package io.quarkus.vault.client.auth;

import io.quarkus.vault.client.api.auth.kubernetes.VaultAuthKubernetes;
import io.quarkus.vault.client.api.auth.kubernetes.VaultAuthKubernetesLoginAuthResult;
import io.quarkus.vault.client.common.VaultRequestExecutor;
import io.quarkus.vault.client.logging.LogConfidentialityLevel;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Supplier;
import java.util.logging.Logger;

/* loaded from: input_file:io/quarkus/vault/client/auth/VaultKubernetesTokenProvider.class */
public class VaultKubernetesTokenProvider implements VaultTokenProvider {
    private static final Logger log = Logger.getLogger(VaultKubernetesTokenProvider.class.getName());
    private final String mountPath;
    private final String role;
    private final Supplier<CompletionStage<String>> jwtProvider;

    public VaultKubernetesTokenProvider(String str, String str2, Supplier<CompletionStage<String>> supplier) {
        this.mountPath = str;
        this.role = str2;
        this.jwtProvider = supplier;
    }

    public VaultKubernetesTokenProvider(VaultKubernetesAuthOptions vaultKubernetesAuthOptions) {
        this(vaultKubernetesAuthOptions.mountPath, vaultKubernetesAuthOptions.role, vaultKubernetesAuthOptions.jwtProvider);
    }

    @Override // java.util.function.Function
    public CompletionStage<VaultToken> apply(VaultAuthRequest vaultAuthRequest) {
        VaultRequestExecutor executor = vaultAuthRequest.getExecutor();
        return this.jwtProvider.get().thenCompose(str -> {
            log.fine("authenticating with kubernetes jwt: " + vaultAuthRequest.getRequest().getLogConfidentialityLevel().maskWithTolerance(str, LogConfidentialityLevel.LOW));
            return executor.execute(VaultAuthKubernetes.FACTORY.login(this.mountPath, this.role, str)).thenApply((v0) -> {
                return v0.getResult();
            }).thenApply(vaultAuthKubernetesLoginResult -> {
                VaultAuthKubernetesLoginAuthResult auth = vaultAuthKubernetesLoginResult.getAuth();
                return VaultToken.from(auth.getClientToken(), auth.isRenewable().booleanValue(), auth.getLeaseDuration(), vaultAuthRequest.getInstantSource());
            });
        });
    }

    public static Supplier<CompletionStage<String>> jwtTokenPathReader(Path path) {
        return () -> {
            return CompletableFuture.completedStage(readJwtToken(path));
        };
    }

    private static String readJwtToken(Path path) {
        try {
            return Files.readString(path, StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new RuntimeException("Failed to read JWT token from " + String.valueOf(path), e);
        }
    }
}
