package org.springframework.vault.authentication;

import java.util.Collections;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import org.springframework.vault.authentication.AuthenticationSteps;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/ClientCertificateAuthentication.class */
public class ClientCertificateAuthentication implements ClientAuthentication, AuthenticationStepsFactory {
    private static final Log logger = LogFactory.getLog((Class<?>) ClientCertificateAuthentication.class);
    private final ClientCertificateAuthenticationOptions options;
    private final RestOperations restOperations;

    public ClientCertificateAuthentication(RestOperations restOperations) {
        this(ClientCertificateAuthenticationOptions.builder().build(), restOperations);
    }

    public ClientCertificateAuthentication(ClientCertificateAuthenticationOptions clientCertificateAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(clientCertificateAuthenticationOptions, "ClientCertificateAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.restOperations = restOperations;
        this.options = clientCertificateAuthenticationOptions;
    }

    public static AuthenticationSteps createAuthenticationSteps() {
        return createAuthenticationSteps(ClientCertificateAuthenticationOptions.builder().build());
    }

    public static AuthenticationSteps createAuthenticationSteps(ClientCertificateAuthenticationOptions clientCertificateAuthenticationOptions) {
        Assert.notNull(clientCertificateAuthenticationOptions, "ClientCertificateAuthenticationOptions must not be null");
        return AuthenticationSteps.just((AuthenticationSteps.HttpRequest<VaultResponse>) AuthenticationSteps.HttpRequestBuilder.post(AuthenticationUtil.getLoginPath(clientCertificateAuthenticationOptions.getPath()), new String[0]).as(VaultResponse.class));
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() {
        return createTokenUsingTlsCertAuthentication();
    }

    @Override // org.springframework.vault.authentication.AuthenticationStepsFactory
    public AuthenticationSteps getAuthenticationSteps() {
        return createAuthenticationSteps(this.options);
    }

    private VaultToken createTokenUsingTlsCertAuthentication() {
        try {
            VaultResponse vaultResponse = (VaultResponse) this.restOperations.postForObject(AuthenticationUtil.getLoginPath(this.options.getPath()), Collections.emptyMap(), VaultResponse.class, new Object[0]);
            Assert.state(vaultResponse.getAuth() != null, "Auth field must not be null");
            logger.debug("Login successful using TLS certificates");
            return LoginTokenUtil.from(vaultResponse.getAuth());
        } catch (RestClientException e) {
            throw VaultLoginException.create("TLS Certificates", e);
        }
    }
}
