package ai.tock.genai.orchestratorcore.utils;

import ai.tock.aws.model.AIProviderSecret;
import ai.tock.aws.secretmanager.provider.AWSSecretsManagerService;
import ai.tock.genai.orchestratorcore.models.Constants;
import ai.tock.genai.orchestratorcore.models.security.AwsSecretKey;
import ai.tock.genai.orchestratorcore.models.security.RawSecretKey;
import ai.tock.genai.orchestratorcore.models.security.SecretKey;
import ai.tock.shared.IOCsKt;
import com.github.salomonbrys.kodein.TypeReference;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: SecurityUtils.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\n\bÆ\u0002\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u000e\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bJ\u0016\u0010\f\u001a\u00020\u000b2\u0006\u0010\r\u001a\u00020\t2\u0006\u0010\u000e\u001a\u00020\tJ\u001e\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\t2\u0006\u0010\u0011\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\tJ\u0010\u0010\u0013\u001a\u00020\t2\u0006\u0010\u0014\u001a\u00020\tH\u0002R\u0014\u0010\u0004\u001a\u00020\u00058BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u0015"}, d2 = {"Lai/tock/genai/orchestratorcore/utils/SecurityUtils;", "", "<init>", "()V", "awsSecretsManagerClient", "Lai/tock/aws/secretmanager/provider/AWSSecretsManagerService;", "getAwsSecretsManagerClient", "()Lai/tock/aws/secretmanager/provider/AWSSecretsManagerService;", "fetchSecretKeyValue", "", "secret", "Lai/tock/genai/orchestratorcore/models/security/SecretKey;", "getSecretKey", "secretValue", "secretName", "generateAwsSecretName", "namespace", "botId", "feature", "normalizeAwsSecretName", "input", "tock-gen-ai-orchestrator-core"})
@SourceDebugExtension({"SMAP\nSecurityUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SecurityUtils.kt\nai/tock/genai/orchestratorcore/utils/SecurityUtils\n+ 2 IOCs.kt\nai/tock/shared/IOCsKt\n+ 3 GInjected.kt\ncom/github/salomonbrys/kodein/GInjectedKt\n+ 4 types.kt\ncom/github/salomonbrys/kodein/TypesKt\n+ 5 _Strings.kt\nkotlin/text/StringsKt___StringsKt\n*L\n1#1,115:1\n53#2,2:116\n51#3:118\n277#4:119\n434#5:120\n507#5,5:121\n*S KotlinDebug\n*F\n+ 1 SecurityUtils.kt\nai/tock/genai/orchestratorcore/utils/SecurityUtils\n*L\n40#1:116,2\n40#1:118\n40#1:119\n94#1:120\n94#1:121,5\n*E\n"})
/* loaded from: input_file:ai/tock/genai/orchestratorcore/utils/SecurityUtils.class */
public final class SecurityUtils {

    @NotNull
    public static final SecurityUtils INSTANCE = new SecurityUtils();

    private SecurityUtils() {
    }

    private final AWSSecretsManagerService getAwsSecretsManagerClient() {
        return (AWSSecretsManagerService) ((Function0) IOCsKt.getInjector().getInjector().getInjector().Provider(new TypeReference<AWSSecretsManagerService>() { // from class: ai.tock.genai.orchestratorcore.utils.SecurityUtils$special$$inlined$provide$default$1
        }, (Object) null).getValue()).invoke();
    }

    @NotNull
    public final String fetchSecretKeyValue(@NotNull SecretKey secretKey) {
        Intrinsics.checkNotNullParameter(secretKey, "secret");
        if (secretKey instanceof RawSecretKey) {
            return ((RawSecretKey) secretKey).getValue();
        }
        if (secretKey instanceof AwsSecretKey) {
            return getAwsSecretsManagerClient().getAIProviderSecret(((AwsSecretKey) secretKey).getSecretName()).getSecret();
        }
        throw new IllegalArgumentException("Unsupported secret key type");
    }

    @NotNull
    public final SecretKey getSecretKey(@NotNull String str, @NotNull String str2) {
        Intrinsics.checkNotNullParameter(str, "secretValue");
        Intrinsics.checkNotNullParameter(str2, "secretName");
        String secretStorageType = SecurityUtilsKt.getSecretStorageType();
        if (Intrinsics.areEqual(secretStorageType, Constants.SECRET_KEY_RAW)) {
            return new RawSecretKey(str);
        }
        if (!Intrinsics.areEqual(secretStorageType, Constants.SECRET_KEY_AWS)) {
            throw new IllegalArgumentException("Unsupported secret key type");
        }
        getAwsSecretsManagerClient().createOrUpdateAIProviderSecret(str2, new AIProviderSecret(str));
        return new AwsSecretKey(str2);
    }

    @NotNull
    public final String generateAwsSecretName(@NotNull String str, @NotNull String str2, @NotNull String str3) {
        Intrinsics.checkNotNullParameter(str, "namespace");
        Intrinsics.checkNotNullParameter(str2, "botId");
        Intrinsics.checkNotNullParameter(str3, "feature");
        return normalizeAwsSecretName(SecurityUtilsKt.getSecretStoragePrefix() + "/" + str + "/" + str2 + "/" + str3);
    }

    private final String normalizeAwsSecretName(String str) {
        String replace$default = StringsKt.replace$default(StringsKt.replace$default(str, '_', '-', false, 4, (Object) null), ' ', '-', false, 4, (Object) null);
        StringBuilder sb = new StringBuilder();
        int length = replace$default.length();
        for (int i = 0; i < length; i++) {
            char charAt = replace$default.charAt(i);
            if (StringsKt.contains$default("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/_+=.@-", charAt, false, 2, (Object) null)) {
                sb.append(charAt);
            }
        }
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "toString(...)");
        String str2 = sb2;
        if (str2.length() > 512) {
            String substring = str2.substring(0, 512);
            Intrinsics.checkNotNullExpressionValue(substring, "substring(...)");
            str2 = substring;
        }
        Regex regex = new Regex("-.{6}$");
        if (str2.length() > 7 && regex.containsMatchIn(str2)) {
            String substring2 = str2.substring(0, str2.length() - 7);
            Intrinsics.checkNotNullExpressionValue(substring2, "substring(...)");
            str2 = substring2;
        }
        if (str2.length() == 0) {
            throw new IllegalArgumentException("Normalized AWS secret name must be at least one character long.");
        }
        return str2;
    }
}
