package org.springframework.vault.authentication;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;
import org.springframework.vault.client.VaultResponses;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/springframework/vault/authentication/AppRoleAuthentication.class */
public class AppRoleAuthentication implements ClientAuthentication {
    private static final Log logger = LogFactory.getLog(AppRoleAuthentication.class);
    private final AppRoleAuthenticationOptions options;
    private final RestOperations restOperations;

    public AppRoleAuthentication(AppRoleAuthenticationOptions appRoleAuthenticationOptions, RestOperations restOperations) {
        Assert.notNull(appRoleAuthenticationOptions, "AppRoleAuthenticationOptions must not be null");
        Assert.notNull(restOperations, "RestOperations must not be null");
        this.options = appRoleAuthenticationOptions;
        this.restOperations = restOperations;
    }

    @Override // org.springframework.vault.authentication.ClientAuthentication
    public VaultToken login() {
        return createTokenUsingAppRole();
    }

    private VaultToken createTokenUsingAppRole() {
        try {
            VaultResponse vaultResponse = (VaultResponse) this.restOperations.postForObject("/auth/{mount}/login", getAppRoleLogin(this.options.getRoleId(), this.options.getSecretId()), VaultResponse.class, new Object[]{this.options.getPath()});
            logger.debug("Login successful using AppRole authentication");
            return LoginTokenUtil.from(vaultResponse.getAuth());
        } catch (HttpStatusCodeException e) {
            throw new VaultException(String.format("Cannot login using AppRole: %s", VaultResponses.getError(e.getResponseBodyAsString())));
        }
    }

    private Map<String, String> getAppRoleLogin(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("role_id", str);
        if (str2 != null) {
            hashMap.put("secret_id", str2);
        }
        return hashMap;
    }
}
