package org.apache.brooklyn.core.config.external.vault;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.core.config.external.AbstractExternalConfigSupplier;
import org.apache.brooklyn.core.effector.http.HttpCommandEffector;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.http.HttpTool;
import org.apache.brooklyn.util.http.HttpToolResponse;
import org.apache.brooklyn.util.net.Urls;
import org.apache.brooklyn.util.text.Strings;
import org.apache.brooklyn.util.time.Duration;
import org.apache.brooklyn.util.time.Time;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.http.client.HttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/core/config/external/vault/VaultExternalConfigSupplier.class */
public abstract class VaultExternalConfigSupplier extends AbstractExternalConfigSupplier {
    public static final String CHARSET_NAME = "UTF-8";
    public static final ImmutableMap<String, String> MINIMAL_HEADERS = ImmutableMap.of("Content-Type", "application/json; charset=UTF-8", "Accept", HttpCommandEffector.APPLICATION_JSON, "Accept-Charset", CHARSET_NAME);
    private static final Logger LOG = LoggerFactory.getLogger(VaultExternalConfigSupplier.class);
    protected final Map<String, String> config;
    protected final String name;
    protected final HttpClient httpClient;
    protected final Gson gson;
    protected final String endpoint;
    protected final String path;
    protected final String mountPoint;
    protected final int version;
    protected final int recoverTryCount;
    protected final String token;
    protected final ImmutableMap<String, String> headersWithToken;

    public VaultExternalConfigSupplier(ManagementContext managementContext, String str, Map<String, String> map) {
        super(managementContext, str);
        this.config = map;
        this.name = str;
        this.httpClient = HttpTool.httpClientBuilder().build();
        this.gson = new GsonBuilder().create();
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(2);
        this.endpoint = map.get("endpoint");
        if (Strings.isBlank(this.endpoint)) {
            newArrayListWithCapacity.add("missing configuration 'endpoint'");
        }
        this.path = map.get("path");
        if (Strings.isBlank(this.path)) {
            newArrayListWithCapacity.add("missing configuration 'path'");
        }
        String str2 = map.get("kv-api-version");
        if (Strings.isBlank(str2) || "1".equals(str2)) {
            this.version = 1;
        } else if ("2".equals(str2)) {
            this.version = 2;
        } else {
            this.version = -1;
            newArrayListWithCapacity.add("'kv-api-version' must be either 1 or 2");
        }
        this.recoverTryCount = NumberUtils.toInt(map.get("recoverTryCount"), 10);
        this.mountPoint = map.get("mountPoint");
        if (Strings.isBlank(this.mountPoint) && this.version == 2) {
            newArrayListWithCapacity.add("missing configuration 'mountPoint'");
        }
        if (!Strings.isBlank(this.mountPoint) && this.version == 1) {
            newArrayListWithCapacity.add("'mountPoint' is only applicable when kv-api-version=2");
        }
        if (!newArrayListWithCapacity.isEmpty()) {
            throw new IllegalArgumentException(String.format("Problem configuration Vault external config supplier '%s': %s", str, Joiner.on(System.lineSeparator()).join(newArrayListWithCapacity)));
        }
        this.token = initAndLogIn(map);
        if (Strings.isBlank(this.token)) {
            LOG.warn("Vault token blank. Startup will continue but vault might not be available. Recover attempt will be made on next vault access.");
        }
        this.headersWithToken = ImmutableMap.builder().putAll(MINIMAL_HEADERS).put("X-Vault-Token", this.token).build();
    }

    protected abstract String initAndLogIn(Map<String, String> map);

    @Override // org.apache.brooklyn.core.config.external.ExternalConfigSupplier
    public String get(String str) {
        JsonObject apiGetRetryable = apiGetRetryable(this.version == 1 ? Urls.mergePaths(new String[]{"v1", this.path}) : Urls.mergePaths(new String[]{"v1", this.mountPoint, "data", this.path}), this.headersWithToken, this.recoverTryCount);
        return (this.version == 1 ? apiGetRetryable.getAsJsonObject("data").get(str) : apiGetRetryable.getAsJsonObject("data").getAsJsonObject("data").get(str)).getAsString();
    }

    public Map<String, String> getDataAsStringMap() {
        return Maps.transformValues((Map) apiGetRetryable(Urls.mergePaths(new String[]{"v1", this.path}), this.headersWithToken, this.recoverTryCount).getAsJsonObject("data").entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        })), jsonElement -> {
            return jsonElement.getAsString();
        });
    }

    protected JsonObject apiGetRetryable(String str, Map<String, String> map, int i) {
        try {
            if (Strings.isBlank(map.get("X-Vault-Token"))) {
                String initAndLogIn = initAndLogIn(this.config);
                if (Strings.isBlank(initAndLogIn)) {
                    throw new IllegalStateException("Vault sealed or unavailable.");
                }
                map = MutableMap.copyOf(map).add("X-Vault-Token", initAndLogIn);
            }
            return apiGet(str, map);
        } catch (Exception e) {
            Exceptions.propagateIfFatal(e);
            if (i <= 0) {
                throw Exceptions.propagate(e);
            }
            LOG.warn("Vault sealed or unavailable. Retries remaining: " + i);
            Time.sleep(Duration.ONE_SECOND);
            return apiGetRetryable(str, MutableMap.copyOf(map).add("X-Vault-Token", initAndLogIn(this.config)), i - 1);
        }
    }

    protected JsonObject apiGet(String str, Map<String, String> map) {
        try {
            String mergePaths = Urls.mergePaths(new String[]{this.endpoint, str});
            LOG.trace("Vault request - GET: {}", mergePaths);
            HttpToolResponse httpGet = HttpTool.httpGet(this.httpClient, Urls.toUri(mergePaths), map);
            LOG.trace("Vault response - code: {} {}", Integer.valueOf(httpGet.getResponseCode()), httpGet.getReasonPhrase());
            String str2 = new String(httpGet.getContent(), CHARSET_NAME);
            if (HttpTool.isStatusCodeHealthy(httpGet.getResponseCode())) {
                return (JsonObject) this.gson.fromJson(str2, JsonObject.class);
            }
            throw new IllegalStateException("HTTP request returned code: " + httpGet.getResponseCode() + " - " + str2);
        } catch (UnsupportedEncodingException e) {
            throw Exceptions.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JsonObject apiPost(String str, ImmutableMap<String, String> immutableMap, ImmutableMap<String, String> immutableMap2) {
        try {
            String json = this.gson.toJson(immutableMap2);
            String mergePaths = Urls.mergePaths(new String[]{this.endpoint, str});
            LOG.trace("Vault request - POST: {}", mergePaths);
            HttpToolResponse httpPost = HttpTool.httpPost(this.httpClient, Urls.toUri(mergePaths), immutableMap, json.getBytes(CHARSET_NAME));
            LOG.trace("Vault response - code: {} {}", Integer.valueOf(httpPost.getResponseCode()), httpPost.getReasonPhrase());
            String str2 = new String(httpPost.getContent(), CHARSET_NAME);
            if (HttpTool.isStatusCodeHealthy(httpPost.getResponseCode())) {
                return (JsonObject) this.gson.fromJson(str2, JsonObject.class);
            }
            throw new IllegalStateException("HTTP request returned code: " + httpPost.getResponseCode() + " - " + str2);
        } catch (UnsupportedEncodingException e) {
            throw Exceptions.propagate(e);
        }
    }
}
