package com.netflix.spinnaker.kork.secrets.engines;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.api.gax.rpc.ApiException;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretPayload;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import com.netflix.spinnaker.kork.secrets.EncryptedSecret;
import com.netflix.spinnaker.kork.secrets.InvalidSecretFormatException;
import com.netflix.spinnaker.kork.secrets.SecretEngine;
import com.netflix.spinnaker.kork.secrets.SecretException;
import java.io.IOException;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/netflix/spinnaker/kork/secrets/engines/GoogleSecretsManagerSecretEngine.class */
public class GoogleSecretsManagerSecretEngine implements SecretEngine {
    private static final String PROJECT_NUMBER = "p";
    private static final String SECRET_ID = "s";
    private static final String SECRET_KEY = "k";
    private static final String VERSION_ID = "v";
    private static final String LATEST = "latest";
    private static final String IDENTIFIER = "google-secrets-manager";
    private final Map<String, Map<String, String>> cache = new ConcurrentHashMap();
    private static final ObjectMapper objectMapper = new ObjectMapper();
    private static SecretManagerServiceClient client;

    public String identifier() {
        return IDENTIFIER;
    }

    public byte[] decrypt(EncryptedSecret encryptedSecret) {
        String str = (String) encryptedSecret.getParams().get(PROJECT_NUMBER);
        String str2 = (String) encryptedSecret.getParams().get(SECRET_ID);
        String str3 = (String) encryptedSecret.getParams().get(SECRET_KEY);
        String str4 = (String) encryptedSecret.getParams().get(VERSION_ID);
        return encryptedSecret.isEncryptedFile() ? getSecretPayload(str, str2, str4).getData().toStringUtf8().getBytes() : str3 != null ? getSecretPayloadString(str, str2, str4, str3) : getSecretPayloadString(str, str2, str4);
    }

    public void validate(EncryptedSecret encryptedSecret) {
        Set keySet = encryptedSecret.getParams().keySet();
        if (!keySet.contains(PROJECT_NUMBER)) {
            throw new InvalidSecretFormatException("Project number parameter is missing (p=...)");
        }
        if (!keySet.contains(SECRET_ID)) {
            throw new InvalidSecretFormatException("Secret id parameter is missing (s=...)");
        }
        if (encryptedSecret.isEncryptedFile() && keySet.contains(SECRET_KEY)) {
            throw new InvalidSecretFormatException("Encrypted file should not specify key");
        }
    }

    protected SecretPayload getSecretPayload(String str, String str2, String str3) {
        try {
            if (client == null) {
                client = SecretManagerServiceClient.create();
            }
            if (str3 == null) {
                str3 = LATEST;
            }
            return client.accessSecretVersion(SecretVersionName.of(str, str2, str3)).getPayload();
        } catch (IOException | ApiException e) {
            throw new SecretException(String.format("Failed to parse secret when using Google Secrets Manager to fetch: [projectNumber: %s, secretId: %s]", str, str2), e);
        }
    }

    public void clearCache() {
        this.cache.clear();
    }

    private byte[] getSecretPayloadString(String str, String str2, String str3, String str4) {
        if (!this.cache.containsKey(str2)) {
            try {
                this.cache.put(str2, (Map) objectMapper.readValue(getSecretPayload(str, str2, str3).getData().toStringUtf8(), Map.class));
            } catch (JsonProcessingException | IllegalArgumentException e) {
                throw new SecretException(String.format("Failed to parse secret when using Google Secrets Manager to fetch: [projectNumber: %s, secretId: %s, secretKey: %s]", str, str2, str4), e);
            }
        }
        return ((String) Optional.ofNullable(this.cache.get(str2).get(str4)).orElseThrow(() -> {
            return new SecretException(String.format("Specified key not found in Google Secrets Manager: [projectNumber: %s, secretId: %s, secretKey: %s]", str, str2, str4));
        })).getBytes();
    }

    private byte[] getSecretPayloadString(String str, String str2, String str3) {
        return getSecretPayload(str, str2, str3).getData().toStringUtf8().getBytes();
    }
}
