package com.atlassian.secrets.service.aws;

import com.atlassian.secrets.api.SealedSecret;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.aws.AWSConfig;
import com.atlassian.secrets.aws.DefaultSecretsManagerClientFactory;
import com.atlassian.secrets.aws.SecretsManagerClientFactory;
import com.atlassian.secrets.service.IdentifierBasedSecret;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;

/* loaded from: input_file:com/atlassian/secrets/service/aws/AWSSecretService.class */
public class AWSSecretService implements SecretService {
    private static final Logger log = LoggerFactory.getLogger(AWSSecretService.class);
    private final AWSConfig config;
    private final SecretsManagerClientFactory clientFactory;

    public AWSSecretService(AWSConfig aWSConfig) {
        this(aWSConfig, new DefaultSecretsManagerClientFactory());
    }

    public AWSSecretService(AWSConfig aWSConfig, SecretsManagerClientFactory secretsManagerClientFactory) {
        this.config = aWSConfig;
        this.clientFactory = secretsManagerClientFactory;
    }

    public SealedSecret seal(String str, String str2) throws SecretServiceException {
        throw new SecretServiceException(new UnsupportedOperationException("Storing secrets in AWS Secrets Manager is not supported."));
    }

    public String unseal(SealedSecret sealedSecret) throws SecretServiceException {
        if (!(sealedSecret instanceof IdentifierBasedSecret)) {
            throw new SecretServiceException("Expecting secret identifier but encrypted secret was passed in");
        }
        try {
            IdentifierBasedSecret identifierBasedSecret = (IdentifierBasedSecret) sealedSecret;
            String secretString = (this.config.getEndpointOverride() != null ? this.clientFactory.getClient(this.config.getRegion(), this.config.getEndpointOverride()) : this.clientFactory.getClient(this.config.getRegion())).getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(identifierBasedSecret.getIdentifier()).build()).secretString();
            log.debug("Retrieved AWS secret: {}", identifierBasedSecret.getIdentifier());
            return secretString;
        } catch (Exception e) {
            log.error("Problem when getting the secret value from AWS Secret Manager: {}", e.getMessage());
            throw new SecretServiceException("Problem when getting the secret value from AWS Secret Manager", e);
        }
    }
}
