package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SealedSecretFormat;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.service.aes.AESConfig;
import com.atlassian.secrets.service.aes.AESInPlaceEncryptionService;
import com.atlassian.secrets.service.aes.AESSecretService;
import com.atlassian.secrets.service.aws.AWSSecretService;
import com.atlassian.secrets.service.aws.AWSSecretServiceConfig;
import com.atlassian.secrets.service.config.BackendConfig;
import com.atlassian.secrets.service.config.SecretServiceConfig;
import com.atlassian.secrets.service.vault.VaultSecretService;
import com.atlassian.secrets.vault.auth.VaultConfig;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/secrets/service/SecretServiceFactory.class */
public class SecretServiceFactory {
    private static final Logger log = LoggerFactory.getLogger(SecretServiceFactory.class);

    private SecretServiceFactory() {
    }

    public static SecretService getSecretService(SecretServiceParams secretServiceParams) throws SecretServiceException {
        Path secretsConfigFile = secretServiceParams.getSecretsConfigFile();
        if (!Files.exists(secretsConfigFile, new LinkOption[0])) {
            SecretConfigManager.generateDefaultConfigFile(secretServiceParams);
        }
        SecretServiceConfig readConfigFile = SecretConfigManager.readConfigFile(secretsConfigFile);
        try {
            Map<String, SecretService> parseBackends = parseBackends(readConfigFile.getBackends(), secretServiceParams);
            String defaultBackend = readConfigFile.getDefaultBackend();
            Map<String, SecretService> buildAndValidateSecretMappings = buildAndValidateSecretMappings(readConfigFile.getSecretMappings(), parseBackends);
            SecretService secretService = parseBackends.get(defaultBackend);
            if (secretService == null) {
                throw new IllegalArgumentException(String.format("Default service must be a valid backend. Make sure %s is appropriately defined.", secretsConfigFile.getFileName()));
            }
            return new DefaultSecretService(secretService, buildAndValidateSecretMappings);
        } catch (Exception e) {
            throw new SecretServiceException(String.format("Backend properties in secret service configuration file is invalid, review the %s file.", secretsConfigFile.getFileName()));
        }
    }

    private static Map<String, SecretService> buildAndValidateSecretMappings(Map<String, String> map, Map<String, SecretService> map2) {
        if (map == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!map2.containsKey(entry.getValue())) {
                throw new SecretServiceException(String.format("Secret Service backend %s does not exist", entry.getValue()));
            }
            hashMap.put(entry.getKey(), map2.get(entry.getValue()));
        }
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, SecretService> parseBackends(Map<String, BackendConfig> map, SecretServiceParams secretServiceParams) throws SecretServiceException {
        return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return getSecretService((BackendConfig) entry.getValue(), secretServiceParams);
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretService getSecretService(BackendConfig backendConfig, SecretServiceParams secretServiceParams) throws SecretServiceException {
        SecretServiceType type = backendConfig.getType();
        Map<String, Object> properties = backendConfig.getProperties();
        SealedSecretFormat.setFormat(new CBORFormat());
        switch (type) {
            case AES_IN_PLACE:
                return new AESInPlaceEncryptionService((AESConfig) SecretConfigManager.mapToServiceConfig(properties, AESConfig.class));
            case AES:
                return new AESSecretService((AESConfig) SecretConfigManager.mapToServiceConfig(properties, AESConfig.class), secretServiceParams.getSecretDaoSupplier());
            case VAULT:
                return new VaultSecretService((VaultConfig) SecretConfigManager.mapToServiceConfig(properties, VaultConfig.class));
            case AWS:
                return new AWSSecretService((AWSSecretServiceConfig) SecretConfigManager.mapToServiceConfig(properties, AWSSecretServiceConfig.class));
            default:
                throw new SecretServiceException(String.format("Type %s is invalid Secret Service type.", type));
        }
    }
}
