package fish.payara.microprofile.config.extensions.aws;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import fish.payara.microprofile.config.extensions.aws.client.AwsRequestBuilder;
import fish.payara.nucleus.microprofile.config.admin.ConfigSourceConstants;
import fish.payara.nucleus.microprofile.config.source.extension.ConfiguredExtensionConfigSource;
import fish.payara.nucleus.microprofile.config.spi.MicroprofileConfigConfiguration;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.stream.JsonParser;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.core.Response;
import org.glassfish.config.support.TranslatedConfigView;
import org.jvnet.hk2.annotations.Service;

@Service(name = "aws-secrets-config-source")
/* loaded from: input_file:fish/payara/microprofile/config/extensions/aws/AWSSecretsConfigSource.class */
public class AWSSecretsConfigSource extends ConfiguredExtensionConfigSource<AWSSecretsConfigSourceConfiguration> {
    private static final Logger LOGGER = Logger.getLogger(AWSSecretsConfigSource.class.getName());
    private final ObjectMapper mapper = new ObjectMapper();
    private AwsRequestBuilder builder;

    @Inject
    MicroprofileConfigConfiguration mpconfig;

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public void bootstrap() {
        try {
            this.builder = AwsRequestBuilder.builder(TranslatedConfigView.getRealPasswordFromAlias("${ALIAS=AWS_ACCESS_KEY_ID}"), TranslatedConfigView.getRealPasswordFromAlias("${ALIAS=AWS_SECRET_ACCESS_KEY}")).region(((AWSSecretsConfigSourceConfiguration) this.configuration).getRegionName()).serviceName("secretsmanager").version("2017-10-17").ContentType("application/x-amz-json-1.1").method("POST").data(Json.createObjectBuilder().add("SecretId", ((AWSSecretsConfigSourceConfiguration) this.configuration).getSecretName()).build());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            LOGGER.log(Level.WARNING, "Unable to get value from password aliases", e);
        } catch (IllegalArgumentException e2) {
            printMisconfigurationMessage();
        }
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public void destroy() {
        this.builder = null;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Map<String, String> getProperties() {
        if (this.builder == null) {
            printMisconfigurationMessage();
            return new HashMap();
        }
        Response invoke = this.builder.action("GetSecretValue").build().invoke();
        if (invoke.getStatus() != 200) {
            LOGGER.log(Level.WARNING, "Failed to get AWS secret. {0}", invoke.readEntity(String.class));
        } else {
            try {
                StringReader stringReader = new StringReader(readSecretString((InputStream) invoke.getEntity()));
                Throwable th = null;
                try {
                    try {
                        Map<String, String> readMap = readMap(stringReader);
                        if (stringReader != null) {
                            if (0 != 0) {
                                try {
                                    stringReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                stringReader.close();
                            }
                        }
                        return readMap;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException | JsonException | ProcessingException e) {
                LOGGER.log(Level.WARNING, "Unable to read secret value", e);
            }
        }
        return new HashMap();
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public Set<String> getPropertyNames() {
        return getProperties().keySet();
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getValue(String str) {
        if (this.builder != null) {
            return getProperties().get(str);
        }
        printMisconfigurationMessage();
        return null;
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean deleteValue(String str) {
        return modifySecret("DELETE", str, null);
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public boolean setValue(String str, String str2) {
        return modifySecret("POST", str, str2);
    }

    @Override // fish.payara.nucleus.microprofile.config.source.extension.ExtensionConfigSource
    public String getSource() {
        return ConfigSourceConstants.CLOUD;
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public String getName() {
        return "aws";
    }

    @Override // org.eclipse.microprofile.config.spi.ConfigSource
    public int getOrdinal() {
        return Integer.parseInt(this.mpconfig.getCloudOrdinality());
    }

    private boolean modifySecret(String str, String str2, String str3) {
        if (this.builder == null) {
            printMisconfigurationMessage();
            return false;
        }
        Map<String, String> properties = getProperties();
        boolean z = -1;
        switch (str.hashCode()) {
            case 2461856:
                if (str.equals("POST")) {
                    z = false;
                    break;
                }
                break;
            case 2012838315:
                if (str.equals("DELETE")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                properties.put(str2, str3);
                break;
            case true:
                if (properties.remove(str2) == null) {
                    return false;
                }
                break;
            default:
                throw new IllegalArgumentException("Unsupported HTTP method");
        }
        Response invoke = this.builder.action("UpdateSecret").data(Json.createObjectBuilder().add("ClientRequestToken", UUID.randomUUID().toString()).add("SecretId", ((AWSSecretsConfigSourceConfiguration) this.configuration).getSecretName()).add("SecretString", Json.createObjectBuilder(properties).build().toString()).build()).build().invoke();
        if (invoke.getStatus() == 200) {
            return true;
        }
        LOGGER.log(Level.WARNING, "Failed to modify AWS secret. {0}", invoke.readEntity(String.class));
        return false;
    }

    private static String readSecretString(InputStream inputStream) {
        JsonParser createParser = Json.createParser(inputStream);
        Throwable th = null;
        while (createParser.hasNext()) {
            try {
                try {
                    if (createParser.next() == JsonParser.Event.KEY_NAME) {
                        String string = createParser.getString();
                        createParser.next();
                        if ("SecretString".equals(string)) {
                            String string2 = createParser.getString();
                            if (createParser != null) {
                                if (0 != 0) {
                                    try {
                                        createParser.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    createParser.close();
                                }
                            }
                            return string2;
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (createParser != null) {
                    if (th != null) {
                        try {
                            createParser.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        createParser.close();
                    }
                }
                throw th4;
            }
        }
        if (createParser == null) {
            return null;
        }
        if (0 == 0) {
            createParser.close();
            return null;
        }
        try {
            createParser.close();
            return null;
        } catch (Throwable th6) {
            th.addSuppressed(th6);
            return null;
        }
    }

    private Map<String, String> readMap(Reader reader) throws JsonParseException, JsonMappingException, IOException {
        return (Map) this.mapper.readValue(reader, new TypeReference<Map<String, String>>() { // from class: fish.payara.microprofile.config.extensions.aws.AWSSecretsConfigSource.1
        });
    }

    private static void printMisconfigurationMessage() {
        LOGGER.warning("AWS Secrets Config Source isn't configured correctly. Make sure that the password aliases AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY exist.");
    }
}
