package com.atlassian.secrets.service.vault;

import com.atlassian.secrets.api.SealedSecret;
import com.atlassian.secrets.api.SecretServiceBackend;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.api.SecretServiceType;
import com.atlassian.secrets.service.IdentifierBasedSecret;
import com.atlassian.secrets.vault.DefaultVaultTemplateFactory;
import com.atlassian.secrets.vault.VaultTemplateFactory;
import com.atlassian.secrets.vault.VaultUtils;
import com.atlassian.secrets.vault.auth.DefaultVaultAuthenticationProvider;
import com.atlassian.secrets.vault.auth.VaultAuthenticationProvider;
import com.atlassian.secrets.vault.auth.VaultConfig;
import java.net.URI;
import java.util.Collections;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.support.Versioned;

/* loaded from: input_file:com/atlassian/secrets/service/vault/VaultSecretBackend.class */
public class VaultSecretBackend implements SecretServiceBackend {
    private static final Logger log = LoggerFactory.getLogger(VaultSecretBackend.class);
    public static final String SECRET_KEY = "value";
    private final String backendId;
    private final VaultConfig config;
    private final VaultAuthenticationProvider authenticationProvider;
    private final VaultTemplateFactory templateFactory;
    private VaultTemplate vaultTemplate;

    public VaultSecretBackend(String str, VaultConfig vaultConfig) {
        this(str, vaultConfig, new DefaultVaultTemplateFactory(), new DefaultVaultAuthenticationProvider());
    }

    public VaultSecretBackend(String str, VaultConfig vaultConfig, VaultTemplateFactory vaultTemplateFactory, VaultAuthenticationProvider vaultAuthenticationProvider) {
        this.backendId = str;
        this.config = vaultConfig;
        this.templateFactory = vaultTemplateFactory;
        this.authenticationProvider = vaultAuthenticationProvider;
    }

    public SealedSecret seal(String str, String str2) throws SecretServiceException {
        Assert.hasText(str, "Secret identifier must not be empty.");
        try {
            Map singletonMap = Collections.singletonMap(SECRET_KEY, str2);
            String secretPath = getSecretPath(str);
            getVaultTemplate().opsForVersionedKeyValue(this.config.getMount()).put(secretPath, singletonMap);
            log.debug("Stored secret in Vault on path {}", secretPath);
            return new IdentifierBasedSecret(str, this.backendId);
        } catch (RuntimeException e) {
            throw new SecretServiceException("Problem when saving the secret value to HashiCorp Vault", e);
        }
    }

    public String unseal(SealedSecret sealedSecret) throws SecretServiceException {
        if (!(sealedSecret instanceof IdentifierBasedSecret)) {
            throw new SecretServiceException("Expecting secret with identifier but encrypted secret was passed in.");
        }
        try {
            String secretPath = getSecretPath(sealedSecret.getIdentifier());
            log.debug("Retrieving secret from Vault on mount {} and path {}.", secretPath, this.config.getMount());
            Versioned versioned = getVaultTemplate().opsForVersionedKeyValue(this.config.getMount()).get(secretPath);
            log.debug("Retrieved secret from Vault on path {}.", secretPath);
            return VaultUtils.getSecretValueFromReadResponse(versioned, SECRET_KEY);
        } catch (RuntimeException e) {
            throw new SecretServiceException("Problem when getting the secret value from HashiCorp Vault", e);
        }
    }

    public void delete(String str) throws SecretServiceException {
        try {
            String secretPath = getSecretPath(str);
            log.debug("Deleting secret from Vault on mount {} and path {}.", secretPath, this.config.getMount());
            getVaultTemplate().opsForVersionedKeyValue(this.config.getMount()).delete(secretPath);
            log.debug("Deleted secret from Vault on path {}.", secretPath);
        } catch (RuntimeException e) {
            throw new SecretServiceException("Problem when deleting the secret value from Vault", e);
        }
    }

    public SecretServiceType getType() {
        return SecretServiceType.VAULT;
    }

    private synchronized VaultTemplate getVaultTemplate() {
        if (this.vaultTemplate == null) {
            this.vaultTemplate = this.templateFactory.getTemplate(URI.create(this.config.getEndpoint()), this.authenticationProvider.getAuthentication(this.config));
        }
        return this.vaultTemplate;
    }

    String getSecretPath(String str) {
        return String.format("%s/%s", this.config.getPath(), str);
    }
}
