package software.amazon.jdbc.plugin;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import software.amazon.awssdk.utils.Pair;
import software.amazon.jdbc.AwsWrapperProperty;
import software.amazon.jdbc.HostSpec;
import software.amazon.jdbc.JdbcCallable;
import software.amazon.jdbc.PropertyDefinition;
import software.amazon.jdbc.util.Messages;
import software.amazon.jdbc.util.StringUtils;

/* loaded from: input_file:software/amazon/jdbc/plugin/AwsSecretsManagerConnectionPlugin.class */
public class AwsSecretsManagerConnectionPlugin extends AbstractConnectionPlugin {
    private static final Logger LOGGER = Logger.getLogger(AwsSecretsManagerConnectionPlugin.class.getName());
    protected static final AwsWrapperProperty SECRET_ID_PROPERTY = new AwsWrapperProperty("secretsManagerSecretId", null, "The name or the ARN of the secret to retrieve.");
    protected static final AwsWrapperProperty REGION_PROPERTY = new AwsWrapperProperty("secretsManagerRegion", "us-east-1", "The region of the secret to retrieve.");
    static final List<String> SQLSTATE_ACCESS_ERROR = Arrays.asList("28000", "28P01");
    protected static final Map<Pair<String, Region>, Secret> SECRET_CACHE = new ConcurrentHashMap();
    private final SecretsManagerClient secretsManagerClient;
    private final GetSecretValueRequest getSecretValueRequest;
    private final Pair<String, Region> secretKey;
    private Secret secret;

    /* JADX INFO: Access modifiers changed from: package-private */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:software/amazon/jdbc/plugin/AwsSecretsManagerConnectionPlugin$Secret.class */
    public static class Secret {

        @JsonProperty("username")
        private String username;

        @JsonProperty("password")
        private String password;

        Secret() {
        }

        Secret(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        String getUsername() {
            return this.username;
        }

        String getPassword() {
            return this.password;
        }
    }

    public AwsSecretsManagerConnectionPlugin(Properties properties) {
        this(properties, null, null);
    }

    AwsSecretsManagerConnectionPlugin(Properties properties, SecretsManagerClient secretsManagerClient, GetSecretValueRequest getSecretValueRequest) {
        try {
            Class.forName("software.amazon.awssdk.services.secretsmanager.SecretsManagerClient");
            try {
                Class.forName("com.fasterxml.jackson.databind.ObjectMapper");
                String string = SECRET_ID_PROPERTY.getString(properties);
                if (StringUtils.isNullOrEmpty(string)) {
                    throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.missingRequiredConfigParameter", new Object[]{SECRET_ID_PROPERTY.name}));
                }
                String string2 = REGION_PROPERTY.getString(properties);
                if (StringUtils.isNullOrEmpty(string2)) {
                    throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.missingRequiredConfigParameter", new Object[]{REGION_PROPERTY.name}));
                }
                Region of = Region.of(string2);
                if (!Region.regions().contains(of)) {
                    throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.unsupportedRegion", new Object[]{string2}));
                }
                this.secretKey = Pair.of(string, of);
                if (secretsManagerClient == null || getSecretValueRequest == null) {
                    this.secretsManagerClient = (SecretsManagerClient) SecretsManagerClient.builder().region(of).build();
                    this.getSecretValueRequest = (GetSecretValueRequest) GetSecretValueRequest.builder().secretId(string).build();
                } else {
                    this.secretsManagerClient = secretsManagerClient;
                    this.getSecretValueRequest = getSecretValueRequest;
                }
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.jacksonDatabindNotInClasspath"));
            }
        } catch (ClassNotFoundException e2) {
            throw new RuntimeException(Messages.get("AwsSecretsManagerConnectionPlugin.javaSdkNotInClasspath"));
        }
    }

    @Override // software.amazon.jdbc.plugin.AbstractConnectionPlugin, software.amazon.jdbc.ConnectionPlugin
    public Set<String> getSubscribedMethods() {
        return new HashSet(Collections.singletonList("connect"));
    }

    @Override // software.amazon.jdbc.plugin.AbstractConnectionPlugin, software.amazon.jdbc.ConnectionPlugin
    public Connection connect(String str, HostSpec hostSpec, Properties properties, boolean z, JdbcCallable<Connection, SQLException> jdbcCallable) throws SQLException {
        boolean updateSecret = updateSecret(false);
        try {
            applySecretToProperties(properties);
            return jdbcCallable.call();
        } catch (SQLException e) {
            if (!isLoginUnsuccessful(e) || updateSecret || !updateSecret(true)) {
                throw e;
            }
            applySecretToProperties(properties);
            return jdbcCallable.call();
        } catch (Exception e2) {
            LOGGER.warning(() -> {
                return Messages.get("AwsSecretsManagerConnectionPlugin.unhandledException", new Object[]{e2});
            });
            throw new SQLException(e2);
        }
    }

    private boolean updateSecret(boolean z) throws SQLException {
        boolean z2 = false;
        this.secret = SECRET_CACHE.get(this.secretKey);
        if (this.secret == null || z) {
            try {
                this.secret = fetchLatestCredentials();
                if (this.secret != null) {
                    z2 = true;
                    SECRET_CACHE.put(this.secretKey, this.secret);
                }
            } catch (SecretsManagerException | JsonProcessingException e) {
                LOGGER.log(Level.WARNING, e, () -> {
                    return Messages.get("AwsSecretsManagerConnectionPlugin.failedToFetchDbCredentials");
                });
                throw new SQLException(Messages.get("AwsSecretsManagerConnectionPlugin.failedToFetchDbCredentials"), e);
            }
        }
        return z2;
    }

    Secret fetchLatestCredentials() throws SecretsManagerException, JsonProcessingException {
        return (Secret) new ObjectMapper().readValue(this.secretsManagerClient.getSecretValue(this.getSecretValueRequest).secretString(), Secret.class);
    }

    private void applySecretToProperties(Properties properties) {
        if (this.secret != null) {
            PropertyDefinition.USER.set(properties, this.secret.getUsername());
            PropertyDefinition.PASSWORD.set(properties, this.secret.getPassword());
        }
    }

    private boolean isLoginUnsuccessful(SQLException sQLException) {
        LOGGER.log(Level.WARNING, sQLException, () -> {
            return Messages.get("AwsSecretsManagerConnectionPlugin.failedLogin", new Object[]{sQLException.getSQLState()});
        });
        return SQLSTATE_ACCESS_ERROR.contains(sQLException.getSQLState());
    }
}
