package io.jenkins.plugins.credentials.secretsmanager;

import com.amazonaws.SdkClientException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import hudson.Extension;
import io.jenkins.plugins.casc.SecretSource;
import io.jenkins.plugins.credentials.secretsmanager.config.EndpointConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.PluginConfiguration;
import java.io.IOException;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;

@Extension(optional = true)
/* loaded from: input_file:io/jenkins/plugins/credentials/secretsmanager/AwsSecretSource.class */
public class AwsSecretSource extends SecretSource {
    private static final Logger LOG = Logger.getLogger(AwsSecretSource.class.getName());
    private static final String AWS_SERVICE_ENDPOINT = "AWS_SERVICE_ENDPOINT";
    private static final String AWS_SIGNING_REGION = "AWS_SIGNING_REGION";
    private static final String AWS_SECRETS_MANAGER_PREFIX = "AWS_SECRETS_MANAGER_PREFIX";
    private transient AWSSecretsManager client = null;
    private transient String prefix = null;

    public Optional<String> reveal(String str) throws IOException {
        try {
            GetSecretValueResult secretValue = this.client.getSecretValue(new GetSecretValueRequest().withSecretId(this.prefix != null ? this.prefix + str : str));
            if (secretValue.getSecretBinary() != null) {
                throw new IOException(String.format("The binary secret '%s' is not supported. Please change its value to a string, or alternatively delete it.", secretValue.getName()));
            }
            return Optional.ofNullable(secretValue.getSecretString());
        } catch (ResourceNotFoundException e) {
            LOG.info(e.getMessage());
            return Optional.empty();
        } catch (AWSSecretsManagerException e2) {
            throw new IOException((Throwable) e2);
        }
    }

    public void init() {
        try {
            PluginConfiguration pluginConfiguration = PluginConfiguration.getInstance();
            this.client = createClient(pluginConfiguration);
            this.prefix = getPrefix(pluginConfiguration).orElse(null);
        } catch (SdkClientException e) {
            LOG.log(Level.WARNING, "Could not set up AWS Secrets Manager client. Reason: {0}", e.getMessage());
        }
    }

    private static AWSSecretsManager createClient(PluginConfiguration pluginConfiguration) throws SdkClientException {
        EndpointConfiguration endpointConfiguration = pluginConfiguration.getEndpointConfiguration();
        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClient.builder();
        Optional<String> serviceEndpoint = getServiceEndpoint(endpointConfiguration);
        Optional<String> signingRegion = getSigningRegion(endpointConfiguration);
        if (serviceEndpoint.isPresent() && signingRegion.isPresent()) {
            LOG.log(Level.CONFIG, "Custom Endpoint Configuration: {0}", endpointConfiguration);
            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(serviceEndpoint.get(), signingRegion.get()));
        } else {
            LOG.log(Level.CONFIG, "Default Endpoint Configuration");
        }
        return (AWSSecretsManager) builder.build();
    }

    private static Optional<String> getServiceEndpoint(EndpointConfiguration endpointConfiguration) {
        return (endpointConfiguration == null || endpointConfiguration.getServiceEndpoint() == null) ? Optional.ofNullable(System.getenv(AWS_SERVICE_ENDPOINT)) : Optional.of(endpointConfiguration.getServiceEndpoint());
    }

    private static Optional<String> getSigningRegion(EndpointConfiguration endpointConfiguration) {
        return (endpointConfiguration == null || endpointConfiguration.getSigningRegion() == null) ? Optional.ofNullable(System.getenv(AWS_SIGNING_REGION)) : Optional.of(endpointConfiguration.getSigningRegion());
    }

    private static Optional<String> getPrefix(PluginConfiguration pluginConfiguration) {
        return pluginConfiguration.getPrefix() != null ? Optional.of(pluginConfiguration.getPrefix()) : Optional.ofNullable(System.getenv(AWS_SECRETS_MANAGER_PREFIX));
    }
}
