package io.datarouter.aws.secretsmanager;

import io.datarouter.instrumentation.metric.Metrics;
import io.datarouter.instrumentation.trace.TraceSpanFinisher;
import io.datarouter.instrumentation.trace.TraceSpanGroupType;
import io.datarouter.instrumentation.trace.TracerTool;
import io.datarouter.secret.client.Secret;
import io.datarouter.secret.client.SecretClient;
import io.datarouter.secret.exception.SecretExistsException;
import io.datarouter.secret.exception.SecretNotFoundException;
import io.datarouter.web.config.AwsSupport;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse;
import software.amazon.awssdk.services.secretsmanager.model.ResourceExistsException;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretRequest;

/* loaded from: input_file:io/datarouter/aws/secretsmanager/AwsSecretClient.class */
public class AwsSecretClient implements SecretClient {
    private final SecretsManagerClient client;

    public AwsSecretClient(AwsCredentialsProvider awsCredentialsProvider, String str, AwsSupport awsSupport) {
        SdkHttpClient build = ApacheHttpClient.builder().socketTimeout(Duration.ofSeconds(1L)).connectionTimeout(Duration.ofSeconds(1L)).build();
        this.client = (SecretsManagerClient) SecretsManagerClient.builder().httpClient(build).credentialsProvider(awsCredentialsProvider).region(Region.of(str)).build();
        awsSupport.registerConnectionManagerFromHttpClient("secretManager", build);
    }

    public final void create(Secret secret) {
        CreateSecretRequest createSecretRequest = (CreateSecretRequest) CreateSecretRequest.builder().name(secret.getName()).secretString((String) secret.getValue()).build();
        try {
            count("create");
            Throwable th = null;
            try {
                TraceSpanFinisher startSpan = TracerTool.startSpan("AWSSecretsManager createSecret", TraceSpanGroupType.CLOUD_STORAGE);
                try {
                    TracerTool.appendToSpanInfo(secret.getName());
                    this.client.createSecret(createSecretRequest);
                    if (startSpan != null) {
                        startSpan.close();
                    }
                } catch (Throwable th2) {
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (ResourceExistsException e) {
            throw new SecretExistsException(secret.getName(), e);
        }
    }

    public final Secret read(String str) {
        GetSecretValueRequest getSecretValueRequest = (GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str).build();
        try {
            count("get");
            Throwable th = null;
            try {
                TraceSpanFinisher startSpan = TracerTool.startSpan("AWSSecretsManager getSecretValue", TraceSpanGroupType.CLOUD_STORAGE);
                try {
                    TracerTool.appendToSpanInfo(str);
                    GetSecretValueResponse secretValue = this.client.getSecretValue(getSecretValueRequest);
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    return new Secret(str, secretValue.secretString());
                } catch (Throwable th2) {
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (ResourceNotFoundException e) {
            throw new SecretNotFoundException(str, e);
        } catch (InvalidRequestException e2) {
            throw new RuntimeException("InvalidRequest secretName=" + str, e2);
        }
    }

    public final List<String> listNames(Optional<String> optional) {
        ArrayList arrayList = new ArrayList();
        String str = null;
        do {
            ListSecretsRequest listSecretsRequest = (ListSecretsRequest) ListSecretsRequest.builder().maxResults(100).nextToken(str).build();
            count("list");
            Throwable th = null;
            try {
                TraceSpanFinisher startSpan = TracerTool.startSpan("AWSSecretsManager listSecrets", TraceSpanGroupType.CLOUD_STORAGE);
                try {
                    TracerTool.appendToSpanInfo(optional.orElse(""));
                    ListSecretsResponse listSecrets = this.client.listSecrets(listSecretsRequest);
                    TracerTool.appendToSpanInfo("count", Integer.valueOf(listSecrets.secretList().size()));
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    str = listSecrets.nextToken();
                    Stream filter = listSecrets.secretList().stream().map((v0) -> {
                        return v0.name();
                    }).filter(str2 -> {
                        return ((Boolean) optional.map(str2 -> {
                            return Boolean.valueOf(str2.length() < str2.length() && str2.startsWith(str2));
                        }).orElse(true)).booleanValue();
                    });
                    arrayList.getClass();
                    filter.forEach((v1) -> {
                        r1.add(v1);
                    });
                } finally {
                    th = th;
                }
            } catch (Throwable th2) {
                if (th == null) {
                    th = th2;
                } else if (th != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } while (str != null);
        return arrayList;
    }

    public final void update(Secret secret) {
        UpdateSecretRequest updateSecretRequest = (UpdateSecretRequest) UpdateSecretRequest.builder().secretId(secret.getName()).secretString((String) secret.getValue()).build();
        try {
            count("update");
            Throwable th = null;
            try {
                TraceSpanFinisher startSpan = TracerTool.startSpan("AWSSecretsManager updateSecret", TraceSpanGroupType.CLOUD_STORAGE);
                try {
                    TracerTool.appendToSpanInfo(secret.getName());
                    this.client.updateSecret(updateSecretRequest);
                    if (startSpan != null) {
                        startSpan.close();
                    }
                } catch (Throwable th2) {
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (ResourceNotFoundException e) {
            throw new SecretNotFoundException(secret.getName(), e);
        } catch (ResourceExistsException e2) {
            throw new SecretExistsException("Requested update already exists.", secret.getName(), e2);
        }
    }

    public final void delete(String str) {
        DeleteSecretRequest deleteSecretRequest = (DeleteSecretRequest) DeleteSecretRequest.builder().secretId(str).build();
        try {
            count("delete");
            Throwable th = null;
            try {
                TraceSpanFinisher startSpan = TracerTool.startSpan("AWSSecretsManager deleteSecret", TraceSpanGroupType.CLOUD_STORAGE);
                try {
                    TracerTool.appendToSpanInfo(str);
                    this.client.deleteSecret(deleteSecretRequest);
                    if (startSpan != null) {
                        startSpan.close();
                    }
                } catch (Throwable th2) {
                    if (startSpan != null) {
                        startSpan.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (ResourceNotFoundException e) {
            throw new SecretNotFoundException(str, e);
        }
    }

    public final void validateName(String str) {
        validateNameStatic(str);
    }

    public static void validateNameStatic(String str) {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("validation failed name=" + str);
        }
        if (!str.toLowerCase().chars().allMatch(i -> {
            if (i <= 47 || i >= 58) {
                return (i > 96 && i < 123) || i == 47 || i == 95 || i == 43 || i == 61 || i == 46 || i == 64 || i == 45;
            }
            return true;
        }) || (str.length() > 6 && str.charAt(str.length() - 7) == '-')) {
            throw new RuntimeException("validation failed name=" + str);
        }
    }

    private static void count(String str) {
        Metrics.count("AwsSecretClient " + str);
    }
}
