package com.datapipe.jenkins.vault.jcasc.secrets;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.datapipe.jenkins.vault.exception.VaultPluginException;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;

/* loaded from: input_file:WEB-INF/lib/hashicorp-vault-plugin.jar:com/datapipe/jenkins/vault/jcasc/secrets/VaultKubernetesAuthenticator.class */
public class VaultKubernetesAuthenticator extends VaultAuthenticatorWithExpiration {
    private static final Logger LOGGER = Logger.getLogger(VaultKubernetesAuthenticator.class.getName());
    private static final String SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
    private VaultKubernetes kubernetes;
    private String mountPath;
    private String jwt;

    public VaultKubernetesAuthenticator(VaultKubernetes vaultKubernetes, String str) {
        this.kubernetes = vaultKubernetes;
        this.mountPath = str;
    }

    @Override // com.datapipe.jenkins.vault.jcasc.secrets.VaultAuthenticator
    @SuppressFBWarnings({"DMI_HARDCODED_ABSOLUTE_FILENAME"})
    public void authenticate(Vault vault, VaultConfig vaultConfig) throws VaultException, VaultPluginException {
        if (!isTokenTTLExpired()) {
            vaultConfig.token(this.currentAuthToken).build();
            return;
        }
        try {
            this.jwt = (String) Files.lines(Paths.get(SERVICE_ACCOUNT_TOKEN_PATH, new String[0])).collect(Collectors.joining());
            this.currentAuthToken = vault.auth().loginByJwt(this.mountPath, this.kubernetes.getRole(), this.jwt).getAuthClientToken();
            vaultConfig.token(this.currentAuthToken).build();
            LOGGER.log(Level.FINE, "Login to Vault using Kubernetes successful");
            getTTLExpiryOfCurrentToken(vault);
        } catch (IOException e) {
            throw new VaultPluginException("could not get JWT from Service Account Token", e);
        }
    }

    @Override // com.datapipe.jenkins.vault.jcasc.secrets.VaultAuthenticatorWithExpiration
    public boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // com.datapipe.jenkins.vault.jcasc.secrets.VaultAuthenticatorWithExpiration
    public int hashCode() {
        return Objects.hash(this.kubernetes);
    }

    @Override // com.datapipe.jenkins.vault.jcasc.secrets.VaultAuthenticatorWithExpiration
    public /* bridge */ /* synthetic */ void getTTLExpiryOfCurrentToken(Vault vault) {
        super.getTTLExpiryOfCurrentToken(vault);
    }

    @Override // com.datapipe.jenkins.vault.jcasc.secrets.VaultAuthenticatorWithExpiration
    public /* bridge */ /* synthetic */ boolean isTokenTTLExpired() {
        return super.isTokenTTLExpired();
    }
}
