package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SealedSecretFormat;
import com.atlassian.secrets.api.SecretDao;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.aws.AWSConfig;
import com.atlassian.secrets.service.aes.AESConfig;
import com.atlassian.secrets.service.aes.AESSecretService;
import com.atlassian.secrets.service.aes.PersistentAESSecretService;
import com.atlassian.secrets.service.aws.AWSSecretService;
import com.atlassian.secrets.service.config.BackendConfig;
import com.atlassian.secrets.service.config.SecretServiceConfig;
import com.atlassian.secrets.service.vault.VaultSecretService;
import com.atlassian.secrets.vault.auth.VaultConfig;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Supplier;

/* loaded from: input_file:com/atlassian/secrets/service/SecretServiceFactory.class */
public class SecretServiceFactory {
    private SecretServiceFactory() {
    }

    public static SecretService getSecretService(SecretServiceParams secretServiceParams) throws SecretServiceException {
        Path resolve = secretServiceParams.getHomeDirectory().resolve(SecretConfigManager.SECRETS_CONFIG_FILE_NAME);
        if (!Files.exists(resolve, new LinkOption[0])) {
            SecretConfigManager.generateDefaultConfigFile(secretServiceParams.getHomeDirectory(), secretServiceParams.getIdentifiersForInlineAES());
        }
        SecretServiceConfig readConfigFile = SecretConfigManager.readConfigFile(resolve);
        Map<String, SecretService> parseBackends = parseBackends(readConfigFile.getBackends(), secretServiceParams.getSecretDaoSupplier());
        String defaultBackend = readConfigFile.getDefaultBackend();
        Map<String, SecretService> buildAndValidateSecretMappings = buildAndValidateSecretMappings(readConfigFile.getSecretMappings(), parseBackends);
        SecretService secretService = parseBackends.get(defaultBackend);
        if (secretService == null) {
            throw new IllegalArgumentException(String.format("Default service must be a valid backend. Make sure %s is appropriately defined.", SecretConfigManager.SECRETS_CONFIG_FILE_NAME));
        }
        return new DefaultSecretService(secretService, buildAndValidateSecretMappings);
    }

    private static Map<String, SecretService> buildAndValidateSecretMappings(Map<String, String> map, Map<String, SecretService> map2) {
        if (map == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!map2.containsKey(entry.getValue())) {
                throw new SecretServiceException(String.format("Secret Service backend %s does not exist", entry.getValue()));
            }
            hashMap.put(entry.getKey(), map2.get(entry.getValue()));
        }
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, SecretService> parseBackends(Map<String, BackendConfig> map, Supplier<SecretDao> supplier) throws SecretServiceException {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            hashMap.put(str, getSecretService(map.get(str), supplier));
        }
        return hashMap;
    }

    private static SecretService getSecretService(BackendConfig backendConfig, Supplier<SecretDao> supplier) throws SecretServiceException {
        SecretServiceType type = backendConfig.getType();
        Map<String, Object> properties = backendConfig.getProperties();
        SealedSecretFormat.setFormat(new CBORFormat());
        switch (type) {
            case AES:
                return new AESSecretService((AESConfig) SecretConfigManager.mapToServiceConfig(properties, AESConfig.class));
            case PERSISTENT_AES:
                return new PersistentAESSecretService((AESConfig) SecretConfigManager.mapToServiceConfig(properties, AESConfig.class), supplier);
            case VAULT:
                return new VaultSecretService((VaultConfig) SecretConfigManager.mapToServiceConfig(properties, VaultConfig.class));
            case AWS:
                return new AWSSecretService((AWSConfig) SecretConfigManager.mapToServiceConfig(properties, AWSConfig.class));
            default:
                throw new SecretServiceException(String.format("Type %s is invalid Secret Service type.", type));
        }
    }
}
