package org.springframework.cloud.vault.config.aws;

import java.util.HashMap;
import java.util.Map;
import java.util.StringJoiner;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.vault.config.LeasingSecretBackendMetadata;
import org.springframework.cloud.vault.config.PropertyNameTransformer;
import org.springframework.cloud.vault.config.SecretBackendMetadata;
import org.springframework.cloud.vault.config.SecretBackendMetadataFactory;
import org.springframework.cloud.vault.config.VaultSecretBackendDescriptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.vault.core.lease.domain.RequestedSecret;
import org.springframework.vault.core.util.PropertyTransformer;

@EnableConfigurationProperties({VaultAwsProperties.class})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:org/springframework/cloud/vault/config/aws/VaultConfigAwsBootstrapConfiguration.class */
public class VaultConfigAwsBootstrapConfiguration {

    /* loaded from: input_file:org/springframework/cloud/vault/config/aws/VaultConfigAwsBootstrapConfiguration$AwsSecretBackendMetadataFactory.class */
    public static class AwsSecretBackendMetadataFactory implements SecretBackendMetadataFactory<VaultAwsProperties> {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/springframework/cloud/vault/config/aws/VaultConfigAwsBootstrapConfiguration$AwsSecretBackendMetadataFactory$AwsLeasingSecretBackendMetadata.class */
        public static class AwsLeasingSecretBackendMetadata implements SecretBackendMetadata {
            private final VaultAwsProperties properties;
            private final PropertyNameTransformer transformer;

            AwsLeasingSecretBackendMetadata(VaultAwsProperties vaultAwsProperties, PropertyNameTransformer propertyNameTransformer) {
                this.properties = vaultAwsProperties;
                this.transformer = propertyNameTransformer;
            }

            public String getName() {
                return String.format("%s with Role %s", this.properties.getBackend(), this.properties.getRole());
            }

            public String getPath() {
                return String.format("%s/creds/%s", this.properties.getBackend(), this.properties.getRole());
            }

            public PropertyTransformer getPropertyTransformer() {
                return this.transformer;
            }

            public Map<String, String> getVariables() {
                HashMap hashMap = new HashMap();
                hashMap.put("backend", this.properties.getBackend());
                hashMap.put("key", String.format("creds/%s", this.properties.getRole()));
                return hashMap;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/springframework/cloud/vault/config/aws/VaultConfigAwsBootstrapConfiguration$AwsSecretBackendMetadataFactory$AwsStsLeasingSecretBackendMetadata.class */
        public static class AwsStsLeasingSecretBackendMetadata implements LeasingSecretBackendMetadata {
            private final VaultAwsProperties properties;
            private final PropertyNameTransformer transformer;

            AwsStsLeasingSecretBackendMetadata(VaultAwsProperties vaultAwsProperties, PropertyNameTransformer propertyNameTransformer) {
                this.properties = vaultAwsProperties;
                this.transformer = propertyNameTransformer;
            }

            public String getName() {
                return String.format("%s with Role %s", this.properties.getBackend(), this.properties.getRole());
            }

            public String getPath() {
                StringJoiner stringJoiner = new StringJoiner("&");
                if (!this.properties.getTtl().isZero()) {
                    stringJoiner.add("ttl=" + this.properties.getTtl().toMillis() + "ms");
                }
                if (this.properties.getCredentialType() == AwsCredentialType.ASSUMED_ROLE && StringUtils.hasText(this.properties.getRoleArn())) {
                    stringJoiner.add("role_arn=" + this.properties.getRoleArn());
                }
                return String.format(stringJoiner.length() == 0 ? "%s/sts/%s" : "%s/sts/%s?" + stringJoiner, this.properties.getBackend(), this.properties.getRole());
            }

            public PropertyTransformer getPropertyTransformer() {
                return this.transformer;
            }

            public Map<String, String> getVariables() {
                HashMap hashMap = new HashMap();
                hashMap.put("backend", this.properties.getBackend());
                hashMap.put("key", String.format("sts/%s", this.properties.getRole()));
                return hashMap;
            }

            public RequestedSecret.Mode getLeaseMode() {
                return RequestedSecret.Mode.ROTATE;
            }
        }

        static SecretBackendMetadata forAws(VaultAwsProperties vaultAwsProperties) {
            Assert.notNull(vaultAwsProperties, "VaultAwsProperties must not be null");
            PropertyNameTransformer propertyNameTransformer = new PropertyNameTransformer();
            propertyNameTransformer.addKeyTransformation("access_key", vaultAwsProperties.getAccessKeyProperty());
            propertyNameTransformer.addKeyTransformation("secret_key", vaultAwsProperties.getSecretKeyProperty());
            if (vaultAwsProperties.getCredentialType() != AwsCredentialType.ASSUMED_ROLE && vaultAwsProperties.getCredentialType() != AwsCredentialType.FEDERATION_TOKEN) {
                return new AwsLeasingSecretBackendMetadata(vaultAwsProperties, propertyNameTransformer);
            }
            propertyNameTransformer.addKeyTransformation("security_token", vaultAwsProperties.getSessionTokenKeyProperty());
            return new AwsStsLeasingSecretBackendMetadata(vaultAwsProperties, propertyNameTransformer);
        }

        public SecretBackendMetadata createMetadata(VaultAwsProperties vaultAwsProperties) {
            return forAws(vaultAwsProperties);
        }

        public boolean supports(VaultSecretBackendDescriptor vaultSecretBackendDescriptor) {
            return vaultSecretBackendDescriptor instanceof VaultAwsProperties;
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public AwsSecretBackendMetadataFactory awsSecretBackendMetadataFactory() {
        return new AwsSecretBackendMetadataFactory();
    }
}
