package org.springframework.cloud.appbroker.workflow.binding;

import org.springframework.cloud.appbroker.service.CreateServiceInstanceAppBindingWorkflow;
import org.springframework.cloud.servicebroker.model.binding.BindResource;
import org.springframework.cloud.servicebroker.model.binding.CreateServiceInstanceAppBindingResponse;
import org.springframework.cloud.servicebroker.model.binding.CreateServiceInstanceBindingRequest;
import org.springframework.core.annotation.Order;
import org.springframework.credhub.core.CredHubOperations;
import org.springframework.credhub.support.CredentialName;
import org.springframework.credhub.support.json.JsonCredentialRequest;
import org.springframework.credhub.support.permissions.Operation;
import org.springframework.credhub.support.permissions.Permission;
import org.springframework.util.CollectionUtils;
import reactor.core.publisher.Mono;
import reactor.util.Logger;
import reactor.util.Loggers;

@Order(50)
/* loaded from: input_file:org/springframework/cloud/appbroker/workflow/binding/CredHubPersistingCreateServiceInstanceAppBindingWorkflow.class */
public class CredHubPersistingCreateServiceInstanceAppBindingWorkflow extends CredHubPersistingWorkflow implements CreateServiceInstanceAppBindingWorkflow {
    private static final Logger LOG = Loggers.getLogger(CredHubPersistingCreateServiceInstanceAppBindingWorkflow.class);
    private static final String CREDHUB_REF_KEY = "credhub-ref";
    private static final String CREDENTIAL_CLIENT_ID = "credential_client_id";
    private final CredHubOperations credHubOperations;

    public CredHubPersistingCreateServiceInstanceAppBindingWorkflow(CredHubOperations credHubOperations, String str) {
        super(str);
        this.credHubOperations = credHubOperations;
    }

    public Mono<CreateServiceInstanceAppBindingResponse.CreateServiceInstanceAppBindingResponseBuilder> buildResponse(CreateServiceInstanceBindingRequest createServiceInstanceBindingRequest, CreateServiceInstanceAppBindingResponse.CreateServiceInstanceAppBindingResponseBuilder createServiceInstanceAppBindingResponseBuilder) {
        return Mono.just(createServiceInstanceAppBindingResponseBuilder.build()).flatMap(createServiceInstanceAppBindingResponse -> {
            return !CollectionUtils.isEmpty(createServiceInstanceAppBindingResponse.getCredentials()) ? buildCredentialName(createServiceInstanceBindingRequest.getServiceDefinitionId(), createServiceInstanceBindingRequest.getBindingId()).flatMap(serviceInstanceCredentialName -> {
                return persistBindingCredentials(createServiceInstanceBindingRequest, createServiceInstanceAppBindingResponse, serviceInstanceCredentialName).doOnRequest(j -> {
                    LOG.debug("Storing binding credentials with name '{}' in CredHub", new Object[]{serviceInstanceCredentialName.getName()});
                }).doOnSuccess(createServiceInstanceAppBindingResponseBuilder2 -> {
                    LOG.debug("Finished storing binding credentials with name '{}' in CredHub", new Object[]{serviceInstanceCredentialName.getName()});
                }).doOnError(th -> {
                    LOG.error("Error storing binding credentials with name '{}' in CredHub with error: {}", new Object[]{serviceInstanceCredentialName.getName(), th.getMessage()});
                });
            }) : Mono.just(createServiceInstanceAppBindingResponseBuilder);
        });
    }

    private Mono<CreateServiceInstanceAppBindingResponse.CreateServiceInstanceAppBindingResponseBuilder> persistBindingCredentials(CreateServiceInstanceBindingRequest createServiceInstanceBindingRequest, CreateServiceInstanceAppBindingResponse createServiceInstanceAppBindingResponse, CredentialName credentialName) {
        return writeCredential(createServiceInstanceAppBindingResponse, credentialName).then(writePermissions(createServiceInstanceBindingRequest, credentialName)).thenReturn(buildReplacementBindingResponse(createServiceInstanceAppBindingResponse, credentialName));
    }

    private Mono<Void> writeCredential(CreateServiceInstanceAppBindingResponse createServiceInstanceAppBindingResponse, CredentialName credentialName) {
        return Mono.fromCallable(() -> {
            this.credHubOperations.credentials().write(JsonCredentialRequest.builder().name(credentialName).value(createServiceInstanceAppBindingResponse.getCredentials()).build());
            return null;
        });
    }

    private Mono<Void> writePermissions(CreateServiceInstanceBindingRequest createServiceInstanceBindingRequest, CredentialName credentialName) {
        return Mono.fromCallable(() -> {
            BindResource bindResource = createServiceInstanceBindingRequest.getBindResource();
            if (bindResource.getAppGuid() != null) {
                this.credHubOperations.permissionsV2().addPermissions(credentialName, Permission.builder().app(bindResource.getAppGuid()).operation(Operation.READ).build());
            }
            if (bindResource.getProperty(CREDENTIAL_CLIENT_ID) == null) {
                return null;
            }
            this.credHubOperations.permissionsV2().addPermissions(credentialName, Permission.builder().client(bindResource.getProperty(CREDENTIAL_CLIENT_ID).toString()).operation(Operation.READ).build());
            return null;
        });
    }

    private CreateServiceInstanceAppBindingResponse.CreateServiceInstanceAppBindingResponseBuilder buildReplacementBindingResponse(CreateServiceInstanceAppBindingResponse createServiceInstanceAppBindingResponse, CredentialName credentialName) {
        return CreateServiceInstanceAppBindingResponse.builder().async(createServiceInstanceAppBindingResponse.isAsync()).bindingExisted(createServiceInstanceAppBindingResponse.isBindingExisted()).credentials(CREDHUB_REF_KEY, credentialName.getName()).operation(createServiceInstanceAppBindingResponse.getOperation()).syslogDrainUrl(createServiceInstanceAppBindingResponse.getSyslogDrainUrl()).volumeMounts(createServiceInstanceAppBindingResponse.getVolumeMounts());
    }
}
