package org.springframework.cloud.vault.util;

import java.util.Collections;
import java.util.Map;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.vault.core.VaultOperations;
import org.springframework.vault.core.VaultSysOperations;
import org.springframework.vault.support.VaultHealth;
import org.springframework.vault.support.VaultInitializationRequest;
import org.springframework.vault.support.VaultInitializationResponse;
import org.springframework.vault.support.VaultMount;
import org.springframework.vault.support.VaultToken;
import org.springframework.vault.support.VaultTokenRequest;

/* loaded from: input_file:org/springframework/cloud/vault/util/PrepareVault.class */
public class PrepareVault {
    private final VaultOperations vaultOperations;
    private final VaultSysOperations adminOperations;

    public PrepareVault(VaultOperations vaultOperations) {
        this.vaultOperations = vaultOperations;
        this.adminOperations = vaultOperations.opsForSys();
    }

    public VaultToken initializeVault() {
        VaultInitializationResponse initialize = this.vaultOperations.opsForSys().initialize(VaultInitializationRequest.create(2, 2));
        for (int i = 0; i < 2 && this.vaultOperations.opsForSys().unseal((String) initialize.getKeys().get(i)).isSealed(); i++) {
        }
        return initialize.getRootToken();
    }

    public VaultToken createToken(String str, String str2) {
        VaultTokenRequest.VaultTokenRequestBuilder id = VaultTokenRequest.builder().id(str);
        if (StringUtils.hasText(str2)) {
            id.withPolicy(str2);
        }
        return this.vaultOperations.opsForToken().create(id.build()).getToken();
    }

    public boolean isAvailable() {
        return this.adminOperations.isInitialized() && !this.adminOperations.health().isSealed();
    }

    public void mountAuth(String str) {
        Assert.hasText(str, "AuthBackend must not be empty");
        this.adminOperations.authMount(str, VaultMount.create(str));
    }

    public boolean hasAuth(String str) {
        Assert.hasText(str, "AuthBackend must not be empty");
        return this.adminOperations.getAuthMounts().containsKey(str + "/");
    }

    public void mountSecret(String str) {
        mountSecret(str, str, Collections.emptyMap());
    }

    public void mountSecret(String str, String str2, Map<String, Object> map) {
        Assert.hasText(str, "SecretBackend must not be empty");
        Assert.hasText(str2, "Mount path must not be empty");
        Assert.notNull(map, "Configuration must not be null");
        this.adminOperations.mount(str2, VaultMount.builder().type(str).config(map).build());
    }

    public boolean hasSecretBackend(String str) {
        Assert.hasText(str, "SecretBackend must not be empty");
        Map mounts = this.adminOperations.getMounts();
        return mounts.containsKey(str) || mounts.containsKey(new StringBuilder().append(str).append("/").toString());
    }

    public VaultOperations getVaultOperations() {
        return this.vaultOperations;
    }

    public Version getVersion() {
        VaultHealth health = getVaultOperations().opsForSys().health();
        if (!StringUtils.hasText(health.getVersion())) {
            return Version.parse("0.0.0");
        }
        String version = health.getVersion();
        if (version.startsWith("Vault v")) {
            version = version.substring(7);
        }
        return Version.parse(version);
    }

    public void disableGenericVersioning() {
        this.vaultOperations.opsForSys().unmount("secret");
        this.vaultOperations.opsForSys().mount("secret", VaultMount.builder().type("kv").config(Collections.singletonMap("versioned", false)).build());
    }

    public void mountVersionedKvBackend() {
        mountSecret("kv", "versioned", Collections.emptyMap());
        this.vaultOperations.write("sys/mounts/versioned/tune", Collections.singletonMap("options", Collections.singletonMap("version", "2")));
    }
}
