package io.jenkins.plugins.credentials.secretsmanager;

import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.SecretListEntry;
import com.amazonaws.services.secretsmanager.model.Tag;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import io.jenkins.plugins.credentials.secretsmanager.aws.ListSecretsOperation;
import io.jenkins.plugins.credentials.secretsmanager.config.EndpointConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.Filters;
import io.jenkins.plugins.credentials.secretsmanager.config.PluginConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.util.Memoizer;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.model.GlobalConfiguration;

/* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/CredentialsSupplierFactory.class */
final class CredentialsSupplierFactory {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/CredentialsSupplierFactory$AwsCredentialsSupplier.class */
    public static class AwsCredentialsSupplier implements Supplier<Collection<IdCredentials>> {
        private static final Logger LOG = Logger.getLogger(AwsCredentialsSupplier.class.getName());
        private final AWSSecretsManager client;
        private final Supplier<List<SecretListEntry>> strategy;

        AwsCredentialsSupplier(AWSSecretsManager aWSSecretsManager, Supplier<List<SecretListEntry>> supplier) {
            this.client = aWSSecretsManager;
            this.strategy = supplier;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public Collection<IdCredentials> get() {
            LOG.log(Level.FINE, "Retrieve secrets from AWS Secrets Manager");
            List<SecretListEntry> list = this.strategy.get();
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            for (SecretListEntry secretListEntry : list) {
                String name = secretListEntry.getName();
                concurrentHashMap.put(name, new AwsStringCredentials(name, (String) Optional.ofNullable(secretListEntry.getDescription()).orElse(""), this.client));
            }
            return concurrentHashMap.values();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/CredentialsSupplierFactory$LazyAwsCredentialsSupplier.class */
    private static class LazyAwsCredentialsSupplier implements Supplier<Collection<IdCredentials>> {
        private static final Logger LOG = Logger.getLogger(LazyAwsCredentialsSupplier.class.getName());
        private final Supplier<PluginConfiguration> configurationSupplier;

        private LazyAwsCredentialsSupplier(Supplier<PluginConfiguration> supplier) {
            this.configurationSupplier = supplier;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public Collection<IdCredentials> get() {
            AWSSecretsManager aWSSecretsManager;
            PluginConfiguration pluginConfiguration = this.configurationSupplier.get();
            AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClient.builder();
            EndpointConfiguration endpointConfiguration = pluginConfiguration.getEndpointConfiguration();
            if (endpointConfiguration == null || endpointConfiguration.getServiceEndpoint() == null || endpointConfiguration.getSigningRegion() == null) {
                LOG.log(Level.CONFIG, "Default Endpoint Configuration");
                aWSSecretsManager = (AWSSecretsManager) builder.build();
            } else {
                LOG.log(Level.CONFIG, "Custom Endpoint Configuration: {0}", endpointConfiguration);
                aWSSecretsManager = (AWSSecretsManager) builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(endpointConfiguration.getServiceEndpoint(), endpointConfiguration.getSigningRegion())).build();
            }
            Supplier listSecretsOperation = new ListSecretsOperation(aWSSecretsManager);
            Filters filters = pluginConfiguration.getFilters();
            if (filters != null && filters.getTag() != null) {
                String key = filters.getTag().getKey();
                String value = filters.getTag().getValue();
                LOG.log(Level.CONFIG, "Custom tag filter: " + key + " = " + value);
                listSecretsOperation = new ListSecretsFilter(listSecretsOperation, new Tag().withKey(key).withValue(value));
            }
            return new AwsCredentialsSupplier(aWSSecretsManager, listSecretsOperation).get();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/CredentialsSupplierFactory$ListSecretsFilter.class */
    public static class ListSecretsFilter implements Supplier<List<SecretListEntry>> {
        private final Supplier<List<SecretListEntry>> delegate;
        private final Tag tag;

        ListSecretsFilter(Supplier<List<SecretListEntry>> supplier, Tag tag) {
            this.delegate = supplier;
            this.tag = tag;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public List<SecretListEntry> get() {
            return (List) this.delegate.get().stream().filter(secretListEntry -> {
                return ((List) Optional.ofNullable(secretListEntry.getTags()).orElse(Collections.emptyList())).contains(this.tag);
            }).collect(Collectors.toList());
        }
    }

    private CredentialsSupplierFactory() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Supplier<Collection<IdCredentials>> create() {
        return Memoizer.memoizeWithExpiration(new LazyAwsCredentialsSupplier(CredentialsSupplierFactory::getPluginConfiguration), Duration.ofMinutes(5L));
    }

    private static PluginConfiguration getPluginConfiguration() {
        return (PluginConfiguration) GlobalConfiguration.all().get(PluginConfiguration.class);
    }
}
