package io.jenkins.plugins.credentials.secretsmanager;

import com.amazonaws.SdkBaseException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClient;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.SecretListEntry;
import com.amazonaws.services.secretsmanager.model.Tag;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.google.common.base.Suppliers;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.security.ACL;
import io.jenkins.plugins.credentials.secretsmanager.config.EndpointConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.config.Filters;
import io.jenkins.plugins.credentials.secretsmanager.config.PluginConfiguration;
import io.jenkins.plugins.credentials.secretsmanager.factory.CredentialsFactory;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;

@Extension
/* loaded from: input_file:io/jenkins/plugins/credentials/secretsmanager/AwsCredentialsProvider.class */
public class AwsCredentialsProvider extends CredentialsProvider {
    private static final Logger LOG = Logger.getLogger(AwsCredentialsProvider.class.getName());
    private final AwsCredentialsStore store = new AwsCredentialsStore(this);
    private final Supplier<Collection<IdCredentials>> credentialsSupplier = memoizeWithExpiration(AwsCredentialsProvider::fetchCredentials, Duration.ofMinutes(5));

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.Collection] */
    @NonNull
    public <C extends Credentials> List<C> getCredentials(@Nonnull Class<C> cls, ItemGroup itemGroup, Authentication authentication) {
        if (!ACL.SYSTEM.equals(authentication)) {
            return Collections.emptyList();
        }
        List emptyList = Collections.emptyList();
        try {
            emptyList = (Collection) this.credentialsSupplier.get();
        } catch (SdkBaseException e) {
            LOG.log(Level.WARNING, "Could not list credentials in Secrets Manager: message=[{0}]", e.getMessage());
        }
        Stream filter = emptyList.stream().filter(idCredentials -> {
            return cls.isAssignableFrom(idCredentials.getClass());
        });
        Objects.requireNonNull(cls);
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    public CredentialsStore getStore(ModelObject modelObject) {
        if (modelObject == Jenkins.getInstance()) {
            return this.store;
        }
        return null;
    }

    public String getIconClassName() {
        return "icon-aws-secrets-manager-credentials-store";
    }

    private static <T> Supplier<T> memoizeWithExpiration(Supplier<T> supplier, Duration duration) {
        Objects.requireNonNull(supplier);
        com.google.common.base.Supplier memoizeWithExpiration = Suppliers.memoizeWithExpiration(supplier::get, duration.toMillis(), TimeUnit.MILLISECONDS);
        Objects.requireNonNull(memoizeWithExpiration);
        return memoizeWithExpiration::get;
    }

    private static Collection<IdCredentials> fetchCredentials() {
        Predicate<? super SecretListEntry> predicate;
        LOG.log(Level.FINE, "Retrieve secrets from AWS Secrets Manager");
        PluginConfiguration pluginConfiguration = PluginConfiguration.getInstance();
        EndpointConfiguration endpointConfiguration = pluginConfiguration.getEndpointConfiguration();
        Filters filters = pluginConfiguration.getFilters();
        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClient.builder();
        if (endpointConfiguration == null || endpointConfiguration.getServiceEndpoint() == null || endpointConfiguration.getSigningRegion() == null) {
            LOG.log(Level.CONFIG, "Default Endpoint Configuration");
        } else {
            LOG.log(Level.CONFIG, "Custom Endpoint Configuration: {0}", endpointConfiguration);
            builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(endpointConfiguration.getServiceEndpoint(), endpointConfiguration.getSigningRegion()));
        }
        AWSSecretsManager aWSSecretsManager = (AWSSecretsManager) builder.build();
        if (filters == null || filters.getTag() == null) {
            predicate = secretListEntry -> {
                return true;
            };
        } else {
            Tag withValue = new Tag().withKey(filters.getTag().getKey()).withValue(filters.getTag().getValue());
            predicate = secretListEntry2 -> {
                return ((List) Optional.ofNullable(secretListEntry2.getTags()).orElse(Collections.emptyList())).contains(withValue);
            };
        }
        return ((Map) new ListSecretsOperation(aWSSecretsManager).get().stream().filter(predicate).flatMap(secretListEntry3 -> {
            return optionalToStream(CredentialsFactory.create(secretListEntry3.getName(), (String) Optional.ofNullable(secretListEntry3.getDescription()).orElse(""), (Map) ((List) Optional.ofNullable(secretListEntry3.getTags()).orElse(Collections.emptyList())).stream().filter(tag -> {
                return (tag.getKey() == null || tag.getValue() == null) ? false : true;
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            })), aWSSecretsManager));
        }).collect(Collectors.toMap((v0) -> {
            return v0.getId();
        }, standardCredentials -> {
            return standardCredentials;
        }))).values();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> Stream<T> optionalToStream(Optional<T> optional) {
        return (Stream) optional.map(Stream::of).orElse(Stream.empty());
    }
}
