package io.quarkus.vault.runtime;

import io.quarkus.credentials.CredentialsProvider;
import io.quarkus.vault.VaultException;
import io.quarkus.vault.VaultKVSecretEngine;
import io.quarkus.vault.runtime.config.CredentialsProviderConfig;
import io.quarkus.vault.runtime.config.VaultBootstrapConfig;
import java.util.HashMap;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;

@ApplicationScoped
@Named("vault-credentials-provider")
/* loaded from: input_file:io/quarkus/vault/runtime/VaultCredentialsProvider.class */
public class VaultCredentialsProvider implements CredentialsProvider {

    @Inject
    private VaultKVSecretEngine vaultKVSecretEngine;

    @Inject
    private VaultDbManager vaultDbManager;

    @Inject
    private VaultConfigHolder vaultConfigHolder;

    public Map<String, String> getCredentials(String str) {
        CredentialsProviderConfig credentialsProviderConfig = getConfig().credentialsProvider.get(str);
        if (credentialsProviderConfig == null) {
            throw new VaultException("unknown credentials provider with name " + str);
        }
        if (credentialsProviderConfig.databaseCredentialsRole.isPresent()) {
            return this.vaultDbManager.getDynamicDbCredentials(credentialsProviderConfig.databaseCredentialsRole.get());
        }
        if (!credentialsProviderConfig.kvPath.isPresent()) {
            throw new VaultException("one of database-credentials-role or kv-path is required on credentials provider " + str);
        }
        String str2 = this.vaultKVSecretEngine.readSecret(credentialsProviderConfig.kvPath.get()).get(credentialsProviderConfig.kvKey);
        HashMap hashMap = new HashMap();
        hashMap.put(VaultAuthManager.USERPASS_WRAPPING_TOKEN_PASSWORD_KEY, str2);
        return hashMap;
    }

    private VaultBootstrapConfig getConfig() {
        return this.vaultConfigHolder.getVaultBootstrapConfig();
    }
}
