package solutions.a2.kafka.config.aws;

import java.time.Duration;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;

/* loaded from: input_file:solutions/a2/kafka/config/aws/AwsSecretsManagerProviderConfig.class */
public class AwsSecretsManagerProviderConfig extends AbstractConfig {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AwsSecretsManagerProviderConfig.class);
    private final Region region;
    private final long secretTtlMs;

    public static ConfigDef config() {
        return new ConfigDef().define("cloud.region", ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, "The cloud region, for example - 'us-east-1'. Mandatory parameter.").define("cloud.access.key", ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, "Credentials for accessing AWS services.\nUse only when EC2 IAM role, or ECS task role etc not suitable for you.").define("cloud.access.secret", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.LOW, "Credentials secret for accessing AWS services.\nRequired only when 'cloud.access.key' is set.").define("cloud.secret.ttl.ms", ConfigDef.Type.LONG, Long.valueOf(Duration.ofDays(30L).toMillis()), ConfigDef.Importance.LOW, "The time interval in ms during which the secret is considered valid.\nWhen this time expires the AWS Secret Manager is queried again, causing connector(s) to restart.\nDefault value - 30 days.");
    }

    public AwsSecretsManagerProviderConfig(Map<?, ?> map) throws KafkaException {
        super(config(), map);
        this.region = Region.of(getString("cloud.region"));
        if (this.region.metadata() == null) {
            String format = String.format("Invalid value '%s' specified for 'cloud.region parameter'!", getString("cloud.region"));
            LOGGER.error(format);
            throw new KafkaException(format);
        }
        LOGGER.info("AwsSecretsManagerProvider's region ='{}'", this.region);
        this.secretTtlMs = getLong("cloud.secret.ttl.ms").longValue();
    }

    public Region getRegion() {
        return this.region;
    }

    public long getSecretTtlMs() {
        return this.secretTtlMs;
    }

    public SecretsManagerClient getSecretsManagerClient() throws KafkaException {
        if (StringUtils.isBlank(getString("cloud.access.key"))) {
            LOGGER.debug("Credentials will be used from Instance/Task Role, environment, etc...");
            return ((SecretsManagerClientBuilder) SecretsManagerClient.builder().region(this.region)).mo1086build();
        }
        LOGGER.debug("Credentials for accces key '{}' will be used", getString("cloud.access.key"));
        try {
            return ((SecretsManagerClientBuilder) ((SecretsManagerClientBuilder) SecretsManagerClient.builder().credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(getString("cloud.access.key"), getPassword("cloud.access.secret").value())))).region(this.region)).mo1086build();
        } catch (Exception e) {
            LOGGER.error("Unable to create static credentials: {}", e.getMessage());
            throw new KafkaException(e);
        }
    }

    public StsClient getStsClient() throws KafkaException {
        if (StringUtils.isBlank(getString("cloud.access.key"))) {
            LOGGER.debug("Credentials will be used from Instance/Task Role, environment, etc...");
            return ((StsClientBuilder) StsClient.builder().region(this.region)).mo1086build();
        }
        LOGGER.debug("Credentials for accces key '{}' will be used", getString("cloud.access.key"));
        try {
            return ((StsClientBuilder) ((StsClientBuilder) StsClient.builder().credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(getString("cloud.access.key"), getPassword("cloud.access.secret").value())))).region(this.region)).mo1086build();
        } catch (Exception e) {
            LOGGER.error("Unable to create static credentials: {}", e.getMessage());
            throw new KafkaException(e);
        }
    }
}
