package com.atlassian.pipelines.runner.core.client;

import com.atlassian.pipelines.runner.api.client.SecretProviderClient;
import com.atlassian.pipelines.runner.api.error.ErrorKeys;
import com.atlassian.pipelines.runner.core.exception.SecretProviderException;
import com.atlassian.pipelines.runner.core.exception.SecretProviderForbiddenException;
import io.reactivex.Single;
import java.net.URI;
import java.util.Map;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import reactor.adapter.rxjava.RxJava2Adapter;

/* loaded from: input_file:com/atlassian/pipelines/runner/core/client/SecretProviderClientImpl.class */
public class SecretProviderClientImpl implements SecretProviderClient {
    private final WebClient webClient;
    private final URI secretProviderUri;

    public SecretProviderClientImpl(WebClient webClient, URI uri) {
        this.webClient = webClient;
        this.secretProviderUri = uri;
    }

    @Override // com.atlassian.pipelines.runner.api.client.SecretProviderClient
    public Single<Map<String, String>> getSecrets(String str) {
        return RxJava2Adapter.monoToSingle(((WebClient.RequestBodySpec) this.webClient.post().uri(this.secretProviderUri)).headers(httpHeaders -> {
            httpHeaders.setBearerAuth(str);
        }).retrieve().bodyToMono(new ParameterizedTypeReference<Map<String, String>>() { // from class: com.atlassian.pipelines.runner.core.client.SecretProviderClientImpl.1
        }).onErrorMap(this::mapGetSecretsException));
    }

    private Exception mapGetSecretsException(Throwable th) {
        String str;
        if (th instanceof WebClientResponseException.Unauthorized) {
            return new SecretProviderException(ErrorKeys.ErrorKey.SECRET_PROVIDER_UNAUTHORIZED, "Secret Provider refused to provide secrets due to missing or invalid OIDC token", th);
        }
        if (th instanceof WebClientResponseException.Forbidden) {
            return new SecretProviderForbiddenException("Secret Provider refused to provide secrets for this step", th);
        }
        str = "Failed to get secrets from Secret Provider";
        return new SecretProviderException(ErrorKeys.ErrorKey.SECRET_PROVIDER_ERROR, th instanceof WebClientResponseException ? str + String.format(", response status code %s", Integer.valueOf(((WebClientResponseException) th).getRawStatusCode())) : "Failed to get secrets from Secret Provider", th);
    }
}
