package org.apache.camel.component.azure.key.vault;

import com.azure.core.amqp.AmqpTransportType;
import com.azure.messaging.eventhubs.EventProcessorClient;
import com.azure.messaging.eventhubs.EventProcessorClientBuilder;
import com.azure.messaging.eventhubs.checkpointstore.blob.BlobCheckpointStore;
import com.azure.messaging.eventhubs.models.ErrorContext;
import com.azure.messaging.eventhubs.models.EventContext;
import com.azure.storage.blob.BlobContainerClientBuilder;
import com.azure.storage.common.StorageSharedKeyCredential;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import org.apache.camel.CamelContext;
import org.apache.camel.CamelContextAware;
import org.apache.camel.RuntimeCamelException;
import org.apache.camel.spi.ContextReloadStrategy;
import org.apache.camel.spi.PropertiesFunction;
import org.apache.camel.spi.annotations.PeriodicTask;
import org.apache.camel.support.PatternHelper;
import org.apache.camel.support.service.ServiceSupport;
import org.apache.camel.util.ObjectHelper;
import org.apache.camel.vault.AzureVaultConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PeriodicTask("azure-secret-refresh")
/* loaded from: input_file:org/apache/camel/component/azure/key/vault/EventhubsReloadTriggerTask.class */
public class EventhubsReloadTriggerTask extends ServiceSupport implements CamelContextAware, Runnable {
    private static final Logger LOG = LoggerFactory.getLogger(EventhubsReloadTriggerTask.class);
    private static final String BLOB_SERVICE_URI_SEGMENT = ".blob.core.windows.net";
    private static final String SECRET_VERSION_ADD = "Microsoft.KeyVault.SecretNewVersionCreated";
    private CamelContext camelContext;
    private String secrets;
    private EventProcessorClient eventProcessorClient;
    private KeyVaultPropertiesFunction propertiesFunction;
    private volatile Instant lastCheckTime;
    private volatile Instant lastReloadTime;
    private boolean reloadEnabled = true;
    private final Map<String, Instant> updates = new HashMap();

    public CamelContext getCamelContext() {
        return this.camelContext;
    }

    public void setCamelContext(CamelContext camelContext) {
        this.camelContext = camelContext;
    }

    public boolean isReloadEnabled() {
        return this.reloadEnabled;
    }

    public void setReloadEnabled(boolean z) {
        this.reloadEnabled = z;
    }

    public Map<String, Instant> getUpdates() {
        return Collections.unmodifiableMap(this.updates);
    }

    public Instant getLastCheckTime() {
        return this.lastCheckTime;
    }

    public Instant getLastReloadTime() {
        return this.lastReloadTime;
    }

    protected void doStart() throws Exception {
        super.doStart();
        PropertiesFunction propertiesFunction = this.camelContext.getPropertiesComponent().getPropertiesFunction("azure");
        if (propertiesFunction instanceof KeyVaultPropertiesFunction) {
            this.propertiesFunction = (KeyVaultPropertiesFunction) propertiesFunction;
            LOG.debug("Auto-detecting secrets from properties-function: {}", propertiesFunction.getName());
        }
        this.secrets = this.camelContext.getVaultConfiguration().azure().getSecrets();
        if (ObjectHelper.isEmpty(this.secrets) && this.propertiesFunction == null) {
            throw new IllegalArgumentException("Secrets must be configured on Azure Key vault configuration");
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        AzureVaultConfiguration azure = getCamelContext().getVaultConfiguration().azure();
        if (ObjectHelper.isNotEmpty(azure)) {
            str = azure.getEventhubConnectionString();
            str2 = azure.getBlobAccessKey();
            str3 = azure.getBlobAccountName();
            str4 = azure.getBlobContainerName();
        }
        if (!ObjectHelper.isNotEmpty(str) || !ObjectHelper.isNotEmpty(str2) || !ObjectHelper.isNotEmpty(str3) || !ObjectHelper.isNotEmpty(str4)) {
            throw new RuntimeCamelException("Using the Azure Key Vault Secret refresh task requires setting Eventhub connection String, Blob Account Name, Blob Access Key and Blob Container Name  as application properties ");
        }
        this.eventProcessorClient = new EventProcessorClientBuilder().checkpointStore(new BlobCheckpointStore(new BlobContainerClientBuilder().endpoint(String.format(Locale.ROOT, "https://%s.blob.core.windows.net", str3)).containerName(str4).credential(new StorageSharedKeyCredential(str3, str2)).buildAsyncClient())).consumerGroup("$Default").connectionString(str).processEvent(this::onEventListener).processError(this::onErrorListener).transportType(AmqpTransportType.AMQP).buildEventProcessorClient();
        this.eventProcessorClient.start();
    }

    protected void doShutdown() throws Exception {
        super.doShutdown();
        if (this.eventProcessorClient != null) {
            try {
                this.eventProcessorClient.stop();
            } catch (Exception e) {
            }
            this.eventProcessorClient = null;
        }
        this.updates.clear();
    }

    @Override // java.lang.Runnable
    public void run() {
        this.lastCheckTime = Instant.now();
    }

    protected boolean matchSecret(String str) {
        HashSet<String> hashSet = new HashSet();
        if (this.secrets != null) {
            Collections.addAll(hashSet, this.secrets.split(","));
        }
        if (this.propertiesFunction != null) {
            hashSet.addAll(this.propertiesFunction.getSecrets());
        }
        for (String str2 : hashSet) {
            boolean z = str.contains(str2) || PatternHelper.matchPattern(str, str2);
            LOG.trace("Matching secret id: {}={} -> {}", new Object[]{str, str2, Boolean.valueOf(z)});
            if (z) {
                return true;
            }
        }
        return false;
    }

    public String toString() {
        return "Azure Secrets Refresh Task";
    }

    protected void onEventListener(EventContext eventContext) {
        ContextReloadStrategy contextReloadStrategy;
        boolean z = false;
        JsonNode retrieveEventData = retrieveEventData(eventContext, new ObjectMapper());
        for (int i = 0; i < retrieveEventData.size(); i++) {
            String textValue = retrieveEventData.get(i).get("subject").textValue();
            String textValue2 = retrieveEventData.get(i).get("eventType").textValue();
            if (ObjectHelper.isNotEmpty(textValue) && ObjectHelper.isNotEmpty(textValue2) && textValue2.equalsIgnoreCase(SECRET_VERSION_ADD) && matchSecret(textValue)) {
                if (ObjectHelper.isNotEmpty(eventContext.getEventData().getEnqueuedTime())) {
                    this.updates.put(textValue, eventContext.getEventData().getEnqueuedTime());
                }
                if (isReloadEnabled()) {
                    LOG.info("Update for Azure secret: {} detected, triggering CamelContext reload", textValue);
                    z = true;
                }
            }
        }
        if (!z || (contextReloadStrategy = (ContextReloadStrategy) this.camelContext.hasService(ContextReloadStrategy.class)) == null) {
            return;
        }
        this.lastReloadTime = Instant.now();
        contextReloadStrategy.onReload(this);
    }

    private static JsonNode retrieveEventData(EventContext eventContext, ObjectMapper objectMapper) {
        try {
            return objectMapper.readTree(eventContext.getEventData().getBodyAsString());
        } catch (JsonProcessingException e) {
            LOG.warn("Unable to process event data body: {}", e.getMessage(), e);
            throw new RuntimeCamelException(e);
        }
    }

    public void onErrorListener(ErrorContext errorContext) {
    }
}
