package com.yahoo.athenz.auth.impl;

import com.yahoo.athenz.auth.PrivateKeyStore;
import com.yahoo.athenz.auth.ServerPrivateKey;
import com.yahoo.athenz.auth.util.Crypto;
import java.lang.invoke.MethodHandles;
import java.security.PrivateKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.ssm.SsmClient;

/* loaded from: input_file:com/yahoo/athenz/auth/impl/AWSParameterStorePrivateKeyStore.class */
public class AWSParameterStorePrivateKeyStore implements PrivateKeyStore {
    private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final String ZMS_SERVICE = "zms";
    private static final String ZTS_SERVICE = "zts";
    private static final String MSD_SERVICE = "msd";
    private static final String ATHENZ_PROP_ZMS_KEY_NAME = "athenz.aws.zms.key_name";
    private static final String ATHENZ_PROP_ZMS_KEY_ID_NAME = "athenz.aws.zms.key_id_name";
    private static final String ATHENZ_PROP_ZTS_KEY_NAME = "athenz.aws.zts.key_name";
    private static final String ATHENZ_PROP_ZTS_KEY_ID_NAME = "athenz.aws.zts.key_id_name";
    private static final String ATHENZ_PROP_MSD_KEY_NAME = "athenz.aws.msd.key_name";
    private static final String ATHENZ_PROP_MSD_KEY_ID_NAME = "athenz.aws.msd.key_id_name";
    private static final String ATHENZ_DEFAULT_KEY_NAME = "service_private_key";
    private static final String ATHENZ_DEFAULT_KEY_ID_NAME = "service_private_key_id";
    private final SsmClient ssmClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AWSParameterStorePrivateKeyStore(SsmClient ssmClient) {
        this.ssmClient = ssmClient;
    }

    @Override // com.yahoo.athenz.auth.PrivateKeyStore
    public char[] getSecret(String str, String str2, String str3) {
        return getSsmParameter(str3).toCharArray();
    }

    @Override // com.yahoo.athenz.auth.PrivateKeyStore
    public ServerPrivateKey getPrivateKey(String str, String str2, String str3, String str4) {
        String str5;
        String str6;
        if (str3 == null || str3.isEmpty()) {
            LOG.error("server region not specified");
            return null;
        }
        String str7 = "." + str4.toLowerCase();
        if (ZMS_SERVICE.equals(str)) {
            str5 = System.getProperty(ATHENZ_PROP_ZMS_KEY_NAME, ATHENZ_DEFAULT_KEY_NAME) + str7;
            str6 = System.getProperty(ATHENZ_PROP_ZMS_KEY_ID_NAME, ATHENZ_DEFAULT_KEY_ID_NAME) + str7;
        } else if ("zts".equals(str)) {
            str5 = System.getProperty(ATHENZ_PROP_ZTS_KEY_NAME, ATHENZ_DEFAULT_KEY_NAME) + str7;
            str6 = System.getProperty(ATHENZ_PROP_ZTS_KEY_ID_NAME, ATHENZ_DEFAULT_KEY_ID_NAME) + str7;
        } else {
            if (!MSD_SERVICE.equals(str)) {
                LOG.error("Unknown service specified: {}", str);
                return null;
            }
            str5 = System.getProperty(ATHENZ_PROP_MSD_KEY_NAME, ATHENZ_DEFAULT_KEY_NAME) + str7;
            str6 = System.getProperty(ATHENZ_PROP_MSD_KEY_ID_NAME, ATHENZ_DEFAULT_KEY_ID_NAME) + str7;
        }
        PrivateKey privateKey = null;
        try {
            privateKey = Crypto.loadPrivateKey(getSsmParameter(str5));
        } catch (Exception e) {
            LOG.error("unable to load private key", e);
        }
        if (privateKey == null) {
            return null;
        }
        return new ServerPrivateKey(privateKey, getSsmParameter(str6));
    }

    private String getSsmParameter(String str) {
        return this.ssmClient.getParameter(builder -> {
            builder.name(str).withDecryption(true);
        }).parameter().value();
    }
}
