package org.talend.sdk.components.vault.client;

import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.cache.Cache;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import javax.json.bind.annotation.JsonbProperty;
import javax.servlet.ServletContext;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.talend.sdk.components.vault.configuration.Documentation;
import org.talend.sdk.components.vault.server.error.ErrorPayload;

@ApplicationScoped
/* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient.class */
public class VaultClient {
    private static final Logger log = LoggerFactory.getLogger(VaultClient.class);

    @Inject
    private VaultClientSetup setup;

    @Inject
    @VaultHttp
    private WebTarget vault;

    @Inject
    @Documentation("The vault path to retrieve a token.")
    @ConfigProperty(name = "talend.vault.cache.vault.auth.endpoint", defaultValue = "v1/auth/engines/login")
    private String authEndpoint;

    @Inject
    @Documentation("The vault path to decrypt values. You can use the variable `{x-talend-tenant-id}` to replace by `x-talend-tenant-id` header value.")
    @ConfigProperty(name = "talend.vault.cache.vault.decrypt.endpoint", defaultValue = "v1/tenants-keyrings/decrypt/{x-talend-tenant-id}")
    private String decryptEndpoint;

    @Inject
    @Documentation("The vault token to use to log in (will make roleId and secretId ignored). `-` means it is ignored.")
    @ConfigProperty(name = "talend.vault.cache.vault.auth.token", defaultValue = "-")
    private Supplier<String> token;

    @Inject
    @Documentation("The vault role identifier to use to log in (if token is not set). `-` means it is ignored.")
    @ConfigProperty(name = "talend.vault.cache.vault.auth.roleId", defaultValue = "-")
    private Supplier<String> role;

    @Inject
    @Documentation("The vault secret identifier to use to log in (if token is not set). `-` means it is ignored.")
    @ConfigProperty(name = "talend.vault.cache.vault.auth.secretId", defaultValue = "-")
    private Supplier<String> secret;

    @Inject
    @Documentation("How often (in ms) to refresh the vault token.")
    @ConfigProperty(name = "talend.vault.cache.service.auth.refreshDelayMargin", defaultValue = "600000")
    private Long refreshDelayMargin;

    @Inject
    @Documentation("How long (in ms) to wait before retrying a recoverable error or refresh the vault token in case of an authentication failure.")
    @ConfigProperty(name = "talend.vault.cache.service.auth.refreshDelayOnFailure", defaultValue = "1000")
    private Long refreshDelayOnFailure;

    @Inject
    @Documentation("How many times do we retry a recoverable operation in case of a failure.")
    @ConfigProperty(name = "talend.vault.cache.service.auth.numberOfRetryOnFailure", defaultValue = "3")
    private Integer numberOfRetryOnFailure;

    @Inject
    @Documentation("Status code sent when vault can't decipher some values.")
    @ConfigProperty(name = "talend.vault.cache.service.auth.cantDecipherStatusCode", defaultValue = "422")
    private Integer cantDecipherStatusCode;

    @Inject
    @Documentation("The regex to whitelist ciphered keys, others will be passthrough in the output without going to vault.")
    @ConfigProperty(name = "talend.vault.cache.service.decipher.skip.regex", defaultValue = "vault\\:v[0-9]+\\:.*")
    private String passthroughRegex;

    @Inject
    private Cache<String, DecryptedValue> cache;

    @Inject
    private Clock clock;
    private ScheduledExecutorService scheduledExecutorService;
    private Pattern compiledPassthroughRegex;
    private final AtomicReference<Authentication> authToken = new AtomicReference<>();
    private final Predicate<Throwable> shouldRetry = th -> {
        if (!WebApplicationException.class.isInstance(th)) {
            return true;
        }
        int status = ((WebApplicationException) WebApplicationException.class.cast(th)).getResponse().getStatus();
        return Response.Status.NOT_FOUND.getStatusCode() != status && status < 500;
    };

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$Auth.class */
    public static class Auth {
        private boolean renewable;

        @JsonbProperty("lease_duration")
        private long leaseDuration;

        @JsonbProperty("client_token")
        private String clientToken;

        public boolean isRenewable() {
            return this.renewable;
        }

        public long getLeaseDuration() {
            return this.leaseDuration;
        }

        public String getClientToken() {
            return this.clientToken;
        }

        public void setRenewable(boolean z) {
            this.renewable = z;
        }

        public void setLeaseDuration(long j) {
            this.leaseDuration = j;
        }

        public void setClientToken(String str) {
            this.clientToken = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Auth)) {
                return false;
            }
            Auth auth = (Auth) obj;
            if (!auth.canEqual(this) || isRenewable() != auth.isRenewable() || getLeaseDuration() != auth.getLeaseDuration()) {
                return false;
            }
            String clientToken = getClientToken();
            String clientToken2 = auth.getClientToken();
            return clientToken == null ? clientToken2 == null : clientToken.equals(clientToken2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof Auth;
        }

        public int hashCode() {
            int i = (1 * 59) + (isRenewable() ? 79 : 97);
            long leaseDuration = getLeaseDuration();
            int i2 = (i * 59) + ((int) ((leaseDuration >>> 32) ^ leaseDuration));
            String clientToken = getClientToken();
            return (i2 * 59) + (clientToken == null ? 43 : clientToken.hashCode());
        }

        public String toString() {
            return "VaultClient.Auth(renewable=" + isRenewable() + ", leaseDuration=" + getLeaseDuration() + ", clientToken=" + getClientToken() + ")";
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$AuthRequest.class */
    public static class AuthRequest {

        @JsonbProperty("role_id")
        private String roleId;

        @JsonbProperty("secret_id")
        private String secretId;

        public String getRoleId() {
            return this.roleId;
        }

        public String getSecretId() {
            return this.secretId;
        }

        public void setRoleId(String str) {
            this.roleId = str;
        }

        public void setSecretId(String str) {
            this.secretId = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AuthRequest)) {
                return false;
            }
            AuthRequest authRequest = (AuthRequest) obj;
            if (!authRequest.canEqual(this)) {
                return false;
            }
            String roleId = getRoleId();
            String roleId2 = authRequest.getRoleId();
            if (roleId == null) {
                if (roleId2 != null) {
                    return false;
                }
            } else if (!roleId.equals(roleId2)) {
                return false;
            }
            String secretId = getSecretId();
            String secretId2 = authRequest.getSecretId();
            return secretId == null ? secretId2 == null : secretId.equals(secretId2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof AuthRequest;
        }

        public int hashCode() {
            String roleId = getRoleId();
            int hashCode = (1 * 59) + (roleId == null ? 43 : roleId.hashCode());
            String secretId = getSecretId();
            return (hashCode * 59) + (secretId == null ? 43 : secretId.hashCode());
        }

        public String toString() {
            return "VaultClient.AuthRequest(roleId=" + getRoleId() + ", secretId=" + getSecretId() + ")";
        }

        public AuthRequest() {
        }

        public AuthRequest(String str, String str2) {
            this.roleId = str;
            this.secretId = str2;
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$AuthResponse.class */
    public static class AuthResponse {
        private Auth auth;

        public Auth getAuth() {
            return this.auth;
        }

        public void setAuth(Auth auth) {
            this.auth = auth;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof AuthResponse)) {
                return false;
            }
            AuthResponse authResponse = (AuthResponse) obj;
            if (!authResponse.canEqual(this)) {
                return false;
            }
            Auth auth = getAuth();
            Auth auth2 = authResponse.getAuth();
            return auth == null ? auth2 == null : auth.equals(auth2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof AuthResponse;
        }

        public int hashCode() {
            Auth auth = getAuth();
            return (1 * 59) + (auth == null ? 43 : auth.hashCode());
        }

        public String toString() {
            return "VaultClient.AuthResponse(auth=" + getAuth() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$Authentication.class */
    public static class Authentication {
        private final Auth auth;
        private final long expiresAt;

        public Authentication(Auth auth, long j) {
            this.auth = auth;
            this.expiresAt = j;
        }

        public Auth getAuth() {
            return this.auth;
        }

        public long getExpiresAt() {
            return this.expiresAt;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Authentication)) {
                return false;
            }
            Authentication authentication = (Authentication) obj;
            if (!authentication.canEqual(this) || getExpiresAt() != authentication.getExpiresAt()) {
                return false;
            }
            Auth auth = getAuth();
            Auth auth2 = authentication.getAuth();
            return auth == null ? auth2 == null : auth.equals(auth2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof Authentication;
        }

        public int hashCode() {
            long expiresAt = getExpiresAt();
            int i = (1 * 59) + ((int) ((expiresAt >>> 32) ^ expiresAt));
            Auth auth = getAuth();
            return (i * 59) + (auth == null ? 43 : auth.hashCode());
        }

        public String toString() {
            return "VaultClient.Authentication(auth=" + getAuth() + ", expiresAt=" + getExpiresAt() + ")";
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$DecryptData.class */
    public static class DecryptData {

        @JsonbProperty("batch_results")
        private Collection<DecryptResult> batchResults;

        public Collection<DecryptResult> getBatchResults() {
            return this.batchResults;
        }

        public void setBatchResults(Collection<DecryptResult> collection) {
            this.batchResults = collection;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof DecryptData)) {
                return false;
            }
            DecryptData decryptData = (DecryptData) obj;
            if (!decryptData.canEqual(this)) {
                return false;
            }
            Collection<DecryptResult> batchResults = getBatchResults();
            Collection<DecryptResult> batchResults2 = decryptData.getBatchResults();
            return batchResults == null ? batchResults2 == null : batchResults.equals(batchResults2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof DecryptData;
        }

        public int hashCode() {
            Collection<DecryptResult> batchResults = getBatchResults();
            return (1 * 59) + (batchResults == null ? 43 : batchResults.hashCode());
        }

        public String toString() {
            return "VaultClient.DecryptData(batchResults=" + getBatchResults() + ")";
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$DecryptInput.class */
    public static class DecryptInput {
        private String ciphertext;
        private String context;
        private String nonce;

        public String getCiphertext() {
            return this.ciphertext;
        }

        public String getContext() {
            return this.context;
        }

        public String getNonce() {
            return this.nonce;
        }

        public void setCiphertext(String str) {
            this.ciphertext = str;
        }

        public void setContext(String str) {
            this.context = str;
        }

        public void setNonce(String str) {
            this.nonce = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof DecryptInput)) {
                return false;
            }
            DecryptInput decryptInput = (DecryptInput) obj;
            if (!decryptInput.canEqual(this)) {
                return false;
            }
            String ciphertext = getCiphertext();
            String ciphertext2 = decryptInput.getCiphertext();
            if (ciphertext == null) {
                if (ciphertext2 != null) {
                    return false;
                }
            } else if (!ciphertext.equals(ciphertext2)) {
                return false;
            }
            String context = getContext();
            String context2 = decryptInput.getContext();
            if (context == null) {
                if (context2 != null) {
                    return false;
                }
            } else if (!context.equals(context2)) {
                return false;
            }
            String nonce = getNonce();
            String nonce2 = decryptInput.getNonce();
            return nonce == null ? nonce2 == null : nonce.equals(nonce2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof DecryptInput;
        }

        public int hashCode() {
            String ciphertext = getCiphertext();
            int hashCode = (1 * 59) + (ciphertext == null ? 43 : ciphertext.hashCode());
            String context = getContext();
            int hashCode2 = (hashCode * 59) + (context == null ? 43 : context.hashCode());
            String nonce = getNonce();
            return (hashCode2 * 59) + (nonce == null ? 43 : nonce.hashCode());
        }

        public String toString() {
            return "VaultClient.DecryptInput(ciphertext=" + getCiphertext() + ", context=" + getContext() + ", nonce=" + getNonce() + ")";
        }

        public DecryptInput() {
        }

        public DecryptInput(String str, String str2, String str3) {
            this.ciphertext = str;
            this.context = str2;
            this.nonce = str3;
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$DecryptRequest.class */
    public static class DecryptRequest {

        @JsonbProperty("batch_input")
        private Collection<DecryptInput> batchInput;

        public Collection<DecryptInput> getBatchInput() {
            return this.batchInput;
        }

        public void setBatchInput(Collection<DecryptInput> collection) {
            this.batchInput = collection;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof DecryptRequest)) {
                return false;
            }
            DecryptRequest decryptRequest = (DecryptRequest) obj;
            if (!decryptRequest.canEqual(this)) {
                return false;
            }
            Collection<DecryptInput> batchInput = getBatchInput();
            Collection<DecryptInput> batchInput2 = decryptRequest.getBatchInput();
            return batchInput == null ? batchInput2 == null : batchInput.equals(batchInput2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof DecryptRequest;
        }

        public int hashCode() {
            Collection<DecryptInput> batchInput = getBatchInput();
            return (1 * 59) + (batchInput == null ? 43 : batchInput.hashCode());
        }

        public String toString() {
            return "VaultClient.DecryptRequest(batchInput=" + getBatchInput() + ")";
        }

        public DecryptRequest() {
        }

        public DecryptRequest(Collection<DecryptInput> collection) {
            this.batchInput = collection;
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$DecryptResponse.class */
    public static class DecryptResponse {
        private DecryptData data;

        public DecryptData getData() {
            return this.data;
        }

        public void setData(DecryptData decryptData) {
            this.data = decryptData;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof DecryptResponse)) {
                return false;
            }
            DecryptResponse decryptResponse = (DecryptResponse) obj;
            if (!decryptResponse.canEqual(this)) {
                return false;
            }
            DecryptData data = getData();
            DecryptData data2 = decryptResponse.getData();
            return data == null ? data2 == null : data.equals(data2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof DecryptResponse;
        }

        public int hashCode() {
            DecryptData data = getData();
            return (1 * 59) + (data == null ? 43 : data.hashCode());
        }

        public String toString() {
            return "VaultClient.DecryptResponse(data=" + getData() + ")";
        }
    }

    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$DecryptResult.class */
    public static class DecryptResult {
        private String plaintext;
        private String context;
        private String error;

        public String getPlaintext() {
            return this.plaintext;
        }

        public String getContext() {
            return this.context;
        }

        public String getError() {
            return this.error;
        }

        public void setPlaintext(String str) {
            this.plaintext = str;
        }

        public void setContext(String str) {
            this.context = str;
        }

        public void setError(String str) {
            this.error = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof DecryptResult)) {
                return false;
            }
            DecryptResult decryptResult = (DecryptResult) obj;
            if (!decryptResult.canEqual(this)) {
                return false;
            }
            String plaintext = getPlaintext();
            String plaintext2 = decryptResult.getPlaintext();
            if (plaintext == null) {
                if (plaintext2 != null) {
                    return false;
                }
            } else if (!plaintext.equals(plaintext2)) {
                return false;
            }
            String context = getContext();
            String context2 = decryptResult.getContext();
            if (context == null) {
                if (context2 != null) {
                    return false;
                }
            } else if (!context.equals(context2)) {
                return false;
            }
            String error = getError();
            String error2 = decryptResult.getError();
            return error == null ? error2 == null : error.equals(error2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof DecryptResult;
        }

        public int hashCode() {
            String plaintext = getPlaintext();
            int hashCode = (1 * 59) + (plaintext == null ? 43 : plaintext.hashCode());
            String context = getContext();
            int hashCode2 = (hashCode * 59) + (context == null ? 43 : context.hashCode());
            String error = getError();
            return (hashCode2 * 59) + (error == null ? 43 : error.hashCode());
        }

        public String toString() {
            return "VaultClient.DecryptResult(plaintext=" + getPlaintext() + ", context=" + getContext() + ", error=" + getError() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/talend/sdk/components/vault/client/VaultClient$EntryWithIndex.class */
    public static class EntryWithIndex<T> {
        private final int index;
        private final T entry;

        public EntryWithIndex(int i, T t) {
            this.index = i;
            this.entry = t;
        }
    }

    @PostConstruct
    private void init() {
        this.compiledPassthroughRegex = Pattern.compile(this.passthroughRegex);
    }

    @PreDestroy
    private void destroy() {
        this.scheduledExecutorService.shutdownNow();
        try {
            this.scheduledExecutorService.awaitTermination(1L, TimeUnit.MINUTES);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    public void init(@Observes @Initialized(ApplicationScoped.class) ServletContext servletContext) {
        this.scheduledExecutorService = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() { // from class: org.talend.sdk.components.vault.client.VaultClient.1
            private final ThreadGroup group = (ThreadGroup) Optional.ofNullable(System.getSecurityManager()).map((v0) -> {
                return v0.getThreadGroup();
            }).orElseGet(() -> {
                return Thread.currentThread().getThreadGroup();
            });

            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                Thread thread = new Thread(this.group, runnable, "talend-vault-service-refresh", 0L);
                if (thread.isDaemon()) {
                    thread.setDaemon(false);
                }
                if (thread.getPriority() != 5) {
                    thread.setPriority(5);
                }
                return thread;
            }
        });
    }

    public Map<String, String> decrypt(Map<String, String> map) {
        return decrypt(map, null);
    }

    public Map<String, String> decrypt(Map<String, String> map, String str) {
        if ("no-vault".equals(this.setup.getVaultUrl())) {
            return map;
        }
        List list = (List) map.entrySet().stream().filter(entry -> {
            return this.compiledPassthroughRegex.matcher((CharSequence) entry.getValue()).matches();
        }).map(entry2 -> {
            return (String) entry2.getKey();
        }).collect(Collectors.toList());
        return list.isEmpty() ? map : (Map) withRetries(() -> {
            return prepareRequest(map, list, str);
        }, this.shouldRetry).get();
    }

    private CompletableFuture<Map<String, String>> prepareRequest(Map<String, String> map, List<String> list, String str) {
        Stream<String> stream = list.stream();
        Objects.requireNonNull(map);
        return get((Collection) stream.map((v1) -> {
            return r2.get(v1);
        }).collect(Collectors.toList()), this.clock.millis(), str).thenApply(list2 -> {
            return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                Optional filter = Optional.of(Integer.valueOf(list.indexOf(entry.getKey()))).filter(num -> {
                    return num.intValue() >= 0;
                });
                Objects.requireNonNull(list2);
                return (String) filter.map((v1) -> {
                    return r1.get(v1);
                }).map((v0) -> {
                    return v0.getValue();
                }).orElseGet(() -> {
                    return (String) map.get(entry.getKey());
                });
            }));
        });
    }

    private CompletableFuture<List<DecryptedValue>> get(Collection<String> collection, long j, String str) {
        AtomicInteger atomicInteger = new AtomicInteger();
        Collection collection2 = (Collection) collection.stream().map(str2 -> {
            return new EntryWithIndex(atomicInteger.getAndIncrement(), str2);
        }).filter(entryWithIndex -> {
            return (entryWithIndex.entry == null || this.compiledPassthroughRegex.matcher((CharSequence) entryWithIndex.entry).matches()) ? false : true;
        }).collect(Collectors.toList());
        if (collection2.isEmpty()) {
            return doDecipher(collection, j, str).toCompletableFuture();
        }
        if (collection2.size() != collection.size()) {
            return doDecipher(collection, j, str).thenApply(list -> {
                long millis = this.clock.millis();
                collection2.forEach(entryWithIndex2 -> {
                    list.add(entryWithIndex2.index, new DecryptedValue((String) entryWithIndex2.entry, millis));
                });
                return list;
            }).toCompletableFuture();
        }
        long millis = this.clock.millis();
        return CompletableFuture.completedFuture((List) collection.stream().map(str3 -> {
            return new DecryptedValue(str3, millis);
        }).collect(Collectors.toList()));
    }

    private CompletionStage<List<DecryptedValue>> doDecipher(Collection<String> collection, long j, String str) {
        Map map = (Map) new HashSet(collection).stream().collect(Collectors.toMap(Function.identity(), str2 -> {
            return Optional.ofNullable((DecryptedValue) this.cache.get(str2));
        }));
        Collection collection2 = (Collection) map.entrySet().stream().filter(entry -> {
            return !((Optional) entry.getValue()).isPresent();
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toList());
        if (!collection2.isEmpty()) {
            return getOrRequestAuth().thenCompose(authentication -> {
                return (CompletionStage) Optional.ofNullable(authentication.getAuth()).map((v0) -> {
                    return v0.getClientToken();
                }).map(str3 -> {
                    WebTarget path = this.vault.path(this.decryptEndpoint);
                    if (this.decryptEndpoint.contains("x-talend-tenant-id")) {
                        path = path.resolveTemplate("x-talend-tenant-id", Optional.ofNullable(str).orElseThrow(() -> {
                            return new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(new ErrorPayload(ErrorPayload.ErrorDictionary.BAD_FORMAT, "No header x-talend-tenant-id")).build());
                        }));
                    }
                    return path.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).header("X-Vault-Token", str3).rx().post(Entity.entity(new DecryptRequest((Collection) collection2.stream().map(str3 -> {
                        return new DecryptInput(str3, null, null);
                    }).collect(Collectors.toList())), MediaType.APPLICATION_JSON_TYPE), DecryptResponse.class).toCompletableFuture().thenApply(decryptResponse -> {
                        Collection<DecryptResult> batchResults = decryptResponse.getData().getBatchResults();
                        if (batchResults.isEmpty()) {
                            throwError(this.cantDecipherStatusCode.intValue(), "Decrypted values are empty");
                        }
                        List list = (List) batchResults.stream().map((v0) -> {
                            return v0.getError();
                        }).filter((v0) -> {
                            return Objects.nonNull(v0);
                        }).collect(Collectors.toList());
                        if (!list.isEmpty()) {
                            throwError(this.cantDecipherStatusCode.intValue(), "Can't decipher properties: " + list);
                        }
                        Iterator it = collection2.iterator();
                        Map map2 = (Map) batchResults.stream().map(decryptResult -> {
                            return new String(Base64.getDecoder().decode(decryptResult.getPlaintext()), StandardCharsets.UTF_8);
                        }).collect(Collectors.toMap(str4 -> {
                            return (String) it.next();
                        }, str5 -> {
                            return new DecryptedValue(str5, j);
                        }));
                        this.cache.putAll(map2);
                        return (List) collection.stream().map(str6 -> {
                            return (DecryptedValue) map2.getOrDefault(str6, (DecryptedValue) ((Optional) map.get(str6)).orElse(null));
                        }).collect(Collectors.toList());
                    }).exceptionally(th -> {
                        WebApplicationException webApplicationException;
                        Response response;
                        Throwable cause = th.getCause();
                        String str4 = "";
                        int intValue = this.cantDecipherStatusCode.intValue();
                        if (WebApplicationException.class.isInstance(cause) && (response = (webApplicationException = (WebApplicationException) WebApplicationException.class.cast(cause)).getResponse()) != null) {
                            if (ErrorPayload.class.isInstance(response.getEntity())) {
                                throw webApplicationException;
                            }
                            try {
                                str4 = (String) response.readEntity(String.class);
                            } catch (Exception e) {
                            }
                            intValue = response.getStatus();
                            if (intValue == Response.Status.NOT_FOUND.getStatusCode() && str4.isEmpty()) {
                                str4 = "Decryption failed: Endpoint not found, check your setup.";
                            }
                        }
                        if (str4.isEmpty()) {
                            str4 = String.format("Decryption failed: %s", cause.getMessage());
                        }
                        log.error("{} ({}).", str4, Integer.valueOf(intValue));
                        throw new WebApplicationException(str4, Response.status(intValue).entity(new ErrorPayload(ErrorPayload.ErrorDictionary.UNEXPECTED, str4)).build());
                    });
                }).orElseThrow(() -> {
                    return new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(new ErrorPayload(ErrorPayload.ErrorDictionary.UNEXPECTED, "getOrRequestAuth failed")).build());
                });
            });
        }
        Stream<String> stream = collection.stream();
        Objects.requireNonNull(map);
        return CompletableFuture.completedFuture((List) stream.map((v1) -> {
            return r1.get(v1);
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()));
    }

    private CompletionStage<Authentication> getOrRequestAuth() {
        return (CompletionStage) Optional.of(this.token.get()).filter(this::isReloadableConfigSet).map(str -> {
            Auth auth = new Auth();
            auth.setClientToken(str);
            auth.setLeaseDuration(Long.MAX_VALUE);
            auth.setRenewable(false);
            return CompletableFuture.completedFuture(new Authentication(auth, Long.MAX_VALUE));
        }).orElseGet(() -> {
            String str2 = (String) Optional.of(this.role.get()).filter(this::isReloadableConfigSet).orElse(null);
            String str3 = (String) Optional.of(this.secret.get()).filter(this::isReloadableConfigSet).orElse(null);
            return (CompletableFuture) Optional.ofNullable(this.authToken.get()).filter(authentication -> {
                return authentication.getExpiresAt() - this.clock.millis() <= this.refreshDelayMargin.longValue();
            }).map((v0) -> {
                return CompletableFuture.completedFuture(v0);
            }).orElseGet(() -> {
                return doAuth(str2, str3).toCompletableFuture();
            });
        });
    }

    private CompletionStage<Authentication> doAuth(String str, String str2) {
        log.info("Authenticating to vault");
        return this.vault.path(this.authEndpoint).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).rx().post(Entity.entity(new AuthRequest(str, str2), MediaType.APPLICATION_JSON_TYPE), AuthResponse.class).thenApply(authResponse -> {
            log.debug("Authenticated to vault");
            if (authResponse.getAuth() == null || authResponse.getAuth().getClientToken() == null) {
                throwError(500, "Vault didn't return a token");
            } else {
                log.info("Authenticated to vault");
            }
            long millis = (this.clock.millis() + TimeUnit.SECONDS.toMillis(authResponse.getAuth().getLeaseDuration())) - this.refreshDelayMargin.longValue();
            Authentication authentication = new Authentication(authResponse.getAuth(), millis);
            this.authToken.set(authentication);
            if (!this.scheduledExecutorService.isShutdown() && authResponse.getAuth().isRenewable()) {
                this.scheduledExecutorService.schedule(() -> {
                    return doAuth(str, str2);
                }, millis, TimeUnit.MILLISECONDS);
            }
            return authentication;
        }).exceptionally(th -> {
            Throwable cause = th.getCause();
            if (WebApplicationException.class.isInstance(cause)) {
                WebApplicationException webApplicationException = (WebApplicationException) WebApplicationException.class.cast(cause);
                Response response = webApplicationException.getResponse();
                String str3 = "";
                if (ErrorPayload.class.isInstance(webApplicationException.getResponse().getEntity())) {
                    throw webApplicationException;
                }
                try {
                    str3 = (String) response.readEntity(String.class);
                } catch (Exception e) {
                }
                if (str3.isEmpty()) {
                    str3 = cause.getMessage();
                }
                throwError(response.getStatus(), str3);
            }
            throwError(cause);
            return null;
        });
    }

    private <T> CompletableFuture<T> withRetries(Supplier<CompletableFuture<T>> supplier, Predicate<Throwable> predicate) {
        Executor executor = runnable -> {
            this.scheduledExecutorService.schedule(runnable, this.refreshDelayOnFailure.longValue(), TimeUnit.MILLISECONDS);
        };
        return flatten(supplier.get().thenApply((Function) CompletableFuture::completedFuture).exceptionally((Function<Throwable, ? extends U>) th -> {
            return retryFuture(supplier, 1, th, predicate, executor);
        }));
    }

    private <T> CompletableFuture<T> retryFuture(Supplier<CompletableFuture<T>> supplier, int i, Throwable th, Predicate<Throwable> predicate, Executor executor) {
        int i2 = i + 1;
        log.info("[retryFuture] Retry failed operation ({}/{}). Reason: {}.", new Object[]{Integer.valueOf(i), this.numberOfRetryOnFailure, th.getMessage()});
        if (i2 > this.numberOfRetryOnFailure.intValue() || !predicate.test(th.getCause())) {
            log.info("[retryFuture] Stop retry failed operation (condition triggered).");
            throwError(th.getCause());
        }
        return flatten(flatten(CompletableFuture.supplyAsync(supplier, executor)).thenApply((Function) CompletableFuture::completedFuture).exceptionally((Function<Throwable, ? extends U>) th2 -> {
            return retryFuture(supplier, i2, th2, predicate, executor);
        }));
    }

    private <T> CompletableFuture<T> flatten(CompletableFuture<CompletableFuture<T>> completableFuture) {
        return (CompletableFuture<T>) completableFuture.thenCompose(Function.identity());
    }

    private void throwError(int i, String str) {
        throw new WebApplicationException(str, Response.status(i).entity(new ErrorPayload(ErrorPayload.ErrorDictionary.UNEXPECTED, str)).build());
    }

    private void throwError(Throwable th) {
        String str = "";
        int intValue = this.cantDecipherStatusCode.intValue();
        if (WebApplicationException.class.isInstance(th)) {
            WebApplicationException webApplicationException = (WebApplicationException) WebApplicationException.class.cast(th);
            Response response = webApplicationException.getResponse();
            intValue = response.getStatus();
            if (response != null) {
                if (ErrorPayload.class.isInstance(response.getEntity())) {
                    throw webApplicationException;
                }
                try {
                    str = (String) response.readEntity(String.class);
                } catch (Exception e) {
                }
            }
        }
        if (str.isEmpty()) {
            str = th.getMessage();
        }
        throw new WebApplicationException(str, Response.status(intValue).entity(new ErrorPayload(ErrorPayload.ErrorDictionary.UNEXPECTED, str)).build());
    }

    private boolean isReloadableConfigSet(String str) {
        return !"-".equals(str);
    }

    public VaultClientSetup getSetup() {
        return this.setup;
    }

    public WebTarget getVault() {
        return this.vault;
    }

    public String getAuthEndpoint() {
        return this.authEndpoint;
    }

    public String getDecryptEndpoint() {
        return this.decryptEndpoint;
    }

    public Supplier<String> getToken() {
        return this.token;
    }

    public Supplier<String> getRole() {
        return this.role;
    }

    public Supplier<String> getSecret() {
        return this.secret;
    }

    public Long getRefreshDelayMargin() {
        return this.refreshDelayMargin;
    }

    public Long getRefreshDelayOnFailure() {
        return this.refreshDelayOnFailure;
    }

    public Integer getNumberOfRetryOnFailure() {
        return this.numberOfRetryOnFailure;
    }

    public Integer getCantDecipherStatusCode() {
        return this.cantDecipherStatusCode;
    }

    public String getPassthroughRegex() {
        return this.passthroughRegex;
    }

    public Cache<String, DecryptedValue> getCache() {
        return this.cache;
    }

    public Clock getClock() {
        return this.clock;
    }

    public AtomicReference<Authentication> getAuthToken() {
        return this.authToken;
    }

    public ScheduledExecutorService getScheduledExecutorService() {
        return this.scheduledExecutorService;
    }

    public Pattern getCompiledPassthroughRegex() {
        return this.compiledPassthroughRegex;
    }

    public Predicate<Throwable> getShouldRetry() {
        return this.shouldRetry;
    }

    public void setSetup(VaultClientSetup vaultClientSetup) {
        this.setup = vaultClientSetup;
    }

    public void setVault(WebTarget webTarget) {
        this.vault = webTarget;
    }

    public void setAuthEndpoint(String str) {
        this.authEndpoint = str;
    }

    public void setDecryptEndpoint(String str) {
        this.decryptEndpoint = str;
    }

    public void setToken(Supplier<String> supplier) {
        this.token = supplier;
    }

    public void setRole(Supplier<String> supplier) {
        this.role = supplier;
    }

    public void setSecret(Supplier<String> supplier) {
        this.secret = supplier;
    }

    public void setRefreshDelayMargin(Long l) {
        this.refreshDelayMargin = l;
    }

    public void setRefreshDelayOnFailure(Long l) {
        this.refreshDelayOnFailure = l;
    }

    public void setNumberOfRetryOnFailure(Integer num) {
        this.numberOfRetryOnFailure = num;
    }

    public void setCantDecipherStatusCode(Integer num) {
        this.cantDecipherStatusCode = num;
    }

    public void setPassthroughRegex(String str) {
        this.passthroughRegex = str;
    }

    public void setCache(Cache<String, DecryptedValue> cache) {
        this.cache = cache;
    }

    public void setClock(Clock clock) {
        this.clock = clock;
    }

    public void setScheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.scheduledExecutorService = scheduledExecutorService;
    }

    public void setCompiledPassthroughRegex(Pattern pattern) {
        this.compiledPassthroughRegex = pattern;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof VaultClient)) {
            return false;
        }
        VaultClient vaultClient = (VaultClient) obj;
        if (!vaultClient.canEqual(this)) {
            return false;
        }
        Long refreshDelayMargin = getRefreshDelayMargin();
        Long refreshDelayMargin2 = vaultClient.getRefreshDelayMargin();
        if (refreshDelayMargin == null) {
            if (refreshDelayMargin2 != null) {
                return false;
            }
        } else if (!refreshDelayMargin.equals(refreshDelayMargin2)) {
            return false;
        }
        Long refreshDelayOnFailure = getRefreshDelayOnFailure();
        Long refreshDelayOnFailure2 = vaultClient.getRefreshDelayOnFailure();
        if (refreshDelayOnFailure == null) {
            if (refreshDelayOnFailure2 != null) {
                return false;
            }
        } else if (!refreshDelayOnFailure.equals(refreshDelayOnFailure2)) {
            return false;
        }
        Integer numberOfRetryOnFailure = getNumberOfRetryOnFailure();
        Integer numberOfRetryOnFailure2 = vaultClient.getNumberOfRetryOnFailure();
        if (numberOfRetryOnFailure == null) {
            if (numberOfRetryOnFailure2 != null) {
                return false;
            }
        } else if (!numberOfRetryOnFailure.equals(numberOfRetryOnFailure2)) {
            return false;
        }
        Integer cantDecipherStatusCode = getCantDecipherStatusCode();
        Integer cantDecipherStatusCode2 = vaultClient.getCantDecipherStatusCode();
        if (cantDecipherStatusCode == null) {
            if (cantDecipherStatusCode2 != null) {
                return false;
            }
        } else if (!cantDecipherStatusCode.equals(cantDecipherStatusCode2)) {
            return false;
        }
        VaultClientSetup setup = getSetup();
        VaultClientSetup setup2 = vaultClient.getSetup();
        if (setup == null) {
            if (setup2 != null) {
                return false;
            }
        } else if (!setup.equals(setup2)) {
            return false;
        }
        WebTarget vault = getVault();
        WebTarget vault2 = vaultClient.getVault();
        if (vault == null) {
            if (vault2 != null) {
                return false;
            }
        } else if (!vault.equals(vault2)) {
            return false;
        }
        String authEndpoint = getAuthEndpoint();
        String authEndpoint2 = vaultClient.getAuthEndpoint();
        if (authEndpoint == null) {
            if (authEndpoint2 != null) {
                return false;
            }
        } else if (!authEndpoint.equals(authEndpoint2)) {
            return false;
        }
        String decryptEndpoint = getDecryptEndpoint();
        String decryptEndpoint2 = vaultClient.getDecryptEndpoint();
        if (decryptEndpoint == null) {
            if (decryptEndpoint2 != null) {
                return false;
            }
        } else if (!decryptEndpoint.equals(decryptEndpoint2)) {
            return false;
        }
        Supplier<String> token = getToken();
        Supplier<String> token2 = vaultClient.getToken();
        if (token == null) {
            if (token2 != null) {
                return false;
            }
        } else if (!token.equals(token2)) {
            return false;
        }
        Supplier<String> role = getRole();
        Supplier<String> role2 = vaultClient.getRole();
        if (role == null) {
            if (role2 != null) {
                return false;
            }
        } else if (!role.equals(role2)) {
            return false;
        }
        Supplier<String> secret = getSecret();
        Supplier<String> secret2 = vaultClient.getSecret();
        if (secret == null) {
            if (secret2 != null) {
                return false;
            }
        } else if (!secret.equals(secret2)) {
            return false;
        }
        String passthroughRegex = getPassthroughRegex();
        String passthroughRegex2 = vaultClient.getPassthroughRegex();
        if (passthroughRegex == null) {
            if (passthroughRegex2 != null) {
                return false;
            }
        } else if (!passthroughRegex.equals(passthroughRegex2)) {
            return false;
        }
        Cache<String, DecryptedValue> cache = getCache();
        Cache<String, DecryptedValue> cache2 = vaultClient.getCache();
        if (cache == null) {
            if (cache2 != null) {
                return false;
            }
        } else if (!cache.equals(cache2)) {
            return false;
        }
        Clock clock = getClock();
        Clock clock2 = vaultClient.getClock();
        if (clock == null) {
            if (clock2 != null) {
                return false;
            }
        } else if (!clock.equals(clock2)) {
            return false;
        }
        AtomicReference<Authentication> authToken = getAuthToken();
        AtomicReference<Authentication> authToken2 = vaultClient.getAuthToken();
        if (authToken == null) {
            if (authToken2 != null) {
                return false;
            }
        } else if (!authToken.equals(authToken2)) {
            return false;
        }
        ScheduledExecutorService scheduledExecutorService = getScheduledExecutorService();
        ScheduledExecutorService scheduledExecutorService2 = vaultClient.getScheduledExecutorService();
        if (scheduledExecutorService == null) {
            if (scheduledExecutorService2 != null) {
                return false;
            }
        } else if (!scheduledExecutorService.equals(scheduledExecutorService2)) {
            return false;
        }
        Pattern compiledPassthroughRegex = getCompiledPassthroughRegex();
        Pattern compiledPassthroughRegex2 = vaultClient.getCompiledPassthroughRegex();
        if (compiledPassthroughRegex == null) {
            if (compiledPassthroughRegex2 != null) {
                return false;
            }
        } else if (!compiledPassthroughRegex.equals(compiledPassthroughRegex2)) {
            return false;
        }
        Predicate<Throwable> shouldRetry = getShouldRetry();
        Predicate<Throwable> shouldRetry2 = vaultClient.getShouldRetry();
        return shouldRetry == null ? shouldRetry2 == null : shouldRetry.equals(shouldRetry2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof VaultClient;
    }

    public int hashCode() {
        Long refreshDelayMargin = getRefreshDelayMargin();
        int hashCode = (1 * 59) + (refreshDelayMargin == null ? 43 : refreshDelayMargin.hashCode());
        Long refreshDelayOnFailure = getRefreshDelayOnFailure();
        int hashCode2 = (hashCode * 59) + (refreshDelayOnFailure == null ? 43 : refreshDelayOnFailure.hashCode());
        Integer numberOfRetryOnFailure = getNumberOfRetryOnFailure();
        int hashCode3 = (hashCode2 * 59) + (numberOfRetryOnFailure == null ? 43 : numberOfRetryOnFailure.hashCode());
        Integer cantDecipherStatusCode = getCantDecipherStatusCode();
        int hashCode4 = (hashCode3 * 59) + (cantDecipherStatusCode == null ? 43 : cantDecipherStatusCode.hashCode());
        VaultClientSetup setup = getSetup();
        int hashCode5 = (hashCode4 * 59) + (setup == null ? 43 : setup.hashCode());
        WebTarget vault = getVault();
        int hashCode6 = (hashCode5 * 59) + (vault == null ? 43 : vault.hashCode());
        String authEndpoint = getAuthEndpoint();
        int hashCode7 = (hashCode6 * 59) + (authEndpoint == null ? 43 : authEndpoint.hashCode());
        String decryptEndpoint = getDecryptEndpoint();
        int hashCode8 = (hashCode7 * 59) + (decryptEndpoint == null ? 43 : decryptEndpoint.hashCode());
        Supplier<String> token = getToken();
        int hashCode9 = (hashCode8 * 59) + (token == null ? 43 : token.hashCode());
        Supplier<String> role = getRole();
        int hashCode10 = (hashCode9 * 59) + (role == null ? 43 : role.hashCode());
        Supplier<String> secret = getSecret();
        int hashCode11 = (hashCode10 * 59) + (secret == null ? 43 : secret.hashCode());
        String passthroughRegex = getPassthroughRegex();
        int hashCode12 = (hashCode11 * 59) + (passthroughRegex == null ? 43 : passthroughRegex.hashCode());
        Cache<String, DecryptedValue> cache = getCache();
        int hashCode13 = (hashCode12 * 59) + (cache == null ? 43 : cache.hashCode());
        Clock clock = getClock();
        int hashCode14 = (hashCode13 * 59) + (clock == null ? 43 : clock.hashCode());
        AtomicReference<Authentication> authToken = getAuthToken();
        int hashCode15 = (hashCode14 * 59) + (authToken == null ? 43 : authToken.hashCode());
        ScheduledExecutorService scheduledExecutorService = getScheduledExecutorService();
        int hashCode16 = (hashCode15 * 59) + (scheduledExecutorService == null ? 43 : scheduledExecutorService.hashCode());
        Pattern compiledPassthroughRegex = getCompiledPassthroughRegex();
        int hashCode17 = (hashCode16 * 59) + (compiledPassthroughRegex == null ? 43 : compiledPassthroughRegex.hashCode());
        Predicate<Throwable> shouldRetry = getShouldRetry();
        return (hashCode17 * 59) + (shouldRetry == null ? 43 : shouldRetry.hashCode());
    }

    public String toString() {
        return "VaultClient(setup=" + getSetup() + ", vault=" + getVault() + ", authEndpoint=" + getAuthEndpoint() + ", decryptEndpoint=" + getDecryptEndpoint() + ", token=" + getToken() + ", role=" + getRole() + ", secret=" + getSecret() + ", refreshDelayMargin=" + getRefreshDelayMargin() + ", refreshDelayOnFailure=" + getRefreshDelayOnFailure() + ", numberOfRetryOnFailure=" + getNumberOfRetryOnFailure() + ", cantDecipherStatusCode=" + getCantDecipherStatusCode() + ", passthroughRegex=" + getPassthroughRegex() + ", cache=" + getCache() + ", clock=" + getClock() + ", authToken=" + getAuthToken() + ", scheduledExecutorService=" + getScheduledExecutorService() + ", compiledPassthroughRegex=" + getCompiledPassthroughRegex() + ", shouldRetry=" + getShouldRetry() + ")";
    }
}
