package org.github.gestalt.config.aws.transformer;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.lang.System;
import org.github.gestalt.config.aws.config.AWSModuleConfig;
import org.github.gestalt.config.aws.errors.AWSValidationErrors;
import org.github.gestalt.config.entity.ValidationError;
import org.github.gestalt.config.processor.config.ConfigNodeProcessorConfig;
import org.github.gestalt.config.processor.config.transform.Transformer;
import org.github.gestalt.config.utils.GResultOf;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;

/* loaded from: input_file:org/github/gestalt/config/aws/transformer/AWSSecretTransformer.class */
public final class AWSSecretTransformer implements Transformer {
    private static final System.Logger logger = System.getLogger(AWSSecretTransformer.class.getName());
    private final ObjectMapper mapper = new ObjectMapper();
    private SecretsManagerClient secretsClient;

    public String name() {
        return "awsSecret";
    }

    public void applyConfig(ConfigNodeProcessorConfig configNodeProcessorConfig) {
        AWSModuleConfig aWSModuleConfig = (AWSModuleConfig) configNodeProcessorConfig.getConfig().getModuleConfig(AWSModuleConfig.class);
        if (aWSModuleConfig == null) {
            logger.log(System.Logger.Level.WARNING, "AWSModuleConfig has not been registered. if you wish to use the aws module with string substitution ${awsSecret:key} then you must register an AWSModuleConfig config moduleConfig using the builder");
            return;
        }
        if (aWSModuleConfig.hasSecretsClient()) {
            this.secretsClient = aWSModuleConfig.getSecretsClient();
        } else if (aWSModuleConfig.getRegion() != null) {
            this.secretsClient = (SecretsManagerClient) SecretsManagerClient.builder().region(Region.of(aWSModuleConfig.getRegion())).credentialsProvider(ProfileCredentialsProvider.create()).httpClient(UrlConnectionHttpClient.builder().build()).build();
        } else {
            logger.log(System.Logger.Level.ERROR, "AWSModuleConfig was registered but neither the secret client nor the region was provided");
        }
    }

    public GResultOf<String> process(String str, String str2, String str3) {
        if (str2 == null) {
            return GResultOf.errors(new ValidationError.InvalidStringSubstitutionPostProcess(str, str3, name()));
        }
        try {
            String[] split = str2.split(":");
            if (split.length != 2) {
                return GResultOf.errors(new AWSValidationErrors.AWSSecretInvalid(str, str3, split));
            }
            String str4 = split[0];
            String str5 = split[1];
            if (this.secretsClient == null) {
                return GResultOf.errors(new AWSValidationErrors.AWSModuleConfigNotSet(str, str3));
            }
            JsonNode readTree = this.mapper.readTree(this.secretsClient.getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str4).build()).secretString());
            return !readTree.has(str5) ? GResultOf.errors(new AWSValidationErrors.AWSSecretDoesNotExist(str, str4, str5, str3)) : GResultOf.result(readTree.get(str5).asText());
        } catch (Exception e) {
            return GResultOf.errors(new AWSValidationErrors.ExceptionProcessingAWSSecret(str, str3, name(), e));
        }
    }
}
