package com.netflix.spinnaker.kork.secrets.engines;

import com.amazonaws.AmazonClientException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.netflix.spinnaker.kork.secrets.EncryptedSecret;
import com.netflix.spinnaker.kork.secrets.SecretException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/netflix/spinnaker/kork/secrets/engines/S3SecretEngine.class */
public class S3SecretEngine extends AbstractStorageSecretEngine {
    private static String IDENTIFIER = "s3";
    private final Optional<S3ConfigurationProperties> s3ConfigurationProperties;

    public S3SecretEngine(Optional<S3ConfigurationProperties> optional) {
        this.s3ConfigurationProperties = optional;
    }

    public String identifier() {
        return IDENTIFIER;
    }

    protected InputStream downloadRemoteFile(EncryptedSecret encryptedSecret) throws IOException {
        String str = (String) encryptedSecret.getParams().get("r");
        String str2 = (String) encryptedSecret.getParams().get("b");
        String str3 = (String) encryptedSecret.getParams().get("f");
        AmazonS3ClientBuilder standard = AmazonS3ClientBuilder.standard();
        if (this.s3ConfigurationProperties.isPresent()) {
            S3ConfigurationProperties s3ConfigurationProperties = this.s3ConfigurationProperties.get();
            if (StringUtils.isBlank(s3ConfigurationProperties.getEndpointUrl())) {
                throw new SecretException(String.format("Endpoint not found in properties: s3.secret.endpoint-url", new Object[0]));
            }
            standard.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(s3ConfigurationProperties.getEndpointUrl(), str));
            standard.setPathStyleAccessEnabled(Boolean.valueOf(s3ConfigurationProperties.isPathStyleAccessEnabled()));
        } else {
            standard = (AmazonS3ClientBuilder) standard.withRegion(str);
        }
        AmazonS3 amazonS3 = (AmazonS3) standard.build();
        try {
            if (amazonS3.doesBucketExistV2(str2)) {
                return amazonS3.getObject(str2, str3).getObjectContent();
            }
            throw new SecretException(String.format("S3 Bucket does not exist. Bucket: %s, Region: %s", str2, str));
        } catch (AmazonS3Exception e) {
            StringBuilder sb = new StringBuilder("Error reading contents of S3 -- ");
            if (403 == e.getStatusCode()) {
                sb.append(String.format("Unauthorized access. Check connectivity and permissions to the bucket. -- Bucket: %s, Object: %s, Region: %s.\nError: %s ", str2, str3, str, e.toString()));
            } else if (404 == e.getStatusCode()) {
                sb.append(String.format("Not found. Does secret file exist? -- Bucket: %s, Object: %s, Region: %s.\nError: %s", str2, str3, str, e.toString()));
            } else {
                sb.append(String.format("Error: %s", e.toString()));
            }
            throw new SecretException(sb.toString(), e);
        } catch (AmazonClientException e2) {
            throw new SecretException(String.format("Error reading contents of S3. Bucket: %s, Object: %s, Region: %s.\nError: %s", str2, str3, str, e2.toString()), e2);
        }
    }
}
