package org.springframework.cloud.vault.config;

import java.net.URI;
import java.time.Duration;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.vault.config.VaultProperties;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.LifecycleAwareSessionManager;
import org.springframework.vault.authentication.SessionManager;
import org.springframework.vault.authentication.SimpleSessionManager;
import org.springframework.vault.client.SimpleVaultEndpointProvider;
import org.springframework.vault.client.VaultClients;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.client.VaultEndpointProvider;
import org.springframework.vault.config.AbstractVaultConfiguration;
import org.springframework.vault.config.ClientHttpRequestFactoryFactory;
import org.springframework.vault.core.VaultOperations;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.support.ClientOptions;
import org.springframework.vault.support.SslConfiguration;
import org.springframework.web.client.RestOperations;

@EnableConfigurationProperties({VaultProperties.class})
@Configuration
@ConditionalOnProperty(name = {"spring.cloud.vault.enabled"}, matchIfMissing = true)
@Order(2147483642)
/* loaded from: input_file:org/springframework/cloud/vault/config/VaultBootstrapConfiguration.class */
public class VaultBootstrapConfiguration implements InitializingBean {
    private final ConfigurableApplicationContext applicationContext;
    private final VaultProperties vaultProperties;
    private final VaultEndpointProvider endpointProvider;
    private RestOperations restOperations;

    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultBootstrapConfiguration$TaskSchedulerWrapper.class */
    public static class TaskSchedulerWrapper implements InitializingBean, DisposableBean {
        private final ThreadPoolTaskScheduler taskScheduler;

        public TaskSchedulerWrapper(ThreadPoolTaskScheduler threadPoolTaskScheduler) {
            this.taskScheduler = threadPoolTaskScheduler;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ThreadPoolTaskScheduler getTaskScheduler() {
            return this.taskScheduler;
        }

        public void destroy() throws Exception {
            this.taskScheduler.destroy();
        }

        public void afterPropertiesSet() throws Exception {
            this.taskScheduler.afterPropertiesSet();
        }
    }

    public VaultBootstrapConfiguration(ConfigurableApplicationContext configurableApplicationContext, VaultProperties vaultProperties, ObjectProvider<VaultEndpointProvider> objectProvider) {
        this.applicationContext = configurableApplicationContext;
        this.vaultProperties = vaultProperties;
        VaultEndpointProvider vaultEndpointProvider = (VaultEndpointProvider) objectProvider.getIfAvailable();
        this.endpointProvider = vaultEndpointProvider == null ? SimpleVaultEndpointProvider.of(getVaultEndpoint(vaultProperties)) : vaultEndpointProvider;
    }

    private static VaultEndpoint getVaultEndpoint(VaultProperties vaultProperties) {
        if (StringUtils.hasText(vaultProperties.getUri())) {
            return VaultEndpoint.from(URI.create(vaultProperties.getUri()));
        }
        VaultEndpoint vaultEndpoint = new VaultEndpoint();
        vaultEndpoint.setHost(vaultProperties.getHost());
        vaultEndpoint.setPort(vaultProperties.getPort());
        vaultEndpoint.setScheme(vaultProperties.getScheme());
        return vaultEndpoint;
    }

    public void afterPropertiesSet() {
        this.restOperations = VaultClients.createRestTemplate(this.endpointProvider, clientHttpRequestFactoryWrapper().getClientHttpRequestFactory());
    }

    @ConditionalOnMissingBean
    @Bean
    public AbstractVaultConfiguration.ClientFactoryWrapper clientHttpRequestFactoryWrapper() {
        SslConfiguration unconfigured;
        ClientOptions clientOptions = new ClientOptions(Duration.ofMillis(this.vaultProperties.getConnectionTimeout()), Duration.ofMillis(this.vaultProperties.getReadTimeout()));
        VaultProperties.Ssl ssl = this.vaultProperties.getSsl();
        if (ssl != null) {
            SslConfiguration.KeyStoreConfiguration unconfigured2 = SslConfiguration.KeyStoreConfiguration.unconfigured();
            SslConfiguration.KeyStoreConfiguration unconfigured3 = SslConfiguration.KeyStoreConfiguration.unconfigured();
            if (ssl.getKeyStore() != null) {
                unconfigured2 = StringUtils.hasText(ssl.getKeyStorePassword()) ? SslConfiguration.KeyStoreConfiguration.of(ssl.getKeyStore(), ssl.getKeyStorePassword().toCharArray()) : SslConfiguration.KeyStoreConfiguration.of(ssl.getKeyStore());
            }
            if (ssl.getTrustStore() != null) {
                unconfigured3 = StringUtils.hasText(ssl.getTrustStorePassword()) ? SslConfiguration.KeyStoreConfiguration.of(ssl.getTrustStore(), ssl.getTrustStorePassword().toCharArray()) : SslConfiguration.KeyStoreConfiguration.of(ssl.getTrustStore());
            }
            unconfigured = new SslConfiguration(unconfigured2, unconfigured3);
        } else {
            unconfigured = SslConfiguration.unconfigured();
        }
        return new AbstractVaultConfiguration.ClientFactoryWrapper(ClientHttpRequestFactoryFactory.create(clientOptions, unconfigured));
    }

    @ConditionalOnMissingBean({VaultOperations.class})
    @Bean
    public VaultTemplate vaultTemplate(SessionManager sessionManager) {
        return new VaultTemplate(this.endpointProvider, clientHttpRequestFactoryWrapper().getClientHttpRequestFactory(), sessionManager);
    }

    @ConditionalOnMissingBean({TaskSchedulerWrapper.class})
    @Bean
    @Lazy
    public TaskSchedulerWrapper vaultTaskScheduler() {
        ThreadPoolTaskScheduler threadPoolTaskScheduler = new ThreadPoolTaskScheduler();
        threadPoolTaskScheduler.setPoolSize(2);
        threadPoolTaskScheduler.setDaemon(true);
        threadPoolTaskScheduler.setThreadNamePrefix("Spring-Cloud-Vault-");
        this.applicationContext.registerShutdownHook();
        return new TaskSchedulerWrapper(threadPoolTaskScheduler);
    }

    @ConditionalOnMissingBean
    @Bean
    public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication, ObjectFactory<TaskSchedulerWrapper> objectFactory) {
        return this.vaultProperties.getConfig().getLifecycle().isEnabled() ? new LifecycleAwareSessionManager(clientAuthentication, ((TaskSchedulerWrapper) objectFactory.getObject()).getTaskScheduler(), this.restOperations) : new SimpleSessionManager(clientAuthentication);
    }

    @ConditionalOnMissingBean
    @Bean
    public ClientAuthentication clientAuthentication() {
        return new ClientAuthenticationFactory(this.vaultProperties, this.restOperations).createClientAuthentication();
    }
}
