package com.github.secondbase.secrets.s3;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.github.secondbase.secrets.SecretHandler;
import com.github.secondbase.secrets.SecretHandlerException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/secondbase/secrets/s3/S3SecretHandler.class */
public final class S3SecretHandler implements SecretHandler {
    private static final Logger LOG = LoggerFactory.getLogger(S3SecretHandler.class);
    private static AWSCredentialsProvider awsCredentialsProvider;
    private final Pattern p = Pattern.compile(".*(secret:s3:(.+):(.+)).*");
    private AmazonS3 s3Client;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/github/secondbase/secrets/s3/S3SecretHandler$SecretPath.class */
    public class SecretPath {
        String bucket;
        String key;
        String replaceString;

        SecretPath(String str, String str2, String str3) {
            this.bucket = str;
            this.key = str2;
            this.replaceString = str3;
        }
    }

    public String[] fetch(String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            Optional<SecretPath> s3Path = getS3Path(strArr[i]);
            if (s3Path.isPresent()) {
                LOG.info("Secret recognised: " + strArr[i]);
                try {
                    strArr2[i] = strArr[i].replaceAll(s3Path.get().replaceString, getS3Value(s3Path.get()));
                } catch (IOException e) {
                    throw new SecretHandlerException("Could not fetch secret from: " + strArr[i], e);
                }
            } else {
                strArr2[i] = strArr[i];
            }
        }
        return strArr2;
    }

    public static void setS3CredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider) {
        awsCredentialsProvider = aWSCredentialsProvider;
    }

    private String getS3Value(SecretPath secretPath) throws IOException, AmazonS3Exception {
        LOG.info("Fetching secret from s3://" + secretPath.bucket + "/" + secretPath.key);
        if (this.s3Client == null) {
            if (awsCredentialsProvider != null) {
                this.s3Client = (AmazonS3) AmazonS3ClientBuilder.standard().withCredentials(awsCredentialsProvider).build();
            } else {
                this.s3Client = (AmazonS3) AmazonS3ClientBuilder.standard().build();
            }
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.s3Client.getObject(new GetObjectRequest(secretPath.bucket, secretPath.key)).getObjectContent()));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                LOG.info("Found secret");
                bufferedReader.close();
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    protected Optional<SecretPath> getS3Path(String str) {
        if (str == null || str.isEmpty()) {
            return Optional.empty();
        }
        Matcher matcher = this.p.matcher(str);
        return !matcher.matches() ? Optional.empty() : Optional.of(new SecretPath(matcher.group(2), matcher.group(3), matcher.group(1)));
    }
}
