package com.azure.spring.cloud.config.stores;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretAsyncClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.azure.spring.cloud.config.KeyVaultCredentialProvider;
import com.azure.spring.cloud.config.KeyVaultSecretProvider;
import com.azure.spring.cloud.config.SecretClientBuilderSetup;
import com.azure.spring.cloud.config.properties.AppConfigurationProperties;
import com.azure.spring.cloud.config.resource.AppConfigManagedIdentityProperties;
import java.net.URI;
import java.time.Duration;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/azure/spring/cloud/config/stores/KeyVaultClient.class */
public final class KeyVaultClient {
    private SecretAsyncClient secretClient;
    private final AppConfigurationProperties properties;
    private final SecretClientBuilderSetup keyVaultClientProvider;
    private final URI uri;
    private final TokenCredential tokenCredential;
    private final KeyVaultSecretProvider keyVaultSecretProvider;
    private Boolean useSecretResolver = false;

    public KeyVaultClient(AppConfigurationProperties appConfigurationProperties, URI uri, KeyVaultCredentialProvider keyVaultCredentialProvider, SecretClientBuilderSetup secretClientBuilderSetup, KeyVaultSecretProvider keyVaultSecretProvider) {
        this.properties = appConfigurationProperties;
        this.uri = uri;
        if (keyVaultCredentialProvider != null) {
            this.tokenCredential = keyVaultCredentialProvider.getKeyVaultCredential("https://" + uri.getHost());
        } else {
            this.tokenCredential = null;
        }
        this.keyVaultClientProvider = secretClientBuilderSetup;
        this.keyVaultSecretProvider = keyVaultSecretProvider;
    }

    KeyVaultClient build() {
        SecretClientBuilder builder = getBuilder();
        AppConfigManagedIdentityProperties managedIdentity = this.properties.getManagedIdentity();
        String str = "https://" + this.uri.getHost();
        if (this.tokenCredential != null && managedIdentity != null) {
            throw new IllegalArgumentException("More than 1 Conncetion method was set for connecting to Key Vault.");
        }
        if (this.tokenCredential != null) {
            builder.credential(this.tokenCredential);
        } else if (managedIdentity != null && StringUtils.hasText(managedIdentity.getClientId())) {
            builder.credential(new ManagedIdentityCredentialBuilder().clientId(managedIdentity.getClientId()).build());
        } else if (this.keyVaultSecretProvider != null) {
            this.useSecretResolver = true;
        } else {
            builder.credential(new ManagedIdentityCredentialBuilder().build());
        }
        builder.vaultUrl(str);
        if (this.keyVaultClientProvider != null) {
            this.keyVaultClientProvider.setup(builder, str);
        }
        if (!this.useSecretResolver.booleanValue()) {
            this.secretClient = builder.buildAsyncClient();
        }
        return this;
    }

    public KeyVaultSecret getSecret(URI uri, int i) {
        if (this.secretClient == null && !this.useSecretResolver.booleanValue()) {
            build();
        }
        if (this.useSecretResolver.booleanValue()) {
            return new KeyVaultSecret((String) null, this.keyVaultSecretProvider.getSecret(uri.getRawPath()));
        }
        String[] split = uri.getPath().split("/");
        return (KeyVaultSecret) this.secretClient.getSecret(split.length >= 3 ? split[2] : null, split.length >= 4 ? split[3] : null).block(Duration.ofSeconds(i));
    }

    SecretClientBuilder getBuilder() {
        return new SecretClientBuilder();
    }
}
