package solutions.a2.kafka.config.aws;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.ConfigData;
import org.apache.kafka.common.config.provider.ConfigProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.core.exception.SdkException;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.DecryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import software.amazon.awssdk.services.sts.model.GetCallerIdentityResponse;

/* loaded from: input_file:solutions/a2/kafka/config/aws/AwsSecretsManagerProvider.class */
public class AwsSecretsManagerProvider implements ConfigProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(AwsSecretsManagerProvider.class);
    private SecretsManagerClient smClient;
    private long secretTtlMs;

    public ConfigData get(String str) {
        return get(str, Collections.emptySet());
    }

    public ConfigData get(String str, Set<String> set) {
        LOGGER.debug("path = {}, count of keys = {}", str, Integer.valueOf(set.size()));
        try {
            Map<String, String> parseResponse = parseResponse(this.smClient.getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str).build()));
            if (set == null || set.size() == 0) {
                return new ConfigData(parseResponse, Long.valueOf(this.secretTtlMs));
            }
            HashMap hashMap = new HashMap();
            for (String str2 : set) {
                String str3 = parseResponse.get(str2);
                if (str3 == null) {
                    String format = String.format("Key entry '%s' is not found at path '%s'", str2, str);
                    LOGGER.error(format);
                    throw ((ResourceNotFoundException) ResourceNotFoundException.builder().message(format).build());
                }
                hashMap.put(str2, str3);
            }
            return new ConfigData(hashMap, Long.valueOf(this.secretTtlMs));
        } catch (SdkClientException e) {
            LOGGER.error("Client exception while querying for secret '{}'!", str);
            throw new KafkaException(e);
        } catch (AwsServiceException e2) {
            LOGGER.error("Service exception while querying for secret '{}'!", str);
            throw new KafkaException(e2);
        } catch (DecryptionFailureException e3) {
            LOGGER.error("Unable to decrypt secret '{}'!\nPlease check KMS permissions", str);
            throw new KafkaException(e3);
        } catch (ResourceNotFoundException e4) {
            LOGGER.error("Secret '{}' not found!", str);
            throw new KafkaException(e4);
        }
    }

    public void configure(Map<String, ?> map) {
        try {
            AwsSecretsManagerProviderConfig awsSecretsManagerProviderConfig = new AwsSecretsManagerProviderConfig(map);
            this.smClient = awsSecretsManagerProviderConfig.getSecretsManagerClient();
            this.secretTtlMs = awsSecretsManagerProviderConfig.getSecretTtlMs();
            GetCallerIdentityResponse callerIdentity = awsSecretsManagerProviderConfig.getStsClient().getCallerIdentity();
            LOGGER.info("AwsSecretsManagerProvider connected as {} to account {}", callerIdentity.arn(), callerIdentity.account());
        } catch (SdkException e) {
            LOGGER.error("Unable to get information about caller identity - {}", e.getMessage());
            StringWriter stringWriter = new StringWriter();
            e.printStackTrace(new PrintWriter(stringWriter));
            LOGGER.error(stringWriter.toString());
        } catch (KafkaException e2) {
            LOGGER.error("Exception while configuring '{}'", AwsSecretsManagerProvider.class.getCanonicalName());
            StringWriter stringWriter2 = new StringWriter();
            e2.printStackTrace(new PrintWriter(stringWriter2));
            LOGGER.error(stringWriter2.toString());
            throw e2;
        }
    }

    public void close() throws IOException {
        if (this.smClient != null) {
            this.smClient.close();
        }
    }

    private static Map<String, String> parseResponse(GetSecretValueResponse getSecretValueResponse) {
        LOGGER.debug("Processing secret with ARN '{}' named '{}'", getSecretValueResponse.arn(), getSecretValueResponse.name());
        return parseResponse(getSecretValueResponse.secretString());
    }

    public static Map<String, String> parseResponse(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : StringUtils.split(StringUtils.substringBefore(StringUtils.substringAfter(str, "{"), "}"), ",")) {
            LOGGER.debug("Processing credentials pair {}", str2);
            hashMap.put(StringUtils.substringAfter(StringUtils.substringBefore(str2, "\":"), "\""), StringUtils.substringBefore(StringUtils.substringAfter(str2, ":\""), "\""));
        }
        return hashMap;
    }
}
