package software.tnb.common.account;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.response.AuthResponse;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.function.ThrowingSupplier;

/* loaded from: input_file:software/tnb/common/account/VaultCredentialsLoader.class */
public class VaultCredentialsLoader implements CredentialsLoader {
    private final Vault vault;
    private final ObjectMapper mapper;
    private final String pathPattern;
    private final VaultConfig config;
    private ThrowingSupplier<AuthResponse> authSupplier;

    private VaultCredentialsLoader(String str, String str2) throws VaultException {
        this.config = new VaultConfig().address(str).engineVersion(2).build();
        this.vault = new Vault(this.config);
        this.pathPattern = str2;
        this.mapper = new ObjectMapper();
        this.mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }

    public VaultCredentialsLoader(String str, String str2, String str3) throws VaultException {
        this(str, str2);
        this.authSupplier = () -> {
            return this.vault.auth().loginByGithub(str3);
        };
        refreshAuthToken();
    }

    public VaultCredentialsLoader(String str, String str2, String str3, String str4) throws VaultException {
        this(str, str2);
        this.authSupplier = () -> {
            return this.vault.auth().loginByAppRole(str3, str4);
        };
        refreshAuthToken();
    }

    private void refreshAuthToken() {
        try {
            this.config.token(((AuthResponse) this.authSupplier.get()).getAuthClientToken()).build();
        } catch (Throwable th) {
            throw new RuntimeException("Vault reauth failed", th);
        }
    }

    @Override // software.tnb.common.account.CredentialsLoader
    public <T extends Account> T get(String str, Class<T> cls) {
        try {
            JsonObject jsonObject = get(String.format(this.pathPattern, str));
            if (jsonObject == null) {
                refreshAuthToken();
                jsonObject = get(String.format(this.pathPattern, str));
            }
            return (T) this.mapper.readValue(jsonObject.toString(), cls);
        } catch (VaultException | JsonProcessingException e) {
            throw new RuntimeException("Couldnt get credentials from vault: " + str, e);
        }
    }

    public JsonObject get(String str) throws VaultException {
        return this.vault.logical().read(str).getDataObject();
    }
}
