package com.atlassian.secrets.store.vault.auth.kubernetes;

import com.atlassian.secrets.api.SecretStoreException;
import com.atlassian.secrets.store.vault.VaultParams;
import com.atlassian.secrets.store.vault.auth.AuthenticationConfigUtils;
import java.net.URI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.vault.authentication.KubernetesAuthentication;
import org.springframework.vault.authentication.KubernetesAuthenticationOptions;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.DefaultUriBuilderFactory;

/* loaded from: input_file:com/atlassian/secrets/store/vault/auth/kubernetes/KubernetesAuthenticationFactory.class */
public class KubernetesAuthenticationFactory {
    private static final Logger log = LoggerFactory.getLogger(KubernetesAuthenticationFactory.class);
    private final KubernetesServiceAccountTokenFileFactory kubernetesServiceAccountTokenFileFactory;

    /* loaded from: input_file:com/atlassian/secrets/store/vault/auth/kubernetes/KubernetesAuthenticationFactory$EnvConfig.class */
    static class EnvConfig {
        public static final String ROLE = "SECRET_STORE_VAULT_KUBE_AUTH_ROLE";
        public static final String PATH = "SECRET_STORE_VAULT_KUBE_AUTH_PATH";
        public static final String JWT_PATH = "SECRET_STORE_VAULT_KUBE_AUTH_JWT_PATH";

        private EnvConfig() {
        }
    }

    /* loaded from: input_file:com/atlassian/secrets/store/vault/auth/kubernetes/KubernetesAuthenticationFactory$PropertyConfig.class */
    static class PropertyConfig {
        public static final String ROLE = "secret.store.vault.kube.auth.role";
        public static final String PATH = "secret.store.vault.kube.auth.path";
        public static final String JWT_PATH = "secret.store.vault.kube.auth.jwt.path";

        private PropertyConfig() {
        }
    }

    public KubernetesAuthenticationFactory() {
        this(new DefaultKubernetesServiceAccountTokenFileFactory());
    }

    public KubernetesAuthenticationFactory(KubernetesServiceAccountTokenFileFactory kubernetesServiceAccountTokenFileFactory) {
        this.kubernetesServiceAccountTokenFileFactory = kubernetesServiceAccountTokenFileFactory;
    }

    public KubernetesAuthentication getAuthentication(VaultParams vaultParams) throws SecretStoreException {
        try {
            String endpoint = vaultParams.getEndpoint();
            String parseRequiredValueFromEnv = AuthenticationConfigUtils.parseRequiredValueFromEnv(EnvConfig.ROLE, PropertyConfig.ROLE);
            String parseOptionalValueFromEnv = AuthenticationConfigUtils.parseOptionalValueFromEnv(EnvConfig.PATH, PropertyConfig.PATH);
            String parseOptionalValueFromEnv2 = AuthenticationConfigUtils.parseOptionalValueFromEnv(EnvConfig.JWT_PATH, PropertyConfig.JWT_PATH);
            KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder role = KubernetesAuthenticationOptions.builder().role(parseRequiredValueFromEnv);
            if (parseOptionalValueFromEnv2 != null) {
                role.jwtSupplier(this.kubernetesServiceAccountTokenFileFactory.getKubernetesServiceAccountTokenFile(parseOptionalValueFromEnv2));
            }
            if (parseOptionalValueFromEnv != null) {
                role.path(parseOptionalValueFromEnv);
            }
            KubernetesAuthenticationOptions build = role.build();
            VaultEndpoint from = VaultEndpoint.from(URI.create(endpoint));
            RestTemplate restTemplate = new RestTemplate();
            restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(String.format("%s/%s/", from, from.getPath())));
            return new KubernetesAuthentication(build, restTemplate);
        } catch (Exception e) {
            log.error("Problem when getting the Kubernetes Authentication: {}", e.getMessage());
            throw new SecretStoreException("Problem when getting the Kubernetes Authentication.", e);
        }
    }
}
