package com.cyberark.conjur.springboot.core.env;

import com.cyberark.conjur.sdk.AccessToken;
import com.cyberark.conjur.sdk.ApiClient;
import com.cyberark.conjur.sdk.Configuration;
import com.cyberark.conjur.sdk.endpoint.SecretsApi;
import com.cyberark.conjur.springboot.constant.ConjurConstant;
import com.cyberark.conjur.springboot.domain.ConjurProperties;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.boot.context.properties.bind.BindResult;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;

/* loaded from: input_file:com/cyberark/conjur/springboot/core/env/ConjurConnectionManager.class */
public class ConjurConnectionManager implements EnvironmentAware, BeanFactoryPostProcessor {
    private final AccessTokenProvider accessTokenProvider;
    private Environment environment;
    private static final Logger LOGGER = LoggerFactory.getLogger(ConjurConnectionManager.class);

    public ConjurConnectionManager(AccessTokenProvider accessTokenProvider) {
        this.accessTokenProvider = accessTokenProvider;
    }

    public void postProcessBeanFactory(ConfigurableListableBeanFactory configurableListableBeanFactory) throws BeansException {
        BindResult bind = Binder.get(this.environment).bind(ConjurConstant.CONJUR_PREFIX, ConjurProperties.class);
        if (bind.isBound()) {
            getConnection((ConjurProperties) bind.get());
        }
    }

    public void setEnvironment(Environment environment) {
        this.environment = environment;
    }

    private void getConnection(ConjurProperties conjurProperties) {
        AccessToken newAccessToken;
        try {
            ApiClient defaultApiClient = Configuration.getDefaultApiClient();
            defaultApiClient.setAccount(conjurProperties.getAccount());
            defaultApiClient.setBasePath(conjurProperties.getApplianceUrl());
            InputStream inputStream = null;
            String sslCertificate = conjurProperties.getSslCertificate();
            String certFile = conjurProperties.getCertFile();
            if (StringUtils.isNotEmpty(sslCertificate)) {
                inputStream = new ByteArrayInputStream(sslCertificate.getBytes(StandardCharsets.UTF_8));
            } else if (StringUtils.isNotEmpty(certFile)) {
                inputStream = new FileInputStream(certFile);
            }
            if (inputStream != null) {
                defaultApiClient.setSslCaCert(inputStream);
                inputStream.close();
            }
            String authTokenFile = conjurProperties.getAuthTokenFile();
            if (StringUtils.isNotEmpty(authTokenFile)) {
                defaultApiClient.setApiKey(new String(Files.readAllBytes(Paths.get(authTokenFile, new String[0]))));
            }
            String jwtTokenPath = conjurProperties.getJwtTokenPath();
            String authenticatorId = conjurProperties.getAuthenticatorId();
            String authnLogin = conjurProperties.getAuthnLogin();
            String authnApiKey = conjurProperties.getAuthnApiKey();
            if (StringUtils.isNotEmpty(jwtTokenPath) && StringUtils.isNotEmpty(authenticatorId)) {
                LOGGER.debug("Using JWT Authentication");
                newAccessToken = this.accessTokenProvider.getJwtAccessToken(defaultApiClient, jwtTokenPath, authenticatorId);
            } else {
                if (StringUtils.isNotEmpty(authnLogin)) {
                    defaultApiClient.setUsername(authnLogin);
                }
                if (StringUtils.isNotEmpty(authnApiKey)) {
                    defaultApiClient.setApiKey(authnApiKey);
                }
                LOGGER.debug("Using API KEY Authentication");
                newAccessToken = this.accessTokenProvider.getNewAccessToken(defaultApiClient);
            }
            if (newAccessToken == null) {
                LOGGER.debug("Using Account: " + obfuscateString(defaultApiClient.getAccount()));
                LOGGER.debug("Using ApplianceUrl: " + obfuscateString(defaultApiClient.getBasePath()));
                if (StringUtils.isNotEmpty(authnLogin)) {
                    LOGGER.debug("Using AuthnLogin: " + obfuscateString(authnLogin));
                }
                if (StringUtils.isNotEmpty(authnApiKey)) {
                    LOGGER.debug("Using Authn API Key: " + obfuscateString(authnApiKey));
                }
                if (StringUtils.isNotEmpty(sslCertificate)) {
                    LOGGER.debug("Using SSL Cert: " + obfuscateString(sslCertificate));
                } else if (StringUtils.isNotEmpty(certFile)) {
                    LOGGER.debug("Using SSL Cert File: " + obfuscateString(certFile));
                }
                if (StringUtils.isNotEmpty(jwtTokenPath)) {
                    LOGGER.debug("Using JWT Token Path: " + obfuscateString(jwtTokenPath));
                }
                if (StringUtils.isNotEmpty(authenticatorId)) {
                    LOGGER.debug("Using Authenticator ID: " + obfuscateString(authenticatorId));
                }
                LOGGER.error("Access token is null, Please enter proper environment variables.");
            } else {
                defaultApiClient.setAccessToken(newAccessToken.getHeaderValue());
                Configuration.setDefaultApiClient(defaultApiClient);
                LOGGER.debug("Connection with conjur is successful");
            }
        } catch (Exception e) {
            LOGGER.error("Exception encountered {} : {}", e.getClass(), e.getMessage());
        }
    }

    private String obfuscateString(String str) {
        if (!StringUtils.isNoneEmpty(new CharSequence[]{str}) || str.length() <= 2) {
            return str;
        }
        return str.charAt(0) + "*******" + str.charAt(str.length() - 1);
    }

    public static String getAccount(SecretsApi secretsApi) {
        ApiClient apiClient = secretsApi.getApiClient();
        return apiClient != null ? apiClient.getAccount() : ConjurConstant.CONJUR_ACCOUNT;
    }
}
