package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SealedSecret;
import com.atlassian.secrets.api.SecretDao;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceBackend;
import com.atlassian.secrets.api.SecretServiceConfiguration;
import com.atlassian.secrets.api.SecretServiceException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:com/atlassian/secrets/service/DefaultSecretService.class */
public class DefaultSecretService implements SecretService {
    private final SecretDao secretDao;
    private final Map<String, SecretServiceBackend> backends;
    private final SecretServiceBackend defaultBackend;
    private static final int MAX_SECRET_SIZE = 65536;
    private static final Logger log = LoggerFactory.getLogger(DefaultSecretService.class);

    public DefaultSecretService(SecretDao secretDao, Map<String, SecretServiceBackend> map, String str) {
        this.secretDao = secretDao;
        this.backends = map;
        this.defaultBackend = this.backends.get(str);
        Assert.notNull(this.defaultBackend, String.format("%s it not a valid backend id", str));
    }

    private static void validateSecretDataSize(String str) throws SecretServiceException {
        if (str.getBytes(StandardCharsets.UTF_8).length > MAX_SECRET_SIZE) {
            throw new SecretServiceException("Secret data size exceeds the 64KB limit.");
        }
    }

    public void put(String str, String str2) throws SecretServiceException {
        Assert.hasText(str, "Secret identifier must not be empty.");
        log.debug("Putting secret {}", str);
        validateSecretDataSize(str2);
        this.secretDao.put(Collections.singleton(this.defaultBackend.seal(str, str2)));
    }

    public Optional<String> get(String str) throws SecretServiceException {
        Assert.hasText(str, "Secret identifier must not be empty.");
        log.debug("Getting secret {}", str);
        Optional optional = this.secretDao.get(str);
        if (optional.isEmpty()) {
            log.debug("Secret {} not found", str);
            return Optional.empty();
        }
        SealedSecret sealedSecret = (SealedSecret) optional.get();
        return Optional.of(this.backends.get(sealedSecret.getBackendId()).unseal(sealedSecret));
    }

    public void delete(String str) throws SecretServiceException {
        Assert.hasText(str, "Secret identifier must not be empty.");
        log.debug("Deleting secret {}", str);
        Optional optional = this.secretDao.get(str);
        if (optional.isEmpty()) {
            return;
        }
        this.backends.get(((SealedSecret) optional.get()).getBackendId()).delete(str);
        this.secretDao.delete(str);
    }

    public SecretServiceConfiguration getConfiguration() {
        return new SecretServiceConfiguration(this.defaultBackend.getType(), (Set) this.backends.values().stream().map((v0) -> {
            return v0.getType();
        }).collect(Collectors.toSet()));
    }

    public void migrate(String str, String str2) throws SecretServiceException {
        SecretServiceBackend secretServiceBackend = this.backends.get(str);
        SecretServiceBackend secretServiceBackend2 = this.backends.get(str2);
        Set<String> idsForBackend = this.secretDao.getIdsForBackend(str);
        HashSet hashSet = new HashSet();
        for (String str3 : idsForBackend) {
            Optional optional = this.secretDao.get(str3);
            if (optional.isEmpty()) {
                log.info("Secret {} won't be migrated as it has been deleted", str3);
            } else {
                hashSet.add(secretServiceBackend2.seal(str3, secretServiceBackend.unseal((SealedSecret) optional.get())));
            }
        }
        this.secretDao.put(hashSet);
        HashSet hashSet2 = new HashSet();
        try {
            for (String str4 : idsForBackend) {
                secretServiceBackend.delete(str4);
                hashSet2.add(str4);
            }
        } catch (Exception e) {
            idsForBackend.removeAll(hashSet2);
            String join = String.join(", ", idsForBackend);
            log.error("Error cleaning up secrets post migration", e);
            log.error("Secrets which were not cleaned up: {}", join);
        }
    }

    public Set<String> getBackendIds() {
        return this.backends.keySet();
    }

    SecretServiceBackend getDefaultService() {
        return this.defaultBackend;
    }
}
