package digital.toke;

import digital.toke.HousekeepingConfig;
import digital.toke.accessor.SealStatus;
import digital.toke.accessor.Toke;
import digital.toke.exception.ConfigureException;
import digital.toke.exception.LoginFailedException;
import digital.toke.exception.ReadException;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:digital/toke/HousekeepingBase.class */
public abstract class HousekeepingBase implements Runnable {
    private static final Logger logger = LogManager.getLogger(HousekeepingBase.class);
    protected TokenManager tokenManager;
    protected HousekeepingConfig config;

    public HousekeepingBase(TokenManager tokenManager) {
        this.tokenManager = tokenManager;
        HousekeepingConfig housekeepingConfig = this.tokenManager.getAuth().config.getHousekeepingConfig();
        if (housekeepingConfig == null) {
            this.config = new HousekeepingConfig.Builder().build();
        } else {
            this.config = housekeepingConfig;
        }
    }

    public HousekeepingBase(HousekeepingConfig housekeepingConfig, TokenManager tokenManager) {
        this.config = housekeepingConfig;
        this.tokenManager = tokenManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initVault() {
        if (this.config.init) {
            try {
                Auth auth = this.tokenManager.getAuth();
                TokeDriverConfig driverConfig = this.tokenManager.getDriverConfig();
                Toke initVault = auth.initVault();
                logger.debug("Result of init call: " + initVault.response);
                initVault.init().writeKeysToFile(this.config.keyFile);
                this.config.unsealKeys = initVault.init().keys();
                this.config.unseal = true;
                driverConfig.setToken(initVault.init().rootToken());
                driverConfig.authType = AuthType.TOKEN;
                logger.debug("root token set in config, you should be good to go for unseal");
                this.config.init = false;
            } catch (ConfigureException e) {
                e.printStackTrace();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void unseal() {
        Toke toke;
        logger.debug("entering unseal");
        Auth auth = this.tokenManager.getAuth();
        try {
            if (new SealStatus(auth.checkSealStatus()).isSealed()) {
                logger.info("Notice: vault is sealed and we will attempt to unseal if the conditions for that have been met");
                if (!this.config.unseal || this.config.unsealKeys == null || this.config.unsealKeys.size() <= 0) {
                    logger.error("Problem: vault sealed, but conditions not met in config to attempt unseal");
                } else {
                    try {
                        logger.info("conditions met to attempt unseal: 1) requested, 2) unsealKeys is set; 3) unseal keys size is greater than 0");
                        toke = auth.unseal(this.config.getUnsealKeys(), false, false);
                    } catch (ConfigureException e) {
                        logger.error(e);
                        toke = null;
                    }
                    if (toke == null) {
                        logger.error("Bad response?");
                        return;
                    }
                    SealStatus sealStatus = new SealStatus(toke);
                    if (sealStatus.isSealed()) {
                        logger.error("expected to unseal, but failed..." + sealStatus.json().toString());
                    } else {
                        logger.info("Unsealed successfully..." + sealStatus.json().toString());
                    }
                }
            } else {
                logger.info("Vault instance appears to be unsealed  - good. Exiting this method.");
            }
        } catch (ReadException e2) {
            logger.error(e2);
        } catch (NullPointerException e3) {
            e3.printStackTrace();
            logger.error(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadCachedTokens() {
        logger.info("No cached tokens to load");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void login() {
        Auth auth = this.tokenManager.getAuth();
        Set<Token> managedTokens = this.tokenManager.getManagedTokens();
        if (managedTokens.size() == 0) {
            logger.info("Zero managed tokens found, trying to login to get one...");
            try {
                Token login = auth.login();
                this.tokenManager.fireLoginEvent(login);
                try {
                    Token lookupSelf = auth.lookupSelf(login);
                    logger.debug("updated token with lookup data " + lookupSelf.lookupData.toString());
                    managedTokens.add(lookupSelf);
                    this.tokenManager.fireLoginEvent(lookupSelf);
                } catch (ReadException e) {
                    logger.error("Does this user have permission to read auth/token/lookup-self?", e);
                }
            } catch (LoginFailedException e2) {
                logger.error(e2);
            }
        }
    }

    public List<TokenRenewal> renew() {
        ArrayList arrayList = new ArrayList();
        Set<Token> managedTokens = this.tokenManager.getManagedTokens();
        if (managedTokens.size() == 0) {
            return arrayList;
        }
        Auth auth = this.tokenManager.getAuth();
        for (Token token : managedTokens) {
            if (token.isPeriodic()) {
                try {
                    arrayList.add(new TokenRenewal(RenewalType.PERIODIC, token, auth.renewPeriodic(token)));
                } catch (Exception e) {
                    logger.info("Renew Periodic has failed, will try to reauthenticate and get a new token.", e);
                    try {
                        arrayList.add(new TokenRenewal(RenewalType.LOGIN, token, auth.login()));
                    } catch (LoginFailedException e2) {
                        logger.error(e2);
                        logger.error("giving up here...");
                    }
                }
            } else if (token.isRenewable()) {
                logger.debug("token is renewable...");
                ZonedDateTime expireTime = token.expireTime();
                if (expireTime != null) {
                    long until = Instant.now().until(expireTime.toInstant(), ChronoUnit.SECONDS);
                    logger.info("Token with accessor " + token.accessor() + " will expire in " + until + " seconds.");
                    if (this.config.renew) {
                        logger.debug(String.format("Checking renew... min_ttl: %d, count: %d", Long.valueOf(this.config.min_ttl), Long.valueOf(until)));
                        if (this.config.min_ttl > until) {
                            logger.debug("OK, looks like should renew now");
                            try {
                                arrayList.add(new TokenRenewal(RenewalType.SELF, token, auth.renewSelf(token)));
                            } catch (Exception e3) {
                                e3.printStackTrace();
                                logger.info("Renew of non-periodic token has failed, will try to reauthenticate and get a new token.", e3);
                                try {
                                    arrayList.add(new TokenRenewal(RenewalType.LOGIN, token, auth.login()));
                                } catch (LoginFailedException e4) {
                                    logger.error(e4);
                                    logger.error("giving up here...");
                                }
                            }
                        }
                    } else {
                        logger.debug("Not yet in range to renew.");
                    }
                }
            } else {
                logger.debug("token is not renewable, so doing nothing...");
            }
        }
        return arrayList;
    }
}
