package io.jenkins.plugins.credentials.secretsmanager.supplier;

import com.amazonaws.SdkBaseException;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.SecretListEntry;
import com.amazonaws.services.secretsmanager.model.Tag;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import io.jenkins.plugins.credentials.secretsmanager.AssumeRoleDefaults;
import io.jenkins.plugins.credentials.secretsmanager.config.EndpointConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.Filters;
import io.jenkins.plugins.credentials.secretsmanager.config.PluginConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.Roles;
import io.jenkins.plugins.credentials.secretsmanager.factory.CredentialsFactory;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletionException;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;

/* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/supplier/CredentialsSupplier.class */
public class CredentialsSupplier implements Supplier<Collection<StandardCredentials>> {
    private static final Logger LOG = Logger.getLogger(CredentialsSupplier.class.getName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/supplier/CredentialsSupplier$SingleAccountCredentialsSupplier.class */
    public static class SingleAccountCredentialsSupplier implements Supplier<Collection<StandardCredentials>> {
        private final AWSSecretsManager client;
        private final Function<SecretListEntry, String> nameSelector;
        private final Predicate<SecretListEntry> secretFilter;

        SingleAccountCredentialsSupplier(AWSSecretsManager aWSSecretsManager, Function<SecretListEntry, String> function, Predicate<SecretListEntry> predicate) {
            this.client = aWSSecretsManager;
            this.nameSelector = function;
            this.secretFilter = predicate;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public Collection<StandardCredentials> get() {
            return (Collection) new ListSecretsOperation(this.client).get().stream().filter(this.secretFilter).flatMap(secretListEntry -> {
                return Optionals.stream(CredentialsFactory.create(this.nameSelector.apply(secretListEntry), (String) Optional.ofNullable(secretListEntry.getDescription()).orElse(""), Lists.toMap(secretListEntry.getTags(), (v0) -> {
                    return v0.getKey();
                }, (v0) -> {
                    return v0.getValue();
                }), this.client));
            }).collect(Collectors.toList());
        }
    }

    private CredentialsSupplier() {
    }

    public static Supplier<Collection<StandardCredentials>> standard() {
        return new CredentialsSupplier();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.function.Supplier
    public Collection<StandardCredentials> get() {
        LOG.log(Level.FINE, "Retrieve secrets from AWS Secrets Manager");
        PluginConfiguration pluginConfiguration = PluginConfiguration.getInstance();
        AwsClientBuilder.EndpointConfiguration newEndpointConfiguration = newEndpointConfiguration(pluginConfiguration.getEndpointConfiguration());
        Predicate<SecretListEntry> newSecretFilter = newSecretFilter(pluginConfiguration.getFilters());
        try {
            return ((Map) new ParallelSupplier(Lists.concat(new SingleAccountCredentialsSupplier(newClient(newEndpointConfiguration), (v0) -> {
                return v0.getName();
            }, newSecretFilter), (Collection) newRoleArns((Roles) Optional.ofNullable(pluginConfiguration.getBeta()).map(beta -> {
                return beta.getRoles();
            }).orElse(null)).stream().map(str -> {
                return new SingleAccountCredentialsSupplier(newClient(str, newEndpointConfiguration), (v0) -> {
                    return v0.getARN();
                }, newSecretFilter);
            }).collect(Collectors.toList()))).get().stream().flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toMap((v0) -> {
                return v0.getId();
            }, Function.identity()))).values();
        } catch (IllegalStateException | CompletionException e) {
            throw new SdkBaseException(e.getCause());
        }
    }

    private static Predicate<SecretListEntry> newSecretFilter(Filters filters) {
        if (filters == null || filters.getTag() == null) {
            return secretListEntry -> {
                return true;
            };
        }
        Tag withValue = new Tag().withKey(filters.getTag().getKey()).withValue(filters.getTag().getValue());
        return secretListEntry2 -> {
            return ((List) Optional.ofNullable(secretListEntry2.getTags()).orElse(Collections.emptyList())).contains(withValue);
        };
    }

    private static AWSSecretsManager newClient(AwsClientBuilder.EndpointConfiguration endpointConfiguration) {
        return (AWSSecretsManager) AWSSecretsManagerClientBuilder.standard().withEndpointConfiguration(endpointConfiguration).build();
    }

    private static AWSSecretsManager newClient(String str, AwsClientBuilder.EndpointConfiguration endpointConfiguration) {
        return (AWSSecretsManager) AWSSecretsManagerClientBuilder.standard().withEndpointConfiguration(endpointConfiguration).withCredentials(new STSAssumeRoleSessionCredentialsProvider.Builder(str, AssumeRoleDefaults.SESSION_NAME).withRoleSessionDurationSeconds(AssumeRoleDefaults.SESSION_DURATION_SECONDS).build()).build();
    }

    private static List<String> newRoleArns(Roles roles) {
        return (roles == null || roles.getArns() == null) ? Collections.emptyList() : (List) roles.getArns().stream().map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toList());
    }

    private static AwsClientBuilder.EndpointConfiguration newEndpointConfiguration(EndpointConfiguration endpointConfiguration) {
        if (endpointConfiguration == null || endpointConfiguration.getServiceEndpoint() == null || endpointConfiguration.getSigningRegion() == null) {
            return null;
        }
        return new AwsClientBuilder.EndpointConfiguration(endpointConfiguration.getServiceEndpoint(), endpointConfiguration.getSigningRegion());
    }
}
