package software.tnb.common.account.loader;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.JsonObject;
import com.bettercloud.vault.response.AuthResponse;
import com.bettercloud.vault.response.LogicalResponse;
import org.junit.jupiter.api.function.ThrowingSupplier;

/* loaded from: input_file:software/tnb/common/account/loader/VaultCredentialsLoader.class */
public class VaultCredentialsLoader extends CredentialsLoader {
    private final Vault vault;
    private final String pathPattern;
    private final VaultConfig config;
    private ThrowingSupplier<AuthResponse> authSupplier;

    private VaultCredentialsLoader(String str, String str2) throws VaultException {
        this.config = new VaultConfig().address(str).engineVersion(2).build();
        this.vault = new Vault(this.config);
        this.pathPattern = str2;
    }

    public VaultCredentialsLoader(String str, String str2, String str3) throws VaultException {
        this(str, str2);
        this.authSupplier = () -> {
            return this.vault.auth().loginByGithub(str3);
        };
    }

    public VaultCredentialsLoader(String str, String str2, String str3, String str4) throws VaultException {
        this(str, str2);
        this.authSupplier = () -> {
            return this.vault.auth().loginByAppRole(str3, str4);
        };
    }

    private void refreshAuthToken() {
        try {
            this.config.token(((AuthResponse) this.authSupplier.get()).getAuthClientToken()).build();
        } catch (Throwable th) {
            throw new RuntimeException("Vault reauth failed", th);
        }
    }

    @Override // software.tnb.common.account.loader.CredentialsLoader
    public Object loadCredentials(String str) {
        refreshAuthToken();
        return get(String.format(this.pathPattern, str));
    }

    @Override // software.tnb.common.account.loader.CredentialsLoader
    public String toJson(Object obj) {
        return obj.toString();
    }

    private JsonObject get(String str) {
        try {
            LogicalResponse read = this.vault.logical().read(str);
            if (read.getRestResponse().getStatus() == 200) {
                return read.getDataObject();
            }
            if (read.getRestResponse().getStatus() == 404) {
                return null;
            }
            throw new RuntimeException("Unable to get credentials from vault, response code: " + read.getRestResponse().getStatus());
        } catch (VaultException e) {
            throw new RuntimeException("Unable to read credentials from vault", e);
        }
    }
}
