package com.datapipe.jenkins.vault.credentials;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.cloudbees.plugins.credentials.CredentialsScope;
import java.util.Calendar;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/AbstractVaultTokenCredentialWithExpiration.class */
public abstract class AbstractVaultTokenCredentialWithExpiration extends AbstractVaultTokenCredential {
    private static final Logger LOGGER = Logger.getLogger(AbstractVaultTokenCredentialWithExpiration.class.getName());
    private Calendar tokenExpiry;
    private String currentClientToken;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractVaultTokenCredentialWithExpiration(CredentialsScope credentialsScope, String str, String str2) {
        super(credentialsScope, str, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredential
    public abstract String getToken(Vault vault);

    @Override // com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredential, com.datapipe.jenkins.vault.credentials.VaultCredential
    public Vault authorizeWithVault(VaultConfig vaultConfig) {
        Vault vault = getVault(vaultConfig);
        if (tokenExpired()) {
            this.currentClientToken = getToken(vault);
            vaultConfig.token(this.currentClientToken);
            setTokenExpiry(vault);
        } else {
            vaultConfig.token(this.currentClientToken);
        }
        return vault;
    }

    protected Vault getVault(VaultConfig vaultConfig) {
        return new Vault(vaultConfig);
    }

    private void setTokenExpiry(Vault vault) {
        int i = 0;
        try {
            i = (int) vault.auth().lookupSelf().getTTL();
        } catch (VaultException e) {
            LOGGER.log(Level.WARNING, "Could not determine token expiration. Check if token is allowed to access auth/token/lookup-self. Assuming token TTL expired.", e);
        }
        this.tokenExpiry = Calendar.getInstance();
        this.tokenExpiry.add(13, i);
    }

    private boolean tokenExpired() {
        if (this.tokenExpiry == null) {
            return true;
        }
        boolean z = true;
        long timeInMillis = Calendar.getInstance().getTimeInMillis() - this.tokenExpiry.getTimeInMillis();
        if (timeInMillis < -10000) {
            z = false;
            LOGGER.log(Level.FINE, "Auth token is still valid");
        } else {
            LOGGER.log(Level.FINE, "Auth token has to be re-issued" + timeInMillis);
        }
        return z;
    }
}
