package org.springframework.vault.authentication;

import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.authentication.AuthenticationSteps;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/AzureMsiAuthentication.class */
public class AzureMsiAuthentication implements ClientAuthentication, AuthenticationStepsFactory {
    private static final Log logger = LogFactory.getLog(AzureMsiAuthentication.class);
    private static final HttpEntity<Void> METADATA_HEADERS;
    private final AzureMsiAuthenticationOptions options;
    private final RestOperations vaultRestOperations;
    private final RestOperations azureMetadataRestOperations;

    public AzureMsiAuthentication(AzureMsiAuthenticationOptions azureMsiAuthenticationOptions, RestOperations restOperations) {
        this(azureMsiAuthenticationOptions, restOperations, restOperations);
    }

    public AzureMsiAuthentication(AzureMsiAuthenticationOptions azureMsiAuthenticationOptions, RestOperations restOperations, RestOperations restOperations2) {
        Assert.notNull(azureMsiAuthenticationOptions, "AzureAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "Vault RestOperations must not be null");
        Assert.notNull(restOperations2, "Azure Instance Metadata RestOperations must not be null");
        this.options = azureMsiAuthenticationOptions;
        this.vaultRestOperations = restOperations;
        this.azureMetadataRestOperations = restOperations2;
    }

    public static AuthenticationSteps createAuthenticationSteps(AzureMsiAuthenticationOptions azureMsiAuthenticationOptions) {
        Assert.notNull(azureMsiAuthenticationOptions, "AzureMsiAuthenticationOptions must not be null");
        return createAuthenticationSteps(azureMsiAuthenticationOptions, azureMsiAuthenticationOptions.getVmEnvironment());
    }

    protected static AuthenticationSteps createAuthenticationSteps(AzureMsiAuthenticationOptions azureMsiAuthenticationOptions, @Nullable AzureVmEnvironment azureVmEnvironment) {
        return (azureVmEnvironment == null ? AuthenticationSteps.fromHttpRequest(AuthenticationSteps.HttpRequestBuilder.get(azureMsiAuthenticationOptions.getInstanceMetadataServiceUri()).with(METADATA_HEADERS).as(Map.class)).map(AzureMsiAuthentication::toAzureVmEnvironment) : AuthenticationSteps.fromValue(azureVmEnvironment)).zipWith(AuthenticationSteps.fromHttpRequest(AuthenticationSteps.HttpRequestBuilder.get(azureMsiAuthenticationOptions.getIdentityTokenServiceUri()).with(METADATA_HEADERS).as(Map.class)).map(map -> {
            return (String) map.get("access_token");
        })).map(pair -> {
            return getAzureLogin(azureMsiAuthenticationOptions.getRole(), (AzureVmEnvironment) pair.getLeft(), (String) pair.getRight());
        }).login(AuthenticationUtil.getLoginPath(azureMsiAuthenticationOptions.getPath()), new String[0]);
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() throws VaultException {
        return createTokenUsingAzureMsiCompute();
    }

    @Override // org.springframework.vault.authentication.AuthenticationStepsFactory
    public AuthenticationSteps getAuthenticationSteps() {
        return createAuthenticationSteps(this.options);
    }

    private VaultToken createTokenUsingAzureMsiCompute() {
        try {
            VaultResponse vaultResponse = (VaultResponse) this.vaultRestOperations.postForObject(AuthenticationUtil.getLoginPath(this.options.getPath()), getAzureLogin(this.options.getRole(), getVmEnvironment(), getAccessToken()), VaultResponse.class, new Object[0]);
            Assert.state((vaultResponse == null || vaultResponse.getAuth() == null) ? false : true, "Auth field must not be null");
            if (logger.isDebugEnabled()) {
                logger.debug("Login successful using Azure authentication");
            }
            return LoginTokenUtil.from(vaultResponse.getAuth());
        } catch (RestClientException e) {
            throw VaultLoginException.create("Azure", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, String> getAzureLogin(String str, AzureVmEnvironment azureVmEnvironment, String str2) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("role", str);
        linkedHashMap.put("jwt", str2);
        linkedHashMap.put("subscription_id", azureVmEnvironment.getSubscriptionId());
        linkedHashMap.put("resource_group_name", azureVmEnvironment.getResourceGroupName());
        linkedHashMap.put("vm_name", azureVmEnvironment.getVmName());
        linkedHashMap.put("vmss_name", azureVmEnvironment.getVmScaleSetName());
        return linkedHashMap;
    }

    private String getAccessToken() {
        return (String) ((Map) this.azureMetadataRestOperations.exchange(this.options.getIdentityTokenServiceUri(), HttpMethod.GET, METADATA_HEADERS, Map.class).getBody()).get("access_token");
    }

    private AzureVmEnvironment getVmEnvironment() {
        AzureVmEnvironment vmEnvironment = this.options.getVmEnvironment();
        return vmEnvironment != null ? vmEnvironment : fetchAzureVmEnvironment();
    }

    private AzureVmEnvironment fetchAzureVmEnvironment() {
        return toAzureVmEnvironment((Map) this.azureMetadataRestOperations.exchange(this.options.getInstanceMetadataServiceUri(), HttpMethod.GET, METADATA_HEADERS, Map.class).getBody());
    }

    private static AzureVmEnvironment toAzureVmEnvironment(Map<String, Object> map) {
        Map map2 = (Map) map.get("compute");
        return new AzureVmEnvironment((String) map2.get("subscriptionId"), (String) map2.get("resourceGroupName"), (String) map2.get("name"), (String) map2.get("vmScaleSetName"));
    }

    static {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Metadata", "true");
        METADATA_HEADERS = new HttpEntity<>(httpHeaders);
    }
}
