package de.stklcode.jvault.connector;

import de.stklcode.jvault.connector.exception.AuthorizationRequiredException;
import de.stklcode.jvault.connector.exception.InvalidRequestException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.internal.RequestHelper;
import de.stklcode.jvault.connector.model.AppRole;
import de.stklcode.jvault.connector.model.AppRoleSecret;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.Token;
import de.stklcode.jvault.connector.model.TokenRole;
import de.stklcode.jvault.connector.model.response.AppRoleResponse;
import de.stklcode.jvault.connector.model.response.AppRoleSecretResponse;
import de.stklcode.jvault.connector.model.response.AuthMethodsResponse;
import de.stklcode.jvault.connector.model.response.AuthResponse;
import de.stklcode.jvault.connector.model.response.HealthResponse;
import de.stklcode.jvault.connector.model.response.MetaSecretResponse;
import de.stklcode.jvault.connector.model.response.MetadataResponse;
import de.stklcode.jvault.connector.model.response.PlainSecretResponse;
import de.stklcode.jvault.connector.model.response.RawDataResponse;
import de.stklcode.jvault.connector.model.response.SealResponse;
import de.stklcode.jvault.connector.model.response.SecretListResponse;
import de.stklcode.jvault.connector.model.response.SecretResponse;
import de.stklcode.jvault.connector.model.response.SecretVersionResponse;
import de.stklcode.jvault.connector.model.response.TokenResponse;
import de.stklcode.jvault.connector.model.response.TokenRoleResponse;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:de/stklcode/jvault/connector/HTTPVaultConnector.class */
public class HTTPVaultConnector implements VaultConnector {
    private static final String PATH_SEAL_STATUS = "sys/seal-status";
    private static final String PATH_SEAL = "sys/seal";
    private static final String PATH_UNSEAL = "sys/unseal";
    private static final String PATH_RENEW = "sys/leases/renew";
    private static final String PATH_AUTH = "sys/auth";
    private static final String PATH_TOKEN = "auth/token";
    private static final String PATH_LOOKUP = "/lookup";
    private static final String PATH_CREATE = "/create";
    private static final String PATH_ROLES = "/roles";
    private static final String PATH_CREATE_ORPHAN = "/create-orphan";
    private static final String PATH_AUTH_USERPASS = "auth/userpass/login/";
    private static final String PATH_AUTH_APPID = "auth/app-id/";
    private static final String PATH_AUTH_APPROLE = "auth/approle/";
    private static final String PATH_AUTH_APPROLE_ROLE = "auth/approle/role/%s%s";
    private static final String PATH_REVOKE = "sys/leases/revoke/";
    private static final String PATH_HEALTH = "sys/health";
    private static final String PATH_DATA = "/data/";
    private static final String PATH_METADATA = "/metadata/";
    private static final String PATH_DELETE = "/delete/";
    private static final String PATH_UNDELETE = "/undelete/";
    private static final String PATH_DESTROY = "/destroy/";
    private final RequestHelper request;
    private String token;
    private boolean authorized = false;
    private long tokenTTL = 0;

    public static HTTPVaultConnectorBuilder builder() {
        return new HTTPVaultConnectorBuilder();
    }

    public static HTTPVaultConnectorBuilder builder(String str) throws URISyntaxException {
        return new HTTPVaultConnectorBuilder().withBaseURL(str);
    }

    public static HTTPVaultConnectorBuilder builder(URI uri) {
        return new HTTPVaultConnectorBuilder().withBaseURL(uri);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HTTPVaultConnector(HTTPVaultConnectorBuilder hTTPVaultConnectorBuilder) {
        this.request = new RequestHelper((hTTPVaultConnectorBuilder.isWithTLS() ? "https" : "http") + "://" + hTTPVaultConnectorBuilder.getHost() + (hTTPVaultConnectorBuilder.getPort() != null ? ":" + hTTPVaultConnectorBuilder.getPort() : "") + hTTPVaultConnectorBuilder.getPrefix(), hTTPVaultConnectorBuilder.getNumberOfRetries(), hTTPVaultConnectorBuilder.getTimeout(), hTTPVaultConnectorBuilder.getTlsVersion(), hTTPVaultConnectorBuilder.getTrustedCA());
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void resetAuth() {
        this.token = null;
        this.tokenTTL = 0L;
        this.authorized = false;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SealResponse sealStatus() throws VaultConnectorException {
        return (SealResponse) this.request.get(PATH_SEAL_STATUS, Collections.emptyMap(), this.token, SealResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void seal() throws VaultConnectorException {
        this.request.put(PATH_SEAL, Collections.emptyMap(), this.token);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SealResponse unseal(String str, Boolean bool) throws VaultConnectorException {
        HashMap hashMap = new HashMap(2, 1.0f);
        hashMap.put("key", str);
        if (bool != null) {
            hashMap.put("reset", bool.toString());
        }
        return (SealResponse) this.request.put(PATH_UNSEAL, hashMap, this.token, SealResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public HealthResponse getHealth() throws VaultConnectorException {
        return (HealthResponse) this.request.get(PATH_HEALTH, Map.of("standbycode", "200", "sealedcode", "200", "uninitcode", "200"), this.token, HealthResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final boolean isAuthorized() {
        return this.authorized && (this.tokenTTL == 0 || this.tokenTTL >= System.currentTimeMillis());
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final List<AuthBackend> getAuthBackends() throws VaultConnectorException {
        return (List) ((AuthMethodsResponse) this.request.get(PATH_AUTH, Collections.emptyMap(), this.token, AuthMethodsResponse.class)).getSupportedMethods().values().stream().map((v0) -> {
            return v0.getType();
        }).collect(Collectors.toList());
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final TokenResponse authToken(String str) throws VaultConnectorException {
        this.token = str;
        this.tokenTTL = 0L;
        TokenResponse tokenResponse = (TokenResponse) this.request.post("auth/token/lookup", Collections.emptyMap(), str, TokenResponse.class);
        this.authorized = true;
        return tokenResponse;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AuthResponse authUserPass(String str, String str2) throws VaultConnectorException {
        return queryAuth("auth/userpass/login/" + str, Collections.singletonMap("password", str2));
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    @Deprecated(since = "0.4", forRemoval = false)
    public final AuthResponse authAppId(String str, String str2) throws VaultConnectorException {
        return queryAuth("auth/app-id/login", Map.of("app_id", str, "user_id", str2));
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AuthResponse authAppRole(String str, String str2) throws VaultConnectorException {
        HashMap hashMap = new HashMap(2, 1.0f);
        hashMap.put("role_id", str);
        if (str2 != null) {
            hashMap.put("secret_id", str2);
        }
        return queryAuth("auth/approle/login", hashMap);
    }

    private AuthResponse queryAuth(String str, Map<String, String> map) throws VaultConnectorException {
        AuthResponse authResponse = (AuthResponse) this.request.post(str, map, this.token, AuthResponse.class);
        this.token = authResponse.getAuth().getClientToken();
        this.tokenTTL = System.currentTimeMillis() + (authResponse.getAuth().getLeaseDuration().intValue() * 1000);
        this.authorized = true;
        return authResponse;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    @Deprecated(since = "0.4", forRemoval = false)
    public final boolean registerAppId(String str, String str2, String str3) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse("auth/app-id/map/app-id/" + str, Map.of("value", str2, "display_name", str3), this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    @Deprecated(since = "0.4", forRemoval = false)
    public final boolean registerUserId(String str, String str2) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse("auth/app-id/map/user-id/" + str2, Collections.singletonMap("value", str), this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final boolean createAppRole(AppRole appRole) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, appRole.getName(), ""), appRole, this.token);
        return appRole.getId() == null || appRole.getId().isEmpty() || setAppRoleID(appRole.getName(), appRole.getId());
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AppRoleResponse lookupAppRole(String str) throws VaultConnectorException {
        requireAuth();
        return (AppRoleResponse) this.request.get(String.format(PATH_AUTH_APPROLE_ROLE, str, ""), Collections.emptyMap(), this.token, AppRoleResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final boolean deleteAppRole(String str) throws VaultConnectorException {
        requireAuth();
        this.request.deleteWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, str, ""), this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final String getAppRoleID(String str) throws VaultConnectorException {
        requireAuth();
        return ((RawDataResponse) this.request.get(String.format(PATH_AUTH_APPROLE_ROLE, str, "/role-id"), Collections.emptyMap(), this.token, RawDataResponse.class)).getData().get("role_id").toString();
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final boolean setAppRoleID(String str, String str2) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, str, "/role-id"), Collections.singletonMap("role_id", str2), this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AppRoleSecretResponse createAppRoleSecret(String str, AppRoleSecret appRoleSecret) throws VaultConnectorException {
        requireAuth();
        return (appRoleSecret.getId() == null || appRoleSecret.getId().isEmpty()) ? (AppRoleSecretResponse) this.request.post(String.format(PATH_AUTH_APPROLE_ROLE, str, "/secret-id"), appRoleSecret, this.token, AppRoleSecretResponse.class) : (AppRoleSecretResponse) this.request.post(String.format(PATH_AUTH_APPROLE_ROLE, str, "/custom-secret-id"), appRoleSecret, this.token, AppRoleSecretResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AppRoleSecretResponse lookupAppRoleSecret(String str, String str2) throws VaultConnectorException {
        requireAuth();
        return (AppRoleSecretResponse) this.request.post(String.format(PATH_AUTH_APPROLE_ROLE, str, "/secret-id/lookup"), new AppRoleSecret(str2), this.token, AppRoleSecretResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final boolean destroyAppRoleSecret(String str, String str2) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse(String.format(PATH_AUTH_APPROLE_ROLE, str, "/secret-id/destroy"), new AppRoleSecret(str2), this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final List<String> listAppRoles() throws VaultConnectorException {
        requireAuth();
        return ((SecretListResponse) this.request.get("auth/approle/role?list=true", Collections.emptyMap(), this.token, SecretListResponse.class)).getKeys();
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final List<String> listAppRoleSecrets(String str) throws VaultConnectorException {
        requireAuth();
        return ((SecretListResponse) this.request.get(String.format(PATH_AUTH_APPROLE_ROLE, str, "/secret-id?list=true"), Collections.emptyMap(), this.token, SecretListResponse.class)).getKeys();
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SecretResponse read(String str) throws VaultConnectorException {
        requireAuth();
        return (SecretResponse) this.request.get(str, Collections.emptyMap(), this.token, PlainSecretResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SecretResponse readSecretVersion(String str, String str2, Integer num) throws VaultConnectorException {
        requireAuth();
        HashMap hashMap = new HashMap(1, 1.0f);
        if (num != null) {
            hashMap.put("version", num.toString());
        }
        return (SecretResponse) this.request.get(str + "/data/" + str2, hashMap, this.token, MetaSecretResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final MetadataResponse readSecretMetadata(String str, String str2) throws VaultConnectorException {
        requireAuth();
        return (MetadataResponse) this.request.get(str + "/metadata/" + str2, Collections.emptyMap(), this.token, MetadataResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public void updateSecretMetadata(String str, String str2, Integer num, boolean z) throws VaultConnectorException {
        requireAuth();
        HashMap hashMap = new HashMap(2, 1.0f);
        if (num != null) {
            hashMap.put("max_versions", num);
        }
        hashMap.put("cas_required", Boolean.valueOf(z));
        write(str + "/metadata/" + str2, hashMap);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SecretVersionResponse writeSecretData(String str, String str2, Map<String, Object> map, Integer num) throws VaultConnectorException {
        requireAuth();
        if (str2 == null || str2.isEmpty()) {
            throw new InvalidRequestException("Secret path must not be empty.");
        }
        return (SecretVersionResponse) this.request.post(str + "/data/" + str2, Map.of("data", map, "options", num != null ? Collections.singletonMap("cas", num) : Collections.emptyMap()), this.token, SecretVersionResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final List<String> list(String str) throws VaultConnectorException {
        requireAuth();
        return ((SecretListResponse) this.request.get(str + "/?list=true", Collections.emptyMap(), this.token, SecretListResponse.class)).getKeys();
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void write(String str, Map<String, Object> map, Map<String, Object> map2) throws VaultConnectorException {
        requireAuth();
        if (str == null || str.isEmpty()) {
            throw new InvalidRequestException("Secret path must not be empty.");
        }
        Map<String, Object> map3 = map;
        if (map2 != null) {
            map3 = Map.of("data", map, "options", map2);
        }
        this.request.postWithoutResponse(str, map3, this.token);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void delete(String str) throws VaultConnectorException {
        requireAuth();
        this.request.deleteWithoutResponse(str, this.token);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void deleteLatestSecretVersion(String str, String str2) throws VaultConnectorException {
        delete(str + "/data/" + str2);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void deleteAllSecretVersions(String str, String str2) throws VaultConnectorException {
        delete(str + "/metadata/" + str2);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void deleteSecretVersions(String str, String str2, int... iArr) throws VaultConnectorException {
        handleSecretVersions(str, PATH_DELETE, str2, iArr);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void undeleteSecretVersions(String str, String str2, int... iArr) throws VaultConnectorException {
        handleSecretVersions(str, PATH_UNDELETE, str2, iArr);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void destroySecretVersions(String str, String str2, int... iArr) throws VaultConnectorException {
        handleSecretVersions(str, PATH_DESTROY, str2, iArr);
    }

    private void handleSecretVersions(String str, String str2, String str3, int... iArr) throws VaultConnectorException {
        requireAuth();
        this.request.postWithoutResponse(str + str2 + str3, Collections.singletonMap("versions", iArr), this.token);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final void revoke(String str) throws VaultConnectorException {
        requireAuth();
        this.request.putWithoutResponse("sys/leases/revoke/" + str, Collections.emptyMap(), this.token);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final SecretResponse renew(String str, Integer num) throws VaultConnectorException {
        requireAuth();
        HashMap hashMap = new HashMap(2, 1.0f);
        hashMap.put("lease_id", str);
        if (num != null) {
            hashMap.put("increment", num.toString());
        }
        return (SecretResponse) this.request.put(PATH_RENEW, hashMap, this.token, SecretResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AuthResponse createToken(Token token) throws VaultConnectorException {
        return createTokenInternal(token, "auth/token/create");
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AuthResponse createToken(Token token, boolean z) throws VaultConnectorException {
        return createTokenInternal(token, "auth/token/create-orphan");
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final AuthResponse createToken(Token token, String str) throws VaultConnectorException {
        if (str == null || str.isEmpty()) {
            throw new InvalidRequestException("No role name specified.");
        }
        return createTokenInternal(token, "auth/token/create/" + str);
    }

    @Override // java.lang.AutoCloseable
    public final void close() {
        this.authorized = false;
        this.token = null;
        this.tokenTTL = 0L;
    }

    private AuthResponse createTokenInternal(Token token, String str) throws VaultConnectorException {
        requireAuth();
        if (token == null) {
            throw new InvalidRequestException("Token must be provided.");
        }
        return (AuthResponse) this.request.post(str, token, this.token, AuthResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public final TokenResponse lookupToken(String str) throws VaultConnectorException {
        requireAuth();
        return (TokenResponse) this.request.get("auth/token/lookup", Collections.singletonMap("token", str), str, TokenResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public boolean createOrUpdateTokenRole(String str, TokenRole tokenRole) throws VaultConnectorException {
        requireAuth();
        if (str == null) {
            throw new InvalidRequestException("Role name must be provided.");
        }
        if (tokenRole == null) {
            throw new InvalidRequestException("Role must be provided.");
        }
        this.request.postWithoutResponse("auth/token/roles/" + str, tokenRole, this.token);
        return true;
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public TokenRoleResponse readTokenRole(String str) throws VaultConnectorException {
        requireAuth();
        return (TokenRoleResponse) this.request.get("auth/token/roles/" + str, Collections.emptyMap(), this.token, TokenRoleResponse.class);
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public List<String> listTokenRoles() throws VaultConnectorException {
        requireAuth();
        return list("auth/token/roles");
    }

    @Override // de.stklcode.jvault.connector.VaultConnector
    public boolean deleteTokenRole(String str) throws VaultConnectorException {
        requireAuth();
        if (str == null) {
            throw new InvalidRequestException("Role name must be provided.");
        }
        this.request.deleteWithoutResponse("auth/token/roles/" + str, this.token);
        return true;
    }

    private void requireAuth() throws AuthorizationRequiredException {
        if (!isAuthorized()) {
            throw new AuthorizationRequiredException();
        }
    }
}
