package no.nav.vault.jdbc.hikaricp;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.response.LogicalResponse;
import com.zaxxer.hikari.HikariConfig;
import com.zaxxer.hikari.HikariDataSource;
import java.util.TimerTask;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/vault/jdbc/hikaricp/HikariCPVaultUtil.class */
public final class HikariCPVaultUtil {
    private static final Logger logger = LoggerFactory.getLogger(HikariCPVaultUtil.class);
    private HikariDataSource ds = null;
    private final HikariConfig hikariConfig;
    private final Vault vault;
    private final String mountPath;
    private final String role;

    /* renamed from: no.nav.vault.jdbc.hikaricp.HikariCPVaultUtil$1RefreshDbCredentialsTask, reason: invalid class name */
    /* loaded from: input_file:no/nav/vault/jdbc/hikaricp/HikariCPVaultUtil$1RefreshDbCredentialsTask.class */
    final class C1RefreshDbCredentialsTask extends TimerTask {
        final /* synthetic */ VaultUtil val$instance;
        final /* synthetic */ String val$role;

        C1RefreshDbCredentialsTask(VaultUtil vaultUtil, String str) {
            this.val$instance = vaultUtil;
            this.val$role = str;
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                if (HikariCPVaultUtil.this.ds == null || !HikariCPVaultUtil.this.ds.isClosed()) {
                    this.val$instance.getTimer().schedule(new C1RefreshDbCredentialsTask(this.val$instance, this.val$role), VaultUtil.suggestedRefreshInterval(HikariCPVaultUtil.this.refreshCredentialsAndReturnRefreshInterval().leaseDuration * 1000));
                } else {
                    HikariCPVaultUtil.logger.info("Datasource is closed. Stopping scheduling of RefreshDbCredentialsTask");
                    cancel();
                }
            } catch (VaultException e) {
                if (e.getHttpStatusCode() == 403) {
                    HikariCPVaultUtil.logger.error("Vault denied permission to fetch database credentials for role \"" + this.val$role + "\"", e);
                } else {
                    HikariCPVaultUtil.logger.error("Could not fetch database credentials for role \"" + this.val$role + "\"", e);
                }
                HikariCPVaultUtil.logger.warn("Waiting 5 secs before trying to get new credentials");
                this.val$instance.getTimer().schedule(new C1RefreshDbCredentialsTask(this.val$instance, this.val$role), 5000L);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:no/nav/vault/jdbc/hikaricp/HikariCPVaultUtil$RefreshResult.class */
    public static final class RefreshResult {
        final String leaseId;
        final long leaseDuration;

        RefreshResult(String str, long j) {
            this.leaseId = str;
            this.leaseDuration = j;
        }
    }

    private HikariCPVaultUtil(HikariConfig hikariConfig, Vault vault, String str, String str2) {
        this.hikariConfig = hikariConfig;
        this.vault = vault;
        this.mountPath = str;
        this.role = str2;
    }

    private void setDs(HikariDataSource hikariDataSource) {
        this.ds = hikariDataSource;
    }

    public static HikariDataSource createHikariDataSourceWithVaultIntegration(HikariConfig hikariConfig, String str, String str2) throws VaultError {
        VaultUtil vaultUtil = VaultUtil.getInstance();
        HikariCPVaultUtil hikariCPVaultUtil = new HikariCPVaultUtil(hikariConfig, vaultUtil.getClient(), str, str2);
        try {
            vaultUtil.getTimer().schedule(new C1RefreshDbCredentialsTask(vaultUtil, str2), VaultUtil.suggestedRefreshInterval(hikariCPVaultUtil.refreshCredentialsAndReturnRefreshInterval().leaseDuration * 1000));
            HikariDataSource hikariDataSource = new HikariDataSource(hikariConfig);
            hikariCPVaultUtil.setDs(hikariDataSource);
            return hikariDataSource;
        } catch (VaultException e) {
            throw new VaultError("Could not fetch initial database credentials for role \"" + str2 + "\"", e);
        }
    }

    private RefreshResult refreshCredentialsAndReturnRefreshInterval() throws VaultException {
        String str = this.mountPath + "/creds/" + this.role;
        logger.info("Renewing database credentials for role \"" + this.role + "\"");
        LogicalResponse read = this.vault.logical().read(str);
        String str2 = (String) read.getData().get("username");
        String str3 = (String) read.getData().get("password");
        logger.info("Got new credentials (username=" + str2 + ")");
        this.hikariConfig.setUsername(str2);
        this.hikariConfig.setPassword(str3);
        if (this.ds != null) {
            this.ds.setUsername(str2);
            this.ds.setPassword(str3);
            this.ds.getHikariConfigMXBean().setUsername(str2);
            this.ds.getHikariConfigMXBean().setPassword(str3);
            this.ds.getHikariPoolMXBean().softEvictConnections();
        }
        return new RefreshResult(read.getLeaseId(), read.getLeaseDuration().longValue());
    }
}
