package org.springframework.cloud.config.server.environment.vault.authentication;

import org.springframework.cloud.config.server.environment.VaultEnvironmentProperties;
import org.springframework.cloud.config.server.environment.vault.SpringVaultClientAuthenticationProvider;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.PcfAuthentication;
import org.springframework.vault.authentication.PcfAuthenticationOptions;
import org.springframework.vault.authentication.ResourceCredentialSupplier;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/cloud/config/server/environment/vault/authentication/PcfClientAuthenticationProvider.class */
public class PcfClientAuthenticationProvider extends SpringVaultClientAuthenticationProvider {
    public PcfClientAuthenticationProvider() {
        super(VaultEnvironmentProperties.AuthenticationMethod.PCF);
    }

    @Override // org.springframework.cloud.config.server.environment.vault.SpringVaultClientAuthenticationProvider
    public ClientAuthentication getClientAuthentication(VaultEnvironmentProperties vaultEnvironmentProperties, RestOperations restOperations, RestOperations restOperations2) {
        VaultEnvironmentProperties.PcfProperties pcf = vaultEnvironmentProperties.getPcf();
        assertClassPresent("org.bouncycastle.crypto.signers.PSSSigner", missingClassForAuthMethod("BouncyCastle", "bcpkix-jdk15on", VaultEnvironmentProperties.AuthenticationMethod.PCF));
        Assert.hasText(pcf.getRole(), missingPropertyForAuthMethod("pcf.role", VaultEnvironmentProperties.AuthenticationMethod.PCF));
        PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder path = PcfAuthenticationOptions.builder().role(pcf.getRole()).path(pcf.getPcfPath());
        if (pcf.getInstanceCertificate() != null) {
            path.instanceCertificate(new ResourceCredentialSupplier(pcf.getInstanceCertificate()));
        } else {
            path.instanceCertificate(new ResourceCredentialSupplier(resolveEnvVariable("CF_INSTANCE_CERT")));
        }
        if (pcf.getInstanceKey() != null) {
            path.instanceKey(new ResourceCredentialSupplier(pcf.getInstanceKey()));
        } else {
            path.instanceKey(new ResourceCredentialSupplier(resolveEnvVariable("CF_INSTANCE_KEY")));
        }
        return new PcfAuthentication(path.build(), restOperations);
    }

    private static String resolveEnvVariable(String str) {
        String str2 = System.getenv(str);
        if (ObjectUtils.isEmpty(str2)) {
            throw new IllegalStateException(String.format("Environment variable %s not set", str));
        }
        return str2;
    }
}
