return withTLS(true);
    }

    public HTTPVaultConnectorBuilder withoutTLS() {
        return withTLS(false);
    }

    public HTTPVaultConnectorBuilder withPrefix(String str) {
        this.prefix = str;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPrefix() {
        return this.prefix;
    }

    public HTTPVaultConnectorBuilder withTrustedCA(Path path) throws VaultConnectorException {
        if (path != null) {
            return withTrustedCA(certificateFromFile(path));
        }
        this.trustedCA = null;
        return this;
    }

    public HTTPVaultConnectorBuilder withTrustedCA(X509Certificate x509Certificate) {
        this.trustedCA = x509Certificate;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getTrustedCA() {
        return this.trustedCA;
    }

    public HTTPVaultConnectorBuilder withToken(String str) {
        this.token = str;
        return this;
    }

    public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
        if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
            try {
                URL url = new URL(System.getenv(ENV_VAULT_ADDR));
                this.host = url.getHost();
                this.port = Integer.valueOf(url.getPort());
                this.tls = url.getProtocol().equals("https");
            } catch (MalformedURLException e) {
                throw new ConnectionException("URL provided in environment variable malformed", e);
            }
        }
        if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
            try {
                this.numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
            } catch (NumberFormatException e2) {
            }
        }
        this.token = System.getenv(ENV_VAULT_TOKEN);
        return (System.getenv(ENV_VAULT_CACERT) == null || System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) ? this : withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT), new String[0]));
    }

    public HTTPVaultConnectorBuilder withNumberOfRetries(int i) {
        this.numberOfRetries = i;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getNumberOfRetries() {
        return this.numberOfRetries;
    }

    public HTTPVaultConnectorBuilder withTimeout(int i) {
        this.timeout = Integer.valueOf(i);
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Integer getTimeout() {
        return this.timeout;
    }

    public HTTPVaultConnector build() {
        return new HTTPVaultConnector(this);
    }

    public HTTPVaultConnector buildAndAuth() throws VaultConnectorException {
        if (this.token == null) {
            throw new ConnectionException("No vault token provided, unable to authenticate.");
        }
        HTTPVaultConnector build = build();
        build.authToken(this.token);
        return build;
    }

    private X509Certificate certificateFromFile(Path path) throws TlsException {
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e) {
            throw new TlsException("Unable to read certificate.", e);
        }
    }
}
