package io.micronaut.aws.secretsmanager;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import jakarta.inject.Singleton;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.DecryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.Filter;
import software.amazon.awssdk.services.secretsmanager.model.FilterNameStringType;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.InternalServiceErrorException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidParameterException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import software.amazon.awssdk.services.secretsmanager.model.SecretListEntry;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;

@Singleton
@Requires(beans = {SecretsManagerClient.class})
@BootstrapContextCompatible
/* loaded from: input_file:io/micronaut/aws/secretsmanager/SecretsManagerKeyValueFetcher.class */
public class SecretsManagerKeyValueFetcher implements SecretsKeyValueFetcher {
    private static final Logger LOG = LoggerFactory.getLogger(SecretsManagerKeyValueFetcher.class);
    protected final SecretsManagerClient secretsClient;
    protected final ObjectMapper objectMapper;

    public SecretsManagerKeyValueFetcher(SecretsManagerClient secretsManagerClient, ObjectMapper objectMapper) {
        this.secretsClient = secretsManagerClient;
        this.objectMapper = objectMapper;
    }

    @NonNull
    public Optional<Map> keyValuesByPrefix(@NonNull String str) {
        HashMap hashMap = new HashMap();
        String str2 = null;
        do {
            try {
                ListSecretsRequest.Builder filters = ListSecretsRequest.builder().nextToken(str2).filters(new Filter[]{(Filter) Filter.builder().key(FilterNameStringType.NAME).values(new String[]{str}).build()});
                if (str2 != null) {
                    filters = filters.nextToken(str2);
                }
                ListSecretsResponse listSecrets = this.secretsClient.listSecrets((ListSecretsRequest) filters.build());
                List<SecretListEntry> secretList = listSecrets.secretList();
                if (LOG.isTraceEnabled()) {
                    if (secretList.isEmpty()) {
                        LOG.trace("zero secrets for prefix: {}", str);
                    } else {
                        LOG.trace("# {} secrets for prefix: {}", Integer.valueOf(secretList.size()), str);
                    }
                }
                for (SecretListEntry secretListEntry : secretList) {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Evaluating secret {}", secretListEntry.name());
                    }
                    addSecretDetailsToResults(secretListEntry, hashMap);
                }
                str2 = listSecrets.nextToken();
            } catch (SecretsManagerException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("SecretsManagerException {}", e.awsErrorDetails().errorMessage());
                }
                return Optional.empty();
            }
        } while (str2 != null);
        return hashMap.isEmpty() ? Optional.empty() : Optional.of(hashMap);
    }

    @NonNull
    protected void addSecretDetailsToResults(SecretListEntry secretListEntry, Map map) {
        Optional<String> fetchSecretValue = fetchSecretValue(this.secretsClient, secretListEntry.name());
        if (fetchSecretValue.isPresent()) {
            try {
                map.putAll((Map) this.objectMapper.readValue(fetchSecretValue.get(), Map.class));
            } catch (JsonProcessingException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("could not read secret ({}) value from JSON to Map", secretListEntry.name());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    public Optional<String> fetchSecretValue(@NonNull SecretsManagerClient secretsManagerClient, @NonNull String str) {
        return fetchSecretValueResponse(secretsManagerClient, (GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str).build()).map(this::extractSecretValue);
    }

    @NonNull
    private String extractSecretValue(@NonNull GetSecretValueResponse getSecretValueResponse) {
        return getSecretValueResponse.secretString() != null ? getSecretValueResponse.secretString() : new String(Base64.getDecoder().decode(getSecretValueResponse.secretBinary().asByteBuffer()).array());
    }

    @NonNull
    private Optional<GetSecretValueResponse> fetchSecretValueResponse(@NonNull SecretsManagerClient secretsManagerClient, @NonNull GetSecretValueRequest getSecretValueRequest) {
        try {
            return Optional.of(secretsManagerClient.getSecretValue(getSecretValueRequest));
        } catch (ResourceNotFoundException e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Could not find the resource for secret ({})", getSecretValueRequest.secretId());
            }
            return Optional.empty();
        } catch (SecretsManagerException e2) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("SecretsManagerException {}", e2.awsErrorDetails().errorMessage());
            }
            return Optional.empty();
        } catch (InvalidRequestException e3) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("While getting the secret value, you provided a parameter value that is not valid for the current state of the secret ({})", getSecretValueRequest.secretId());
            }
            return Optional.empty();
        } catch (InvalidParameterException e4) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("You provided an invalid value for a parameter while getting secret ({}) value", getSecretValueRequest.secretId());
            }
            return Optional.empty();
        } catch (InternalServiceErrorException e5) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("An error occurred on the server side getting secret ({}) value", getSecretValueRequest.secretId());
            }
            return Optional.empty();
        } catch (DecryptionFailureException e6) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Secrets Manager can't decrypt the protected secret ({}) text using the provided KMS key.", getSecretValueRequest.secretId());
            }
            return Optional.empty();
        }
    }
}
