package io.quarkus.vault.runtime.client;

import io.quarkus.runtime.TlsConfig;
import io.quarkus.vault.runtime.config.VaultAuthenticationType;
import io.quarkus.vault.runtime.config.VaultBootstrapConfig;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.ext.web.client.WebClientOptions;
import io.vertx.mutiny.core.Vertx;
import io.vertx.mutiny.ext.web.client.WebClient;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vault/runtime/client/MutinyVertxClientFactory.class */
public class MutinyVertxClientFactory {
    private static final Logger log = Logger.getLogger(MutinyVertxClientFactory.class.getName());

    public static WebClient createHttpClient(Vertx vertx, VaultBootstrapConfig vaultBootstrapConfig, TlsConfig tlsConfig) {
        WebClientOptions idleTimeout = new WebClientOptions().setConnectTimeout((int) vaultBootstrapConfig.connectTimeout.toMillis()).setIdleTimeout((int) vaultBootstrapConfig.readTimeout.getSeconds());
        if (vaultBootstrapConfig.tls.skipVerify.orElseGet(() -> {
            return Boolean.valueOf(tlsConfig.trustAll);
        }).booleanValue()) {
            skipVerify(idleTimeout);
        } else if (vaultBootstrapConfig.tls.caCert.isPresent()) {
            cacert(idleTimeout, vaultBootstrapConfig.tls.caCert.get());
        } else if (vaultBootstrapConfig.getAuthenticationType() == VaultAuthenticationType.KUBERNETES && vaultBootstrapConfig.tls.useKubernetesCaCert) {
            cacert(idleTimeout, VaultBootstrapConfig.KUBERNETES_CACERT);
        }
        return WebClient.create(vertx, idleTimeout);
    }

    private static void cacert(WebClientOptions webClientOptions, String str) {
        log.debug("configure tls with " + str);
        webClientOptions.setTrustOptions(new PemTrustOptions().addCertPath(str));
    }

    private static void skipVerify(WebClientOptions webClientOptions) {
        log.debug("configure tls with skip-verify");
        webClientOptions.setTrustAll(true);
        webClientOptions.setVerifyHost(false);
    }
}
