package org.springframework.cloud.vault.config;

import java.time.Duration;
import java.util.List;
import java.util.function.Supplier;
import org.springframework.cloud.vault.config.VaultProperties;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.scheduling.TaskScheduler;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AuthenticationStepsFactory;
import org.springframework.vault.authentication.AuthenticationStepsOperator;
import org.springframework.vault.authentication.CachingVaultTokenSupplier;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport;
import org.springframework.vault.authentication.ReactiveLifecycleAwareSessionManager;
import org.springframework.vault.authentication.ReactiveSessionManager;
import org.springframework.vault.authentication.SessionManager;
import org.springframework.vault.authentication.TokenAuthentication;
import org.springframework.vault.authentication.VaultTokenSupplier;
import org.springframework.vault.client.ClientHttpConnectorFactory;
import org.springframework.vault.client.ReactiveVaultEndpointProvider;
import org.springframework.vault.client.VaultEndpointProvider;
import org.springframework.vault.client.WebClientBuilder;
import org.springframework.vault.client.WebClientCustomizer;
import org.springframework.vault.client.WebClientFactory;
import org.springframework.vault.support.ClientOptions;
import org.springframework.vault.support.VaultToken;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveConfiguration.class */
final class VaultReactiveConfiguration {
    private final VaultProperties vaultProperties;

    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveConfiguration$ReactiveSessionManagerAdapter.class */
    private static final class ReactiveSessionManagerAdapter implements SessionManager {
        private final ReactiveSessionManager sessionManager;

        private ReactiveSessionManagerAdapter(ReactiveSessionManager reactiveSessionManager) {
            this.sessionManager = reactiveSessionManager;
        }

        public VaultToken getSessionToken() {
            VaultToken vaultToken = (VaultToken) this.sessionManager.getSessionToken().block();
            Assert.state(vaultToken != null, "ReactiveSessionManager returned a null VaultToken");
            return vaultToken;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VaultReactiveConfiguration(VaultProperties vaultProperties) {
        this.vaultProperties = vaultProperties;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHttpConnector createClientHttpConnector() {
        return ClientHttpConnectorFactory.create(new ClientOptions(Duration.ofMillis(this.vaultProperties.getConnectionTimeout()), Duration.ofMillis(this.vaultProperties.getReadTimeout())), VaultConfiguration.createSslConfiguration(this.vaultProperties.getSsl()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebClientBuilder createWebClientBuilder(ClientHttpConnector clientHttpConnector, ReactiveVaultEndpointProvider reactiveVaultEndpointProvider, List<WebClientCustomizer> list) {
        return applyCustomizer(list, WebClientBuilder.builder().httpConnector(clientHttpConnector).endpointProvider(reactiveVaultEndpointProvider));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebClientBuilder createWebClientBuilder(ClientHttpConnector clientHttpConnector, VaultEndpointProvider vaultEndpointProvider, List<WebClientCustomizer> list) {
        return applyCustomizer(list, WebClientBuilder.builder().httpConnector(clientHttpConnector).endpointProvider(vaultEndpointProvider));
    }

    private WebClientBuilder applyCustomizer(List<WebClientCustomizer> list, WebClientBuilder webClientBuilder) {
        webClientBuilder.getClass();
        list.forEach(webClientCustomizer -> {
            webClientBuilder.customizers(new WebClientCustomizer[]{webClientCustomizer});
        });
        if (StringUtils.hasText(this.vaultProperties.getNamespace())) {
            webClientBuilder.defaultHeader("X-Vault-Namespace", this.vaultProperties.getNamespace());
        }
        return webClientBuilder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VaultTokenSupplier createVaultTokenSupplier(WebClientFactory webClientFactory, Supplier<AuthenticationStepsFactory> supplier, Supplier<ClientAuthentication> supplier2) {
        AuthenticationStepsFactory authenticationStepsFactory = supplier.get();
        if (authenticationStepsFactory != null) {
            return createAuthenticationStepsOperator(authenticationStepsFactory, webClientFactory);
        }
        TokenAuthentication tokenAuthentication = (ClientAuthentication) supplier2.get();
        if (tokenAuthentication == null) {
            throw new IllegalStateException("Cannot construct VaultTokenSupplier. Please configure VaultTokenSupplier bean named vaultTokenSupplier.");
        }
        if (tokenAuthentication instanceof TokenAuthentication) {
            TokenAuthentication tokenAuthentication2 = tokenAuthentication;
            return () -> {
                return Mono.just(tokenAuthentication2.login());
            };
        }
        if (tokenAuthentication instanceof AuthenticationStepsFactory) {
            return createAuthenticationStepsOperator((AuthenticationStepsFactory) tokenAuthentication, webClientFactory);
        }
        throw new IllegalStateException(String.format("Cannot construct VaultTokenSupplier from %s. ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication", tokenAuthentication));
    }

    private VaultTokenSupplier createAuthenticationStepsOperator(AuthenticationStepsFactory authenticationStepsFactory, WebClientFactory webClientFactory) {
        return new AuthenticationStepsOperator(authenticationStepsFactory.getAuthenticationSteps(), webClientFactory.create());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionManager createSessionManager(ReactiveSessionManager reactiveSessionManager) {
        return new ReactiveSessionManagerAdapter(reactiveSessionManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReactiveSessionManager createReactiveSessionManager(VaultTokenSupplier vaultTokenSupplier, Supplier<TaskScheduler> supplier, WebClientFactory webClientFactory) {
        VaultProperties.SessionLifecycle lifecycle = this.vaultProperties.getSession().getLifecycle();
        if (!lifecycle.isEnabled()) {
            return CachingVaultTokenSupplier.of(vaultTokenSupplier);
        }
        return new ReactiveLifecycleAwareSessionManager(vaultTokenSupplier, supplier.get(), webClientFactory.create(), new LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger(lifecycle.getRefreshBeforeExpiry(), lifecycle.getExpiryThreshold()));
    }
}
