package software.amazon.jdbc.plugin;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import software.amazon.awssdk.utils.Pair;
import software.amazon.jdbc.AwsWrapperProperty;
import software.amazon.jdbc.HostSpec;
import software.amazon.jdbc.JdbcCallable;
import software.amazon.jdbc.PluginService;
import software.amazon.jdbc.PropertyDefinition;
import software.amazon.jdbc.authentication.AwsCredentialsManager;
import software.amazon.jdbc.util.Messages;
import software.amazon.jdbc.util.StringUtils;

/* loaded from: input_file:software/amazon/jdbc/plugin/AwsSecretsManagerConnectionPlugin.class */
public class AwsSecretsManagerConnectionPlugin extends AbstractConnectionPlugin {
    private static final Logger LOGGER = Logger.getLogger(AwsSecretsManagerConnectionPlugin.class.getName());
    private static final Set<String> subscribedMethods = Collections.unmodifiableSet(new HashSet<String>() { // from class: software.amazon.jdbc.plugin.AwsSecretsManagerConnectionPlugin.1
        {
            add("connect");
            add("forceConnect");
        }
    });
    protected static final AwsWrapperProperty SECRET_ID_PROPERTY = new AwsWrapperProperty("secretsManagerSecretId", null, "The name or the ARN of the secret to retrieve.");
    protected static final AwsWrapperProperty REGION_PROPERTY = new AwsWrapperProperty("secretsManagerRegion", "us-east-1", "The region of the secret to retrieve.");
    protected static final Map<Pair<String, Region>, Secret> secretsCache = new ConcurrentHashMap();
    private static final Pattern SECRETS_ARN_PATTERN = Pattern.compile("^arn:aws:secretsmanager:(?<region>[^:\\n]*):[^:\\n]*:([^:/\\n]*[:/])?(.*)$");
    final Pair<String, Region> secretKey;
    private final BiFunction<HostSpec, Region, SecretsManagerClient> secretsManagerClientFunc;
    private final Function<String, GetSecretValueRequest> getSecretValueRequestFunc;
    private Secret secret;
    protected PluginService pluginService;

    /* JADX INFO: Access modifiers changed from: package-private */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:software/amazon/jdbc/plugin/AwsSecretsManagerConnectionPlugin$Secret.class */
    public static class Secret {

        @JsonProperty("username")
        private String username;

        @JsonProperty("password")
        private String password;

        Secret() {
        }

        Secret(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        String getUsername() {
            return this.username;
        }

        String getPassword() {
            return this.password;
        }
    }

    public AwsSecretsManagerConnectionPlugin(PluginService pluginService, Properties properties) {
        this(pluginService, properties, (hostSpec, region) -> {
            return (SecretsManagerClient) SecretsManagerClient.builder().credentialsProvider(AwsCredentialsManager.getProvider(hostSpec, properties)).region(region).build();
        }, str -> {
            return (GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str).build();
        });
    }

    AwsSecretsManagerConnectionPlugin(PluginService pluginService, Properties properties, BiFunction<HostSpec, Region, SecretsManagerClient> biFunction, Function<String, GetSecretValueRequest> function) {
        String string;
        this.pluginService = pluginService;
        try {
            Class.forName("software.amazon.awssdk.services.secretsmanager.SecretsManagerClient");
            try {
                Class.forName("com.fasterxml.jackson.databind.ObjectMapper");
                String string2 = SECRET_ID_PROPERTY.getString(properties);
                if (StringUtils.isNullOrEmpty(string2)) {
                    throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.missingRequiredConfigParameter", new Object[]{SECRET_ID_PROPERTY.name}));
                }
                if (StringUtils.isNullOrEmpty(properties.getProperty(REGION_PROPERTY.name))) {
                    Matcher matcher = SECRETS_ARN_PATTERN.matcher(string2);
                    if (!matcher.matches()) {
                        throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.missingRequiredConfigParameter", new Object[]{REGION_PROPERTY.name}));
                    }
                    string = matcher.group("region");
                } else {
                    string = REGION_PROPERTY.getString(properties);
                }
                Region of = Region.of(string);
                if (!Region.regions().contains(of)) {
                    throw new RuntimeException(Messages.get("AwsSdk.unsupportedRegion", new Object[]{string}));
                }
                this.secretKey = Pair.of(string2, of);
                this.secretsManagerClientFunc = biFunction;
                this.getSecretValueRequestFunc = function;
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.jacksonDatabindNotInClasspath"));
            }
        } catch (ClassNotFoundException e2) {
            throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.javaSdkNotInClasspath"));
        }
    }

    @Override // software.amazon.jdbc.plugin.AbstractConnectionPlugin, software.amazon.jdbc.ConnectionPlugin
    public Set<String> getSubscribedMethods() {
        return subscribedMethods;
    }

    @Override // software.amazon.jdbc.plugin.AbstractConnectionPlugin, software.amazon.jdbc.ConnectionPlugin
    public Connection connect(String str, HostSpec hostSpec, Properties properties, boolean z, JdbcCallable<Connection, SQLException> jdbcCallable) throws SQLException {
        return connectInternal(hostSpec, properties, jdbcCallable);
    }

    private Connection connectInternal(HostSpec hostSpec, Properties properties, JdbcCallable<Connection, SQLException> jdbcCallable) throws SQLException {
        boolean updateSecret = updateSecret(hostSpec, false);
        try {
            applySecretToProperties(properties);
            return jdbcCallable.call();
        } catch (SQLException e) {
            if (!this.pluginService.isLoginException(e) || updateSecret || !updateSecret(hostSpec, true)) {
                throw e;
            }
            applySecretToProperties(properties);
            return jdbcCallable.call();
        } catch (Exception e2) {
            LOGGER.warning(() -> {
                return Messages.get("AwsSecretsManagerConnectionPlugin.unhandledException", new Object[]{e2});
            });
            throw new SQLException(e2);
        }
    }

    @Override // software.amazon.jdbc.plugin.AbstractConnectionPlugin, software.amazon.jdbc.ConnectionPlugin
    public Connection forceConnect(String str, HostSpec hostSpec, Properties properties, boolean z, JdbcCallable<Connection, SQLException> jdbcCallable) throws SQLException {
        return connectInternal(hostSpec, properties, jdbcCallable);
    }

    private boolean updateSecret(HostSpec hostSpec, boolean z) throws SQLException {
        boolean z2 = false;
        this.secret = secretsCache.get(this.secretKey);
        if (this.secret == null || z) {
            try {
                this.secret = fetchLatestCredentials(hostSpec);
                if (this.secret != null) {
                    z2 = true;
                    secretsCache.put(this.secretKey, this.secret);
                }
            } catch (SecretsManagerException | JsonProcessingException e) {
                LOGGER.log(Level.WARNING, e, () -> {
                    return Messages.get("AwsSecretsManagerConnectionPlugin.failedToFetchDbCredentials");
                });
                throw new SQLException(Messages.get("AwsSecretsManagerConnectionPlugin.failedToFetchDbCredentials"), e);
            }
        }
        return z2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    Secret fetchLatestCredentials(HostSpec hostSpec) throws SecretsManagerException, JsonProcessingException {
        SecretsManagerClient secretsManagerClient = (SecretsManagerClient) this.secretsManagerClientFunc.apply(hostSpec, this.secretKey.right());
        try {
            GetSecretValueResponse secretValue = secretsManagerClient.getSecretValue((GetSecretValueRequest) this.getSecretValueRequestFunc.apply(this.secretKey.left()));
            secretsManagerClient.close();
            return (Secret) new ObjectMapper().readValue(secretValue.secretString(), Secret.class);
        } catch (Throwable th) {
            secretsManagerClient.close();
            throw th;
        }
    }

    private void applySecretToProperties(Properties properties) {
        if (this.secret != null) {
            PropertyDefinition.USER.set(properties, this.secret.getUsername());
            PropertyDefinition.PASSWORD.set(properties, this.secret.getPassword());
        }
    }
}
