package fish.payara.microprofile.config.extensions.hashicorp;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import fish.payara.microprofile.config.extensions.hashicorp.model.SecretHolder;
import fish.payara.nucleus.microprofile.config.admin.ConfigSourceConstants;
import fish.payara.nucleus.microprofile.config.source.extension.ConfiguredExtensionConfigSource;
import fish.payara.nucleus.microprofile.config.spi.MicroprofileConfigConfiguration;
import fish.payara.security.openid.OpenIdAuthenticationMechanism;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.stream.JsonParser;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.glassfish.config.support.TranslatedConfigView;
import org.jvnet.hk2.annotations.Service;

@Service(name = "hashicorp-secrets-config-source")
/* loaded from: input_file:fish/payara/microprofile/config/extensions/hashicorp/HashiCorpSecretsConfigSource.class */
public class HashiCorpSecretsConfigSource extends ConfiguredExtensionConfigSource<HashiCorpSecretsConfigSourceConfiguration> {
    private static final Logger LOGGER = Logger.getLogger(HashiCorpSecretsConfigSource.class.getName());

    @Inject
    MicroprofileConfigConfiguration mpconfig;
    protected String hashiCorpVaultToken;
    protected String vaultAddress;
    protected String secretsEnginePath;
    protected String secretsPath;
    protected int apiVersion;
    private Client client = ClientBuilder.newClient();
    private final ObjectMapper mapper = new ObjectMapper();

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public void bootstrap() {
        try {
            this.hashiCorpVaultToken = TranslatedConfigView.getRealPasswordFromAlias("${ALIAS=HASHICORP_VAULT_TOKEN}");
            this.vaultAddress = removeForwardSlashFromSuffixAndPrefix(((HashiCorpSecretsConfigSourceConfiguration) this.configuration).getVaultAddress());
            this.secretsEnginePath = removeForwardSlashFromSuffixAndPrefix(((HashiCorpSecretsConfigSourceConfiguration) this.configuration).getSecretsEnginePath());
            this.secretsPath = removeForwardSlashFromSuffixAndPrefix(((HashiCorpSecretsConfigSourceConfiguration) this.configuration).getSecretsPath());
            this.apiVersion = Integer.parseInt(((HashiCorpSecretsConfigSourceConfiguration) this.configuration).getApiVersion());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            LOGGER.log(Level.WARNING, "Unable to get value from password aliases", e);
        }
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Map<String, String> getProperties() {
        HashMap hashMap = new HashMap();
        if (this.hashiCorpVaultToken == null) {
            printMisconfigurationMessage();
            return hashMap;
        }
        String str = this.vaultAddress + "/v1/" + this.secretsEnginePath + "/data/" + this.secretsPath;
        if (this.apiVersion == 1) {
            str = this.vaultAddress + "/v1/" + this.secretsEnginePath + "/" + this.secretsPath;
        }
        try {
            Response response = this.client.target(str).request().accept(MediaType.APPLICATION_JSON).header("Authorization", OpenIdAuthenticationMechanism.BEARER_PREFIX + this.hashiCorpVaultToken).get();
            if (response.getStatus() != 200) {
                LOGGER.log(Level.WARNING, "Unable to get secrets from the vault using the following URL: " + str + ". Make sure all the configurtaion options has been entered correctly and HashiCorp Vault Token is correct");
                return hashMap;
            }
            StringReader stringReader = new StringReader(readSecretString((InputStream) response.getEntity()));
            Throwable th = null;
            try {
                try {
                    Map<String, String> readMap = readMap(stringReader);
                    if (stringReader != null) {
                        if (0 != 0) {
                            try {
                                stringReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            stringReader.close();
                        }
                    }
                    return readMap;
                } finally {
                }
            } catch (Throwable th3) {
                if (stringReader != null) {
                    if (th != null) {
                        try {
                            stringReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        stringReader.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | JsonException | ProcessingException e) {
            LOGGER.log(Level.WARNING, "Unable to read secret value", e);
            return hashMap;
        }
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Set<String> getPropertyNames() {
        return getProperties().keySet();
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getValue(String str) {
        if (this.hashiCorpVaultToken != null) {
            return getProperties().get(str);
        }
        printMisconfigurationMessage();
        return null;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean setValue(String str, String str2) {
        if (this.hashiCorpVaultToken == null) {
            printMisconfigurationMessage();
            return false;
        }
        Map<String, String> properties = getProperties();
        properties.put(str, str2);
        return modifySecret(properties);
    }

    private boolean modifySecret(Map<String, String> map) {
        String str = this.vaultAddress + "/v1/" + this.secretsEnginePath + "/data/" + this.secretsPath;
        if (this.apiVersion == 1) {
            str = this.vaultAddress + "/v1/" + this.secretsEnginePath + "/" + this.secretsPath;
        }
        Response put = this.client.target(str).request().accept(MediaType.APPLICATION_JSON).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).header("Authorization", OpenIdAuthenticationMechanism.BEARER_PREFIX + this.hashiCorpVaultToken).put(Entity.entity(this.apiVersion == 1 ? Json.createObjectBuilder(new HashMap(map)).build().toString() : new SecretHolder(map), MediaType.APPLICATION_JSON));
        if (put.getStatus() == 200) {
            return true;
        }
        LOGGER.log(Level.WARNING, "Failed to modify HashiCorp secret. {0}", put.readEntity(String.class));
        return false;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean deleteValue(String str) {
        if (this.hashiCorpVaultToken == null) {
            printMisconfigurationMessage();
            return false;
        }
        Map<String, String> properties = getProperties();
        properties.remove(str);
        return modifySecret(properties);
    }

    private String readSecretString(InputStream inputStream) {
        JsonParser createParser = Json.createParser(inputStream);
        Throwable th = null;
        while (createParser.hasNext()) {
            try {
                if (createParser.next() == JsonParser.Event.KEY_NAME) {
                    String string = createParser.getString();
                    createParser.next();
                    if ("data".equals(string)) {
                        if (this.apiVersion == 1) {
                            String obj = createParser.getObject().toString();
                            if (createParser != null) {
                                if (0 != 0) {
                                    try {
                                        createParser.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    createParser.close();
                                }
                            }
                            return obj;
                        }
                        String obj2 = createParser.getObject().getJsonObject(string).toString();
                        if (createParser != null) {
                            if (0 != 0) {
                                try {
                                    createParser.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                createParser.close();
                            }
                        }
                        return obj2;
                    }
                }
            } catch (Throwable th4) {
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        createParser.close();
                    }
                }
                throw th4;
            }
        }
        if (createParser == null) {
            return null;
        }
        if (0 == 0) {
            createParser.close();
            return null;
        }
        try {
            createParser.close();
            return null;
        } catch (Throwable th6) {
            th.addSuppressed(th6);
            return null;
        }
    }

    private Map<String, String> readMap(Reader reader) throws JsonParseException, JsonMappingException, IOException {
        return (Map) this.mapper.readValue(reader, new TypeReference<Map<String, String>>() { // from class: fish.payara.microprofile.config.extensions.hashicorp.HashiCorpSecretsConfigSource.1
        });
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public String getSource() {
        return ConfigSourceConstants.CLOUD;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getName() {
        return "hashicorp";
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public int getOrdinal() {
        return Integer.parseInt(this.mpconfig.getCloudOrdinality());
    }

    private static void printMisconfigurationMessage() {
        LOGGER.warning("HashiCorp Secrets Config Source isn't configured correctly. Make sure that the password aliases HASHICORP_VAULT_TOKEN exist.");
    }

    private String removeForwardSlashFromSuffixAndPrefix(String str) {
        if (str.charAt(str.length() - 1) == '/') {
            str = str.substring(0, str.length() - 1);
        }
        if (str.charAt(0) == '/') {
            str = str.substring(1);
        }
        return str;
    }
}
