package io.pivotal.spring.cloud.config.client;

import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.config.client.ConfigClientAutoConfiguration;
import org.springframework.cloud.config.client.ConfigClientProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({ConfigClientOAuth2Properties.class})
@EnableScheduling
@Configuration
@AutoConfigureAfter({ConfigClientAutoConfiguration.class})
@ConditionalOnBean({ConfigClientProperties.class})
@ConditionalOnProperty(prefix = ConfigClientProperties.PREFIX, name = {OAuth2ParameterNames.TOKEN, "client.oauth2.clientId", "client.oauth2.clientSecret", "client.oauth2.accessTokenUri"})
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-services-config-client-autoconfigure-3.5.4.jar:io/pivotal/spring/cloud/config/client/VaultTokenRenewalAutoConfiguration.class */
public class VaultTokenRenewalAutoConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) VaultTokenRenewalAutoConfiguration.class);

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-services-config-client-autoconfigure-3.5.4.jar:io/pivotal/spring/cloud/config/client/VaultTokenRenewalAutoConfiguration$VaultTokenRefresher.class */
    static class VaultTokenRefresher {
        private final String obscuredToken;
        private final long renewTTL;
        private final String refreshUri;
        private final HttpEntity<Map<String, Long>> request;
        private final RestTemplate restTemplate;

        VaultTokenRefresher(RestTemplate restTemplate, String str, long j, String str2, HttpEntity<Map<String, Long>> httpEntity) {
            this.restTemplate = restTemplate;
            this.obscuredToken = str;
            this.renewTTL = j;
            this.refreshUri = str2;
            this.request = httpEntity;
        }

        @Scheduled(fixedRateString = "${vault.token.renew.rate:60000}")
        public void refreshVaultToken() {
            try {
                VaultTokenRenewalAutoConfiguration.LOGGER.debug("Renewing Vault token " + this.obscuredToken + " for " + this.renewTTL + " milliseconds.");
                this.restTemplate.postForObject(this.refreshUri, this.request, String.class, new Object[0]);
            } catch (RestClientException e) {
                VaultTokenRenewalAutoConfiguration.LOGGER.error("Unable to renew Vault token " + this.obscuredToken + ". Is the token invalid or expired?");
            }
        }
    }

    @Bean
    public VaultTokenRefresher vaultTokenRefresher(ConfigClientProperties configClientProperties, ConfigClientOAuth2Properties configClientOAuth2Properties, @Qualifier("vaultTokenRenewal") RestTemplate restTemplate, @Value("${spring.cloud.config.token}") String str, @Value("${vault.token.ttl:300000}") long j) {
        restTemplate.getInterceptors().add(new OAuth2AuthorizedClientHttpRequestInterceptor(ClientRegistration.withRegistrationId("config-client").authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).clientId(configClientOAuth2Properties.getClientId()).clientSecret(configClientOAuth2Properties.getClientSecret()).tokenUri(configClientOAuth2Properties.getAccessTokenUri()).build()));
        return new VaultTokenRefresher(restTemplate, str.substring(0, 4) + "[*]" + str.substring(str.length() - 4), j, configClientProperties.getUri()[0] + "/vault/v1/auth/token/renew-self", buildTokenRenewRequest(str, j / 1000));
    }

    @Bean({"vaultTokenRenewal"})
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }

    private HttpEntity<Map<String, Long>> buildTokenRenewRequest(String str, long j) {
        HashMap hashMap = new HashMap();
        hashMap.put("increment", Long.valueOf(j));
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("X-Vault-Token", str);
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        return new HttpEntity<>(hashMap, httpHeaders);
    }
}
