package io.smartdatalake.util.azure;

import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.github.takezoe.scaladoc.Scaladoc;
import io.smartdatalake.config.ConfigurationException;
import io.smartdatalake.config.ConfigurationException$;
import io.smartdatalake.util.misc.CustomCodeUtil$;
import io.smartdatalake.util.secrets.SecretProvider;
import scala.None$;
import scala.Option;
import scala.collection.immutable.Map;
import scala.reflect.ScalaSignature;
import scala.runtime.Nothing$;

/* compiled from: AzureKeyVaultSecretProvider.scala */
@Scaladoc("/**\n * Secret provider to read secrets from AzureKeyVault\n *\n * Usage:\n * global = {\n *   secretProviders = {\n *     AZKV = {\n *       className: io.smartdatalake.utils.azure.AzureKeyVaultSecretProvider\n *       options = {\n *         keyVaultName: <azure-key-vault-name>\n *       }\n *     }\n *   }\n * }\n *\n * @param keyVaultName Name of the key vault\n * @param azureCredentialBuilderClass optional AzureCredentialBuilder class. Default is to use DefaultAzureCredentialBuilder.\n */")
@ScalaSignature(bytes = "\u0006\u0001\u0005Ea\u0001\u0002\n\u0014\u0001qA\u0001\"\u000b\u0001\u0003\u0002\u0003\u0006IA\u000b\u0005\tk\u0001\u0011\t\u0011)A\u0005m!)\u0011\b\u0001C\u0001u!)\u0011\b\u0001C\u0001\u007f!9Q\t\u0001b\u0001\n\u00131\u0005BB$\u0001A\u0003%!\u0006C\u0004I\u0001\t\u0007I\u0011B%\t\rM\u0003\u0001\u0015!\u0003K\u0011\u001d!\u0006A1A\u0005\nUCa!\u0017\u0001!\u0002\u00131\u0006b\u0002.\u0001\u0005\u0004%Ia\u0017\u0005\u0007K\u0002\u0001\u000b\u0011\u0002/\t\u000b\u0019\u0004A\u0011I4\b\u000fa\u001c\u0012\u0011!E\u0001s\u001a9!cEA\u0001\u0012\u0003Q\b\"B\u001d\u0010\t\u0003Y\bb\u0002?\u0010#\u0003%\t! \u0002\u001c\u0003j,(/Z&fsZ\u000bW\u000f\u001c;TK\u000e\u0014X\r\u001e)s_ZLG-\u001a:\u000b\u0005Q)\u0012!B1{kJ,'B\u0001\f\u0018\u0003\u0011)H/\u001b7\u000b\u0005aI\u0012!D:nCJ$H-\u0019;bY\u0006\\WMC\u0001\u001b\u0003\tIwn\u0001\u0001\u0014\u0007\u0001i2\u0005\u0005\u0002\u001fC5\tqDC\u0001!\u0003\u0015\u00198-\u00197b\u0013\t\u0011sD\u0001\u0004B]f\u0014VM\u001a\t\u0003I\u001dj\u0011!\n\u0006\u0003MU\tqa]3de\u0016$8/\u0003\u0002)K\tq1+Z2sKR\u0004&o\u001c<jI\u0016\u0014\u0018\u0001D6fsZ\u000bW\u000f\u001c;OC6,\u0007CA\u00163\u001d\ta\u0003\u0007\u0005\u0002.?5\taF\u0003\u000207\u00051AH]8pizJ!!M\u0010\u0002\rA\u0013X\rZ3g\u0013\t\u0019DG\u0001\u0004TiJLgn\u001a\u0006\u0003c}\t1$\u0019>ve\u0016\u001c%/\u001a3f]RL\u0017\r\u001c\"vS2$WM]\"mCN\u001c\bc\u0001\u00108U%\u0011\u0001h\b\u0002\u0007\u001fB$\u0018n\u001c8\u0002\rqJg.\u001b;?)\rYTH\u0010\t\u0003y\u0001i\u0011a\u0005\u0005\u0006S\r\u0001\rA\u000b\u0005\bk\r\u0001\n\u00111\u00017)\tY\u0004\tC\u0003B\t\u0001\u0007!)A\u0004paRLwN\\:\u0011\t-\u001a%FK\u0005\u0003\tR\u00121!T1q\u0003-YW-\u001f,bk2$XK]5\u0016\u0003)\nAb[3z-\u0006,H\u000e^+sS\u0002\na#\u0019>ve\u0016\u001c%/\u001a3f]RL\u0017\r\u001c\"vS2$WM]\u000b\u0002\u0015B\u00111*U\u0007\u0002\u0019*\u0011QJT\u0001\tS\u0012,g\u000e^5us*\u0011Ac\u0014\u0006\u0002!\u0006\u00191m\\7\n\u0005Ic%!\b#fM\u0006,H\u000e^!{kJ,7I]3eK:$\u0018.\u00197Ck&dG-\u001a:\u0002/\u0005TXO]3De\u0016$WM\u001c;jC2\u0014U/\u001b7eKJ\u0004\u0013AC2sK\u0012,g\u000e^5bYV\ta\u000b\u0005\u0002L/&\u0011\u0001\f\u0014\u0002\u0017\t\u00164\u0017-\u001e7u\u0003j,(/Z\"sK\u0012,g\u000e^5bY\u0006Y1M]3eK:$\u0018.\u00197!\u00031\u0019Xm\u0019:fi\u000ec\u0017.\u001a8u+\u0005a\u0006CA/d\u001b\u0005q&B\u0001\u0014`\u0015\t\u0001\u0017-\u0001\u0005lKf4\u0018-\u001e7u\u0015\t\u0011g*\u0001\u0005tK\u000e,(/\u001b;z\u0013\t!gL\u0001\u0007TK\u000e\u0014X\r^\"mS\u0016tG/A\u0007tK\u000e\u0014X\r^\"mS\u0016tG\u000fI\u0001\nO\u0016$8+Z2sKR$\"A\u000b5\t\u000b%l\u0001\u0019\u0001\u0016\u0002\t9\fW.\u001a\u0015\u0005\u0001-,h\u000f\u0005\u0002mg6\tQN\u0003\u0002o_\u0006A1oY1mC\u0012|7M\u0003\u0002qc\u00069A/Y6fu>,'B\u0001:P\u0003\u00199\u0017\u000e\u001e5vE&\u0011A/\u001c\u0002\t'\u000e\fG.\u00193pG\u0006)a/\u00197vK\u0006\nq/ABb_)R#\u0002\t\u0016!'\u0016\u001c'/\u001a;!aJ|g/\u001b3fe\u0002\"x\u000e\t:fC\u0012\u00043/Z2sKR\u001c\bE\u001a:p[\u0002\n%0\u001e:f\u0017\u0016Lh+Y;mi*\u0001#F\u0003\u0011+AU\u001b\u0018mZ3;\u0015\u0001R\u0003e\u001a7pE\u0006d\u0007%\u0010\u0011|\u0015\u0001R\u0003\u0005\t\u0011tK\u000e\u0014X\r\u001e)s_ZLG-\u001a:tAu\u00023P\u0003\u0011+A\u0001\u0002\u0003\u0005I![\u0017Z\u0003S\bI>\u000bA)\u0002\u0003\u0005\t\u0011!A\u0001\u001aG.Y:t\u001d\u0006lWM\u000f\u0011j_:\u001aX.\u0019:uI\u0006$\u0018\r\\1lK:*H/\u001b7t]\u0005TXO]3/\u0003j,(/Z&fsZ\u000bW\u000f\u001c;TK\u000e\u0014X\r\u001e)s_ZLG-\u001a:\u000bA)\u0002\u0003\u0005\t\u0011!A\u0001z\u0007\u000f^5p]N\u0004S\bI>\u000bA)\u0002\u0003\u0005\t\u0011!A\u0001\u0002\u0003e[3z-\u0006,H\u000e\u001e(b[\u0016T\u0004\u0005P1{kJ,Wf[3z[Y\fW\u000f\u001c;.]\u0006lWM\u0010\u0006!U\u0001\u0002\u0003\u0005\t\u0011!AuT\u0001E\u000b\u0011!A\u0001\u0002SP\u0003\u0011+A\u0001\u0002SP\u0003\u0011+AuT\u0001E\u000b\u0006!U\u0001\u0002\u0005/\u0019:b[\u0002ZW-\u001f,bk2$h*Y7fA9\u000bW.\u001a\u0011pM\u0002\"\b.\u001a\u0011lKf\u0004c/Y;mi*\u0001#\u0006\t!qCJ\fW\u000eI1{kJ,7I]3eK:$\u0018.\u00197Ck&dG-\u001a:DY\u0006\u001c8\u000fI8qi&|g.\u00197!\u0003j,(/Z\"sK\u0012,g\u000e^5bY\n+\u0018\u000e\u001c3fe\u0002\u001aG.Y:t]\u0001\"UMZ1vYR\u0004\u0013n\u001d\u0011u_\u0002*8/\u001a\u0011EK\u001a\fW\u000f\u001c;BuV\u0014Xm\u0011:fI\u0016tG/[1m\u0005VLG\u000eZ3s])\u0001#fL\u0001\u001c\u0003j,(/Z&fsZ\u000bW\u000f\u001c;TK\u000e\u0014X\r\u001e)s_ZLG-\u001a:\u0011\u0005qz1CA\b\u001e)\u0005I\u0018a\u0007\u0013mKN\u001c\u0018N\\5uI\u001d\u0014X-\u0019;fe\u0012\"WMZ1vYR$#'F\u0001\u007fU\t1tp\u000b\u0002\u0002\u0002A!\u00111AA\u0007\u001b\t\t)A\u0003\u0003\u0002\b\u0005%\u0011!C;oG\",7m[3e\u0015\r\tYaH\u0001\u000bC:tw\u000e^1uS>t\u0017\u0002BA\b\u0003\u000b\u0011\u0011#\u001e8dQ\u0016\u001c7.\u001a3WCJL\u0017M\\2f\u0001")
/* loaded from: input_file:io/smartdatalake/util/azure/AzureKeyVaultSecretProvider.class */
public class AzureKeyVaultSecretProvider implements SecretProvider {
    private final String keyVaultName;
    private final String keyVaultUri;
    private final DefaultAzureCredentialBuilder azureCredentialBuilder;
    private final DefaultAzureCredential credential;
    private final SecretClient secretClient;

    private String keyVaultUri() {
        return this.keyVaultUri;
    }

    private DefaultAzureCredentialBuilder azureCredentialBuilder() {
        return this.azureCredentialBuilder;
    }

    private DefaultAzureCredential credential() {
        return this.credential;
    }

    private SecretClient secretClient() {
        return this.secretClient;
    }

    public String getSecret(String str) {
        try {
            String value = secretClient().getSecret(str).getValue();
            if (value.isEmpty()) {
                throw new ConfigurationException(new StringBuilder(53).append("AzureKeyVault secret ").append(str).append(" in keyVault ").append(this.keyVaultName).append(" is an empty string").toString(), ConfigurationException$.MODULE$.$lessinit$greater$default$2(), ConfigurationException$.MODULE$.$lessinit$greater$default$3());
            }
            return value;
        } catch (Exception e) {
            throw new ConfigurationException(new StringBuilder(59).append("AzureKeyVault secret ").append(str).append(" in keyVault ").append(this.keyVaultName).append(" cannot be read. Error ").append(e.getClass().getSimpleName()).append(": ").append(e.getMessage()).toString(), None$.MODULE$, e);
        }
    }

    public AzureKeyVaultSecretProvider(String str, Option<String> option) {
        this.keyVaultName = str;
        this.keyVaultUri = new StringBuilder(24).append("https://").append(str).append(".vault.azure.net").toString();
        this.azureCredentialBuilder = (DefaultAzureCredentialBuilder) option.map(str2 -> {
            return (Nothing$) CustomCodeUtil$.MODULE$.getClassInstanceByName(str2);
        }).getOrElse(() -> {
            return new DefaultAzureCredentialBuilder();
        });
        this.credential = azureCredentialBuilder().build();
        this.secretClient = new SecretClientBuilder().vaultUrl(keyVaultUri()).credential(credential()).buildClient();
    }

    public AzureKeyVaultSecretProvider(Map<String, String> map) {
        this((String) map.getOrElse("keyVaultName", new AzureKeyVaultSecretProvider$$anonfun$$lessinit$greater$1()), map.get("azureCredentialBuilderClass"));
    }
}
