package com.atlassian.secrets.service.vault;

import com.atlassian.secrets.api.SealedSecret;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.service.IdentifierBasedSecret;
import com.atlassian.secrets.vault.DefaultVaultTemplateFactory;
import com.atlassian.secrets.vault.VaultTemplateFactory;
import com.atlassian.secrets.vault.VaultUtils;
import com.atlassian.secrets.vault.auth.DefaultVaultAuthenticationProvider;
import com.atlassian.secrets.vault.auth.VaultAuthenticationProvider;
import com.atlassian.secrets.vault.auth.VaultConfig;
import java.net.URI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.vault.support.Versioned;

/* loaded from: input_file:com/atlassian/secrets/service/vault/VaultSecretService.class */
public class VaultSecretService implements SecretService {
    private static final Logger log = LoggerFactory.getLogger(VaultSecretService.class);
    private final VaultConfig config;
    private final VaultTemplateFactory templateFactory;
    private final VaultAuthenticationProvider authenticationProvider;

    public VaultSecretService(VaultConfig vaultConfig, VaultTemplateFactory vaultTemplateFactory, VaultAuthenticationProvider vaultAuthenticationProvider) {
        this.config = vaultConfig;
        this.templateFactory = vaultTemplateFactory;
        this.authenticationProvider = vaultAuthenticationProvider;
    }

    public VaultSecretService(VaultConfig vaultConfig) {
        this(vaultConfig, new DefaultVaultTemplateFactory(), new DefaultVaultAuthenticationProvider());
    }

    public SealedSecret seal(String str, String str2) throws SecretServiceException {
        throw new SecretServiceException(new UnsupportedOperationException("Storing secrets in HashiCorp Vault is not supported."));
    }

    public String unseal(SealedSecret sealedSecret) throws SecretServiceException {
        if (!(sealedSecret instanceof IdentifierBasedSecret)) {
            throw new SecretServiceException("Expecting secret identifier but encrypted secret was passed in");
        }
        try {
            IdentifierBasedSecret identifierBasedSecret = (IdentifierBasedSecret) sealedSecret;
            Versioned versioned = this.templateFactory.getTemplate(URI.create(this.config.getEndpoint()), this.authenticationProvider.getAuthentication(this.config)).opsForVersionedKeyValue(this.config.getMount()).get(this.config.getPath());
            log.debug("Retrieved Vault secret: {}", identifierBasedSecret.getIdentifier());
            return VaultUtils.getSecretValueFromReadResponse(versioned, identifierBasedSecret.getIdentifier());
        } catch (Exception e) {
            log.error("Problem when getting the secret value from HashiCorp Vault: {}", e.getMessage());
            throw new SecretServiceException("Problem when getting the secret value from HashiCorp Vault", e);
        }
    }
}
