package cd.connect.initializers.vault;

import bathe.BatheInitializer;
import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.Json;
import com.bettercloud.vault.response.AuthResponse;
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestResponse;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cd/connect/initializers/vault/VaultInitializer.class */
public class VaultInitializer implements BatheInitializer {
    public static final String VAULT_KEY_PREFIX = "[K8SVAULT]";
    private Logger log = LoggerFactory.getLogger(getClass());
    private boolean failed = false;

    public int getOrder() {
        return 1;
    }

    public String getName() {
        return "k8s-vault-initializer";
    }

    public String[] initialize(String[] strArr, String str) {
        List<VaultKey> discoverFields = discoverFields();
        if (discoverFields.size() == 0) {
            this.log.info("vault: no keys in system properties to discover");
        } else {
            try {
                loadVaultKeys(configureVaultClient(), discoverFields);
            } catch (VaultException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return strArr;
    }

    static String readFile(String str, Charset charset) {
        try {
            return new String(Files.readAllBytes(Paths.get(str, new String[0])), charset);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String getenv(String str, String str2) {
        String str3 = System.getenv(str);
        return str3 == null ? str2 : str3;
    }

    private void loadVaultKeys(Vault vault, List<VaultKey> list) {
        list.parallelStream().forEach(vaultKey -> {
            try {
                this.log.info("requesting {}", vaultKey.getVaultKeyName());
                Map data = vault.logical().read(vaultKey.getVaultKeyName()).getData();
                if (vaultKey.treatAsMap) {
                    StringBuilder sb = new StringBuilder();
                    StringBuilder sb2 = new StringBuilder();
                    data.forEach((str, str2) -> {
                        if (sb.length() > 0) {
                            sb.append(",");
                            sb2.append(",");
                        }
                        sb.append(String.format("%s=%s", str, str2));
                        sb2.append(String.format("%s=******", str));
                    });
                    System.setProperty(vaultKey.getSystemPropertyFieldName(), sb.toString());
                    this.log.info("vault: set property `{}` to similar to `{}`.", vaultKey.getSystemPropertyFieldName(), sb2.toString());
                } else if (vaultKey.subPropertyFieldNames.size() == 0) {
                    System.setProperty(vaultKey.getSystemPropertyFieldName(), (String) data.get("value"));
                    this.log.info("vault: set property `{}` from vault key `{}`.", vaultKey.getSystemPropertyFieldName(), vaultKey.getVaultKeyName());
                } else {
                    vaultKey.subPropertyFieldNames.forEach((str3, str4) -> {
                        String str3 = (String) data.get(str3);
                        if (str3 == null) {
                            this.log.error("Attempted to get subkey `{}` and it is not in the Vault map.", str3);
                            this.failed = true;
                        } else {
                            String str4 = vaultKey.getSystemPropertyFieldName() + "." + str4;
                            System.setProperty(str4, str3);
                            this.log.info("vault: set property `{}` from vault key `{}`.", str4, vaultKey.getVaultKeyName());
                        }
                    });
                }
            } catch (VaultException e) {
                this.failed = true;
                this.log.error("failed when requesting " + vaultKey.vaultKeyName, e);
            }
        });
        if (this.failed) {
            throw new RuntimeException("Vault initialization failed, please view logs.");
        }
    }

    private Vault configureVaultClient() throws VaultException {
        String property = System.getProperty("vault.url", "vault-server");
        if (property == null) {
            throw new RuntimeException("Vault keys were discovered but we have no Vault Server.");
        }
        String str = getenv("VAULT_TOKENFILE", System.getProperty("vault.tokenFile", "/var/run/secrets/kubernetes.io/serviceaccount/token"));
        String str2 = getenv("VAULT_CERTFILE", System.getProperty("vault.certFile", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"));
        String property2 = System.getProperty("vault.role", System.getProperty("app.name"));
        String str3 = System.getenv("VAULT_TOKEN");
        if (str3 == null) {
            str3 = readFile(str, Charset.forName("UTF-8"));
            if (str3.endsWith("\n")) {
                str3 = str3.substring(0, str3.length() - 1);
            }
        }
        VaultConfig build = new VaultConfig().address(property).openTimeout(5).readTimeout(30).sslConfig(new SslConfig().pemFile(new File(str2)).build()).build();
        if (property2 != null) {
            build.token(requestAuthTokenByRole(build, str3, property2).getAuthClientToken());
        } else {
            build.token(str3);
        }
        return new Vault(build);
    }

    private AuthResponse requestAuthTokenByRole(VaultConfig vaultConfig, String str, String str2) {
        int i = 0;
        while (true) {
            try {
                RestResponse post = new Rest().url(vaultConfig.getAddress() + getenv("VAULT_ROLE_URL", "/v1/auth/kubernetes/login")).header("Content-type", "application/json").body(Json.object().add("jwt", str).add("role", str2).toString().getBytes(Charset.forName("UTF-8"))).connectTimeoutSeconds(vaultConfig.getOpenTimeout()).readTimeoutSeconds(vaultConfig.getReadTimeout()).sslVerification(Boolean.valueOf(vaultConfig.getSslConfig().isVerify())).sslContext(vaultConfig.getSslConfig().getSslContext()).post();
                if (post.getStatus() != 200) {
                    if (post.getBody() != null) {
                        this.log.error("Vault body is {}", new String(post.getBody(), Charset.forName("UTF-8")));
                    }
                    throw new VaultException("Vault responded with HTTP status code: " + post.getStatus(), post.getStatus());
                }
                String mimeType = post.getMimeType() == null ? "null" : post.getMimeType();
                if (mimeType.equals("application/json")) {
                    return new AuthResponse(post, i);
                }
                throw new VaultException("Vault responded with MIME type: " + mimeType, post.getStatus());
            } catch (Exception e) {
                if (i >= vaultConfig.getMaxRetries()) {
                    throw new RuntimeException(e);
                }
                i++;
                try {
                    Thread.sleep(vaultConfig.getRetryIntervalMilliseconds());
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    List<VaultKey> discoverFields() {
        ArrayList arrayList = new ArrayList();
        System.getProperties().forEach((obj, obj2) -> {
            String obj = obj.toString();
            String obj2 = obj2.toString();
            if (obj2.startsWith(VAULT_KEY_PREFIX)) {
                String trim = obj2.substring(VAULT_KEY_PREFIX.length()).trim();
                boolean z = false;
                if (trim.endsWith("!")) {
                    z = true;
                    trim = trim.substring(0, trim.length() - 1);
                }
                this.log.debug("vault key: {} looking for {}", obj, trim);
                arrayList.add(new VaultKey(obj, trim, z));
            }
        });
        return arrayList;
    }
}
