package com.atlassian.secrets.store.aws;

import com.atlassian.secrets.api.SecretStore;
import com.atlassian.secrets.api.SecretStoreException;
import com.atlassian.secrets.aws.DefaultSecretsManagerClientFactory;
import com.atlassian.secrets.aws.SecretsManagerClientFactory;
import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.JsonPointer;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;

/* loaded from: input_file:com/atlassian/secrets/store/aws/AwsSecretsManagerStore.class */
public class AwsSecretsManagerStore implements SecretStore {
    private static final Logger log = LoggerFactory.getLogger(AwsSecretsManagerStore.class);
    private final SecretsManagerClientFactory clientFactory;
    private final ObjectMapper objectMapper;

    public AwsSecretsManagerStore(SecretsManagerClientFactory secretsManagerClientFactory) {
        this.objectMapper = new ObjectMapper();
        this.clientFactory = secretsManagerClientFactory;
    }

    public AwsSecretsManagerStore() {
        this(new DefaultSecretsManagerClientFactory());
    }

    public String get(String str) {
        try {
            AwsSecretsManagerParams awsSecretsManagerParams = (AwsSecretsManagerParams) this.objectMapper.readValue(str, AwsSecretsManagerParams.class);
            String secretString = (awsSecretsManagerParams.getEndpointOverride() != null ? this.clientFactory.getClient(awsSecretsManagerParams.getRegion(), awsSecretsManagerParams.getEndpointOverride()) : this.clientFactory.getClient(awsSecretsManagerParams.getRegion())).getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(awsSecretsManagerParams.getSecretId()).build()).secretString();
            log.debug("Retrieved AWS secret: {}", awsSecretsManagerParams);
            return awsSecretsManagerParams.getSecretPointer() == null ? secretString : parseAwsSecretValue(secretString, awsSecretsManagerParams.getSecretPointer());
        } catch (JacksonException e) {
            log.error("Problem when reading secret store configuration. Please review the JSON configuration string.");
            throw new SecretStoreException("Problem when reading secret store configuration. Please review the JSON configuration string.");
        } catch (Exception e2) {
            log.error("Problem when getting the secret value: {}", e2.getMessage());
            throw new SecretStoreException("Problem when getting the secret value", e2);
        }
    }

    public String store(String str) {
        throw new UnsupportedOperationException("Encryption is currently not supported for AWS Secrets Manager");
    }

    private String parseAwsSecretValue(String str, String str2) {
        boolean startsWith = str2.startsWith("/");
        if (!startsWith) {
            log.warn("Secret pointer '{}' does not start with a slash. We will add it, but please fix it in your configuration.", str2);
        }
        return parseJSONSecretValue(str).at(JsonPointer.compile(startsWith ? str2 : "/" + str2)).asText();
    }

    private JsonNode parseJSONSecretValue(String str) {
        try {
            return this.objectMapper.readTree(str);
        } catch (JsonProcessingException e) {
            throw new SecretStoreException("Could not parse AWS Secrets Manager value, value is not valid JSON.");
        }
    }
}
