package io.jenkins.plugins.credentials.secretsmanager;

import com.amazonaws.SdkClientException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import hudson.Extension;
import io.jenkins.plugins.casc.SecretSource;
import java.io.IOException;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;

@Extension(optional = true)
/* loaded from: input_file:io/jenkins/plugins/credentials/secretsmanager/AwsSecretSource.class */
public class AwsSecretSource extends SecretSource {
    private static final Logger LOG = Logger.getLogger(AwsSecretSource.class.getName());
    private static final String AWS_SERVICE_ENDPOINT = "AWS_SERVICE_ENDPOINT";
    private static final String AWS_SIGNING_REGION = "AWS_SIGNING_REGION";
    private transient AWSSecretsManager client = null;

    public Optional<String> reveal(String str) throws IOException {
        try {
            GetSecretValueResult secretValue = this.client.getSecretValue(new GetSecretValueRequest().withSecretId(str));
            if (secretValue.getSecretBinary() != null) {
                throw new IOException(String.format("The binary secret '%s' is not supported. Please change its value to a string, or alternatively delete it.", secretValue.getName()));
            }
            return Optional.ofNullable(secretValue.getSecretString());
        } catch (AWSSecretsManagerException e) {
            throw new IOException((Throwable) e);
        } catch (ResourceNotFoundException e2) {
            LOG.info(e2.getMessage());
            return Optional.empty();
        }
    }

    public void init() {
        try {
            this.client = createClient();
        } catch (SdkClientException e) {
            LOG.log(Level.WARNING, "Could not set up AWS Secrets Manager client. Reason: {0}", e.getMessage());
        }
    }

    private static AWSSecretsManager createClient() throws SdkClientException {
        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClient.builder();
        Optional<String> serviceEndpoint = getServiceEndpoint();
        Optional<String> signingRegion = getSigningRegion();
        if (serviceEndpoint.isPresent() && signingRegion.isPresent()) {
            LOG.log(Level.CONFIG, "Custom Endpoint Configuration");
            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(serviceEndpoint.get(), signingRegion.get()));
        } else {
            LOG.log(Level.CONFIG, "Default Endpoint Configuration");
        }
        return (AWSSecretsManager) builder.build();
    }

    private static Optional<String> getServiceEndpoint() {
        return Optional.ofNullable(System.getenv(AWS_SERVICE_ENDPOINT));
    }

    private static Optional<String> getSigningRegion() {
        return Optional.ofNullable(System.getenv(AWS_SIGNING_REGION));
    }
}
