package com.atlassian.secrets.service.aws;

import com.atlassian.secrets.api.SealedSecret;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.aws.DefaultSecretsManagerClientFactory;
import com.atlassian.secrets.aws.SecretsManagerClientFactory;
import com.atlassian.secrets.service.IdentifierBasedSecret;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.PutSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;

/* loaded from: input_file:com/atlassian/secrets/service/aws/AWSSecretService.class */
public class AWSSecretService implements SecretService {
    private static final Logger log = LoggerFactory.getLogger(AWSSecretService.class);
    private final AWSSecretServiceConfig config;
    private final SecretsManagerClientFactory clientFactory;

    public AWSSecretService(AWSSecretServiceConfig aWSSecretServiceConfig) {
        this(aWSSecretServiceConfig, new DefaultSecretsManagerClientFactory());
    }

    public AWSSecretService(AWSSecretServiceConfig aWSSecretServiceConfig, SecretsManagerClientFactory secretsManagerClientFactory) {
        this.config = aWSSecretServiceConfig;
        this.clientFactory = secretsManagerClientFactory;
    }

    public SealedSecret seal(String str, String str2) throws SecretServiceException {
        try {
            SecretsManagerClient client = getClient();
            String secretName = getSecretName(str);
            try {
                log.debug("Updated AWS secret: {}", client.putSecretValue((PutSecretValueRequest) PutSecretValueRequest.builder().secretId(secretName).secretString(str2).build()).name());
            } catch (ResourceNotFoundException e) {
                log.debug("Created AWS secret: {}", client.createSecret((CreateSecretRequest) CreateSecretRequest.builder().name(secretName).secretString(str2).build()).name());
            }
            return new IdentifierBasedSecret(str);
        } catch (RuntimeException e2) {
            log.error("Problem when saving a secret value into AWS Secret Manager: {}", e2.getMessage());
            throw new SecretServiceException("Problem when saving a secret value into AWS Secret Manager", e2);
        }
    }

    public String unseal(SealedSecret sealedSecret) throws SecretServiceException {
        if (!(sealedSecret instanceof IdentifierBasedSecret)) {
            throw new SecretServiceException("Expecting secret identifier but encrypted secret was passed in");
        }
        try {
            IdentifierBasedSecret identifierBasedSecret = (IdentifierBasedSecret) sealedSecret;
            String secretString = getClient().getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(getSecretName(identifierBasedSecret.getIdentifier())).build()).secretString();
            log.debug("Retrieved AWS secret: {}", identifierBasedSecret.getIdentifier());
            return secretString;
        } catch (Exception e) {
            log.error("Problem when getting the secret value from AWS Secret Manager: {}", e.getMessage());
            throw new SecretServiceException("Problem when getting the secret value from AWS Secret Manager", e);
        }
    }

    private SecretsManagerClient getClient() {
        return this.config.getEndpointOverride() != null ? this.clientFactory.getClient(this.config.getRegion(), this.config.getEndpointOverride()) : this.clientFactory.getClient(this.config.getRegion());
    }

    private String getSecretName(String str) {
        return this.config.getSecretNamePrefix() != null ? this.config.getSecretNamePrefix() + str : str;
    }
}
