package io.jenkins.plugins.credentials.secretsmanager;

import com.amazonaws.SdkClientException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import hudson.Extension;
import io.jenkins.plugins.casc.SecretSource;
import io.jenkins.plugins.credentials.secretsmanager.config.EndpointConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.PluginConfiguration;
import java.io.IOException;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;

@Extension
/* loaded from: input_file:io/jenkins/plugins/credentials/secretsmanager/AwsSecretSource.class */
public class AwsSecretSource extends SecretSource {
    private static final Logger LOG = Logger.getLogger(AwsSecretSource.class.getName());

    public Optional<String> reveal(String str) throws IOException {
        try {
            try {
                return Optional.ofNullable(createClient().getSecretValue(new GetSecretValueRequest().withSecretId(str)).getSecretString());
            } catch (AWSSecretsManagerException e) {
                throw new IOException((Throwable) e);
            }
        } catch (SdkClientException e2) {
            throw new IOException((Throwable) e2);
        }
    }

    private AWSSecretsManager createClient() throws SdkClientException {
        EndpointConfiguration endpointConfiguration = PluginConfiguration.getInstance().getEndpointConfiguration();
        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClient.builder();
        if (endpointConfiguration == null || endpointConfiguration.getServiceEndpoint() == null || endpointConfiguration.getSigningRegion() == null) {
            LOG.log(Level.CONFIG, "Default Endpoint Configuration");
        } else {
            LOG.log(Level.CONFIG, "Custom Endpoint Configuration: {0}", endpointConfiguration);
            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(endpointConfiguration.getServiceEndpoint(), endpointConfiguration.getSigningRegion()));
        }
        return (AWSSecretsManager) builder.build();
    }
}
