package nva.commons.secrets;

import com.fasterxml.jackson.databind.JsonNode;
import no.unit.nva.commons.json.JsonUtils;
import nva.commons.core.Environment;
import nva.commons.core.JacocoGenerated;
import nva.commons.core.attempt.Failure;
import nva.commons.core.attempt.Try;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;

/* loaded from: input_file:nva/commons/secrets/SecretsReader.class */
public class SecretsReader {
    public static final String COULD_NOT_READ_SECRET_ERROR = "Could not read secret: ";
    private static final Logger logger = LoggerFactory.getLogger(SecretsReader.class);
    private static final String AWS_REGION = (String) new Environment().readEnvOpt("AWS_REGION").orElse(Region.EU_WEST_1.id());
    private final SecretsManagerClient awsSecretsManager;

    @JacocoGenerated
    public SecretsReader() {
        this(defaultSecretsManagerClient());
    }

    public SecretsReader(SecretsManagerClient secretsManagerClient) {
        this.awsSecretsManager = secretsManagerClient;
    }

    public String fetchSecret(String str, String str2) {
        return (String) Try.attempt(() -> {
            return fetchSecretFromAws(str);
        }).map(getSecretValueResponse -> {
            return extractApiKey(getSecretValueResponse, str2, str);
        }).orElseThrow(this::logErrorAndThrowException);
    }

    public String errorReadingSecretMessage(String str) {
        return "Could not read secret: " + str;
    }

    @JacocoGenerated
    public static SecretsManagerClient defaultSecretsManagerClient() {
        return (SecretsManagerClient) SecretsManagerClient.builder().region(Region.of(AWS_REGION)).credentialsProvider(DefaultCredentialsProvider.create()).httpClient(UrlConnectionHttpClient.create()).build();
    }

    private GetSecretValueResponse fetchSecretFromAws(String str) {
        return this.awsSecretsManager.getSecretValue((GetSecretValueRequest) GetSecretValueRequest.builder().secretId(str).build());
    }

    private String extractApiKey(GetSecretValueResponse getSecretValueResponse, String str, String str2) {
        return (String) Try.of(getSecretValueResponse).map((v0) -> {
            return v0.secretString();
        }).flatMap(this::readStringAsJsonObject).map(jsonNode -> {
            return jsonNode.get(str);
        }).map((v0) -> {
            return v0.textValue();
        }).orElseThrow(failure -> {
            return errorReadingSecret(failure, str2);
        });
    }

    private ErrorReadingSecretException errorReadingSecret(Failure<String> failure, String str) {
        logger.error(errorReadingSecretMessage(str), failure.getException());
        return new ErrorReadingSecretException();
    }

    private Try<JsonNode> readStringAsJsonObject(String str) {
        return Try.attempt(() -> {
            return JsonUtils.dtoObjectMapper.readTree(str);
        });
    }

    private <I> ErrorReadingSecretException logErrorAndThrowException(Failure<I> failure) {
        logger.error(failure.getException().getMessage(), failure.getException());
        return new ErrorReadingSecretException();
    }
}
