package com.mulesoft.provider.aws.secrets.manager.configuration.properties.api;

import com.mulesoft.provider.aws.secrets.manager.configuration.properties.internal.exception.AwsAssumeRoleException;
import com.mulesoft.provider.aws.secrets.manager.configuration.properties.internal.provider.AWSSecretsManagerConfigurationPropertiesProvider;
import java.time.Instant;
import java.util.List;
import java.util.Objects;
import java.util.ResourceBundle;
import org.apache.commons.lang3.StringUtils;
import org.mule.runtime.api.component.ComponentIdentifier;
import org.mule.runtime.config.api.dsl.model.ConfigurationParameters;
import org.mule.runtime.config.api.dsl.model.ResourceProvider;
import org.mule.runtime.config.api.dsl.model.properties.ConfigurationPropertiesProvider;
import org.mule.runtime.config.api.dsl.model.properties.ConfigurationPropertiesProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Credentials;
import software.amazon.awssdk.services.sts.model.StsException;

/* loaded from: input_file:com/mulesoft/provider/aws/secrets/manager/configuration/properties/api/AWSSecretsManagerConfigurationPropertiesProviderFactory.class */
public class AWSSecretsManagerConfigurationPropertiesProviderFactory implements ConfigurationPropertiesProviderFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(AWSSecretsManagerConfigurationPropertiesProviderFactory.class);
    private final ResourceBundle logProvider = ResourceBundle.getBundle("messages");
    private final ComponentIdentifier PropertiesProviderIdentifier = ComponentIdentifier.builder().namespace(AWSSecretsManagerConfigurationPropertiesConstants.EXTENSION_NAMESPACE).name(AWSSecretsManagerConfigurationPropertiesConstants.CONFIG_ELEMENT).build();

    public ComponentIdentifier getSupportedComponentIdentifier() {
        return this.PropertiesProviderIdentifier;
    }

    public ConfigurationPropertiesProvider createProvider(ConfigurationParameters configurationParameters, ResourceProvider resourceProvider) {
        ConfigurationParameters configurationParameters2 = (ConfigurationParameters) configurationParameters.getComplexConfigurationParameter(ComponentIdentifier.builder().namespace(AWSSecretsManagerConfigurationPropertiesConstants.EXTENSION_NAMESPACE).name(AWSSecretsManagerConfigurationPropertiesConstants.AWS_BASIC_CONNECTION_PARAMETER_GROUP_NAME).build()).get(0);
        List complexConfigurationParameter = configurationParameters.getComplexConfigurationParameter(ComponentIdentifier.builder().namespace(AWSSecretsManagerConfigurationPropertiesConstants.EXTENSION_NAMESPACE).name(AWSSecretsManagerConfigurationPropertiesConstants.AWS_ROLE_CONNECTION_PARAMETER_GROUP_NAME).build());
        ConfigurationParameters configurationParameters3 = complexConfigurationParameter.isEmpty() ? null : (ConfigurationParameters) complexConfigurationParameter.get(0);
        String lowerCase = configurationParameters2.getStringParameter(AWSSecretsManagerConfigurationPropertiesConstants.AWS_REGION).toLowerCase();
        String stringParameter = configurationParameters2.getStringParameter(AWSSecretsManagerConfigurationPropertiesConstants.AWS_ACCESS_KEY);
        String stringParameter2 = configurationParameters2.getStringParameter(AWSSecretsManagerConfigurationPropertiesConstants.AWS_SECRET_KEY);
        String str = null;
        if (Objects.nonNull(configurationParameters3)) {
            str = configurationParameters3.getStringParameter(AWSSecretsManagerConfigurationPropertiesConstants.AWS_ROLE_ARN);
        }
        if (StringUtils.isBlank(stringParameter) || StringUtils.isBlank(stringParameter2)) {
            LOGGER.info(this.logProvider.getString("info.default.chain.credentials"));
        } else {
            LOGGER.info(this.logProvider.getString("info.basic.credentials"));
            LOGGER.warn(this.logProvider.getString("warn.basic.credential"));
        }
        return new AWSSecretsManagerConfigurationPropertiesProvider(createAWSSecretsManager(lowerCase, stringParameter, stringParameter2, str));
    }

    private SecretsManagerClient createAWSSecretsManager(String str, String str2, String str3, String str4) {
        return (SecretsManagerClient) SecretsManagerClient.builder().region(Region.of(str)).credentialsProvider(getAWSCredentialsProvider(str, str2, str3, str4)).build();
    }

    private AwsCredentialsProvider getAWSCredentialsProvider(String str, String str2, String str3, String str4) {
        StaticCredentialsProvider create;
        if (StringUtils.isBlank(str2) || StringUtils.isBlank(str3)) {
            LOGGER.debug(this.logProvider.getString("debug.creating.default.credentials"));
            create = DefaultCredentialsProvider.create();
        } else {
            LOGGER.debug(this.logProvider.getString("debug.creating.basic.credentials"));
            create = StaticCredentialsProvider.create(AwsBasicCredentials.create(str2, str3));
        }
        return StringUtils.isNotEmpty(str4) ? getAssumeRoleCredentials(str4, str, create) : create;
    }

    private AwsCredentialsProvider getAssumeRoleCredentials(String str, String str2, AwsCredentialsProvider awsCredentialsProvider) {
        LOGGER.info(this.logProvider.getString("info.role.arn.provided"), str);
        try {
            Credentials credentials = ((StsClient) StsClient.builder().credentialsProvider(awsCredentialsProvider).region(Region.of(str2)).build()).assumeRole((AssumeRoleRequest) AssumeRoleRequest.builder().roleArn(str).roleSessionName("WithRoleARN").build()).credentials();
            Instant expiration = credentials.expiration();
            String sessionToken = credentials.sessionToken();
            String accessKeyId = credentials.accessKeyId();
            String secretAccessKey = credentials.secretAccessKey();
            LOGGER.info(this.logProvider.getString("info.role.arn.being.created"), expiration.toString());
            AwsSessionCredentials create = AwsSessionCredentials.create(accessKeyId, secretAccessKey, sessionToken);
            LOGGER.info(this.logProvider.getString("info.role.arn.created"), str);
            return StaticCredentialsProvider.create(create);
        } catch (StsException e) {
            throw new AwsAssumeRoleException(e.getMessage(), e);
        }
    }
}
