package io.jenkins.plugins.credentials.secretsmanager.factory;

import com.amazonaws.AmazonClientException;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.SecretBytes;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.util.Secret;
import io.jenkins.plugins.credentials.secretsmanager.Messages;
import io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue;
import io.jenkins.plugins.credentials.secretsmanager.factory.certificate.AwsCertificateCredentials;
import io.jenkins.plugins.credentials.secretsmanager.factory.file.AwsFileCredentials;
import io.jenkins.plugins.credentials.secretsmanager.factory.ssh_user_private_key.AwsSshUserPrivateKey;
import io.jenkins.plugins.credentials.secretsmanager.factory.string.AwsStringCredentials;
import io.jenkins.plugins.credentials.secretsmanager.factory.username_password.AwsUsernamePasswordCredentials;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory.class */
public abstract class CredentialsFactory {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory$RealSecretsManager.class */
    public static class RealSecretsManager {
        private static final Logger LOG = Logger.getLogger(RealSecretsManager.class.getName());
        private final String id;
        private final transient AWSSecretsManager client;

        RealSecretsManager(AWSSecretsManager aWSSecretsManager, String str) {
            this.client = aWSSecretsManager;
            this.id = str;
        }

        @NonNull
        SecretValue getSecretValue() {
            try {
                GetSecretValueResult secretValue = this.client.getSecretValue(new GetSecretValueRequest().withSecretId(this.id));
                if (secretValue.getSecretBinary() != null) {
                    return SecretValue.binary(secretValue.getSecretBinary().array());
                }
                if (secretValue.getSecretString() != null) {
                    return SecretValue.string(secretValue.getSecretString());
                }
                throw new IllegalStateException(Messages.emptySecretError(this.id));
            } catch (AmazonClientException e) {
                LOG.warning("AWS Secrets Manager retrieval error");
                LOG.warning(e.getMessage());
                throw new CredentialsUnavailableException("secret", Messages.couldNotRetrieveCredentialError(this.id));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory$SecretBytesSupplier.class */
    public static class SecretBytesSupplier extends RealSecretsManager implements Supplier<SecretBytes> {
        private SecretBytesSupplier(AWSSecretsManager aWSSecretsManager, String str) {
            super(aWSSecretsManager, str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public SecretBytes get() {
            return (SecretBytes) getSecretValue().match(new SecretValue.Matcher<SecretBytes>() { // from class: io.jenkins.plugins.credentials.secretsmanager.factory.CredentialsFactory.SecretBytesSupplier.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public SecretBytes string(String str) {
                    return null;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public SecretBytes binary(byte[] bArr) {
                    return SecretBytes.fromBytes(bArr);
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory$SecretSupplier.class */
    public static class SecretSupplier extends RealSecretsManager implements Supplier<Secret> {
        private SecretSupplier(AWSSecretsManager aWSSecretsManager, String str) {
            super(aWSSecretsManager, str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public Secret get() {
            return (Secret) getSecretValue().match(new SecretValue.Matcher<Secret>() { // from class: io.jenkins.plugins.credentials.secretsmanager.factory.CredentialsFactory.SecretSupplier.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public Secret string(String str) {
                    return Secret.fromString(str);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public Secret binary(byte[] bArr) {
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory$StringSupplier.class */
    public static class StringSupplier extends RealSecretsManager implements Supplier<String> {
        private StringSupplier(AWSSecretsManager aWSSecretsManager, String str) {
            super(aWSSecretsManager, str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public String get() {
            return (String) getSecretValue().match(new SecretValue.Matcher<String>() { // from class: io.jenkins.plugins.credentials.secretsmanager.factory.CredentialsFactory.StringSupplier.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public String string(String str) {
                    return str;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jenkins.plugins.credentials.secretsmanager.factory.SecretValue.Matcher
                public String binary(byte[] bArr) {
                    return null;
                }
            });
        }
    }

    private CredentialsFactory() {
    }

    public static Optional<StandardCredentials> create(String str, String str2, String str3, Map<String, String> map, AWSSecretsManager aWSSecretsManager) {
        String orDefault = map.getOrDefault(Tags.type, "");
        String orDefault2 = map.getOrDefault(Tags.username, "");
        String orDefault3 = map.getOrDefault(Tags.filename, str2);
        Boolean valueOf = Boolean.valueOf(!map.getOrDefault(Tags.maskUsername, "").equalsIgnoreCase("false"));
        boolean z = -1;
        switch (orDefault.hashCode()) {
            case -1822060497:
                if (orDefault.equals(Type.sshUserPrivateKey)) {
                    z = 2;
                    break;
                }
                break;
            case -891985903:
                if (orDefault.equals(Type.string)) {
                    z = false;
                    break;
                }
                break;
            case 3143036:
                if (orDefault.equals(Type.file)) {
                    z = 4;
                    break;
                }
                break;
            case 1337618833:
                if (orDefault.equals(Type.usernamePassword)) {
                    z = true;
                    break;
                }
                break;
            case 1952399767:
                if (orDefault.equals(Type.certificate)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Optional.of(new AwsStringCredentials(str2, str3, new SecretSupplier(aWSSecretsManager, str)));
            case true:
                return Optional.of(new AwsUsernamePasswordCredentials(str2, str3, new SecretSupplier(aWSSecretsManager, str), orDefault2, valueOf));
            case true:
                return Optional.of(new AwsSshUserPrivateKey(str2, str3, new StringSupplier(aWSSecretsManager, str), orDefault2, valueOf));
            case true:
                return Optional.of(new AwsCertificateCredentials(str2, str3, new SecretBytesSupplier(aWSSecretsManager, str)));
            case true:
                return Optional.of(new AwsFileCredentials(str2, str3, orDefault3, new SecretBytesSupplier(aWSSecretsManager, str)));
            default:
                return Optional.empty();
        }
    }
}
