package com.sksamuel.hoplite.aws;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.DecryptionFailureException;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
import com.amazonaws.services.secretsmanager.model.InvalidParameterException;
import com.amazonaws.services.secretsmanager.model.LimitExceededException;
import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import com.sksamuel.hoplite.ConfigFailure;
import com.sksamuel.hoplite.DecoderContext;
import com.sksamuel.hoplite.Node;
import com.sksamuel.hoplite.NodesKt;
import com.sksamuel.hoplite.Pos;
import com.sksamuel.hoplite.PrimitiveNode;
import com.sksamuel.hoplite.StringNode;
import com.sksamuel.hoplite.decoder.DotPath;
import com.sksamuel.hoplite.fp.Validated;
import com.sksamuel.hoplite.fp.ValidatedKt;
import com.sksamuel.hoplite.preprocessor.TraversingPrimitivePreprocessor;
import java.util.Map;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KTypeProjection;
import kotlin.text.MatchResult;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import kotlinx.serialization.DeserializationStrategy;
import kotlinx.serialization.SerializersKt;
import kotlinx.serialization.StringFormat;
import kotlinx.serialization.json.Json;
import org.jetbrains.annotations.NotNull;

/* compiled from: AwsSecretsManagerPreprocessor.kt */
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\u0018��2\u00020\u0001B\u001f\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\u000e\b\u0002\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005¢\u0006\u0002\u0010\u0007J@\u0010\u0012\u001a\u0018\u0012\u0004\u0012\u00020\u0014\u0012\u0004\u0012\u00020\u00150\u0013j\b\u0012\u0004\u0012\u00020\u0015`\u00162\u0006\u0010\u0017\u001a\u00020\u00182\b\u0010\u0019\u001a\u0004\u0018\u00010\u00182\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001dH\u0002J.\u0010\u001e\u001a\u0018\u0012\u0004\u0012\u00020\u0014\u0012\u0004\u0012\u00020\u00150\u0013j\b\u0012\u0004\u0012\u00020\u0015`\u00162\u0006\u0010\u001a\u001a\u00020\u001f2\u0006\u0010\u001c\u001a\u00020\u001dH\u0016R\u001b\u0010\b\u001a\u00020\u00068BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u000b\u0010\f\u001a\u0004\b\t\u0010\nR\u0014\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0010\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0011\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006 "}, d2 = {"Lcom/sksamuel/hoplite/aws/AwsSecretsManagerPreprocessor;", "Lcom/sksamuel/hoplite/preprocessor/TraversingPrimitivePreprocessor;", "report", "", "createClient", "Lkotlin/Function0;", "Lcom/amazonaws/services/secretsmanager/AWSSecretsManager;", "(ZLkotlin/jvm/functions/Function0;)V", "client", "getClient", "()Lcom/amazonaws/services/secretsmanager/AWSSecretsManager;", "client$delegate", "Lkotlin/Lazy;", "keyRegex", "Lkotlin/text/Regex;", "regex1", "regex2", "regex3", "fetchSecret", "Lcom/sksamuel/hoplite/fp/Validated;", "Lcom/sksamuel/hoplite/ConfigFailure;", "Lcom/sksamuel/hoplite/Node;", "Lcom/sksamuel/hoplite/ConfigResult;", "key", "", "index", "node", "Lcom/sksamuel/hoplite/StringNode;", "context", "Lcom/sksamuel/hoplite/DecoderContext;", "handle", "Lcom/sksamuel/hoplite/PrimitiveNode;", "hoplite-aws"})
/* loaded from: input_file:com/sksamuel/hoplite/aws/AwsSecretsManagerPreprocessor.class */
public final class AwsSecretsManagerPreprocessor extends TraversingPrimitivePreprocessor {
    private final boolean report;

    @NotNull
    private final Function0<AWSSecretsManager> createClient;

    @NotNull
    private final Lazy client$delegate;

    @NotNull
    private final Regex regex1;

    @NotNull
    private final Regex regex2;

    @NotNull
    private final Regex regex3;

    @NotNull
    private final Regex keyRegex;

    public AwsSecretsManagerPreprocessor(boolean z, @NotNull Function0<? extends AWSSecretsManager> function0) {
        Intrinsics.checkNotNullParameter(function0, "createClient");
        this.report = z;
        this.createClient = function0;
        this.client$delegate = LazyKt.lazy(new Function0<AWSSecretsManager>() { // from class: com.sksamuel.hoplite.aws.AwsSecretsManagerPreprocessor$client$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final AWSSecretsManager m9invoke() {
                Function0 function02;
                function02 = AwsSecretsManagerPreprocessor.this.createClient;
                return (AWSSecretsManager) function02.invoke();
            }
        });
        this.regex1 = new Regex("\\$\\{awssecret:(.+?)}");
        this.regex2 = new Regex("secretsmanager://(.+?)");
        this.regex3 = new Regex("awssm://(.+?)");
        this.keyRegex = new Regex("(.+)\\[(.+)]");
    }

    public /* synthetic */ AwsSecretsManagerPreprocessor(boolean z, Function0 function0, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? false : z, (i & 2) != 0 ? new Function0<AWSSecretsManager>() { // from class: com.sksamuel.hoplite.aws.AwsSecretsManagerPreprocessor.1
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final AWSSecretsManager m8invoke() {
                Object build = AWSSecretsManagerClientBuilder.standard().build();
                Intrinsics.checkNotNullExpressionValue(build, "standard().build()");
                return (AWSSecretsManager) build;
            }
        } : function0);
    }

    private final AWSSecretsManager getClient() {
        return (AWSSecretsManager) this.client$delegate.getValue();
    }

    @NotNull
    public Validated<ConfigFailure, Node> handle(@NotNull PrimitiveNode primitiveNode, @NotNull DecoderContext decoderContext) {
        Intrinsics.checkNotNullParameter(primitiveNode, "node");
        Intrinsics.checkNotNullParameter(decoderContext, "context");
        if (!(primitiveNode instanceof StringNode)) {
            return ValidatedKt.valid(primitiveNode);
        }
        MatchResult matchEntire = this.regex1.matchEntire(((StringNode) primitiveNode).getValue());
        if (matchEntire == null) {
            matchEntire = this.regex2.matchEntire(((StringNode) primitiveNode).getValue());
            if (matchEntire == null) {
                matchEntire = this.regex3.matchEntire(((StringNode) primitiveNode).getValue());
            }
        }
        MatchResult matchResult = matchEntire;
        if (matchResult == null) {
            return ValidatedKt.valid(primitiveNode);
        }
        String obj = StringsKt.trim((String) matchResult.getGroupValues().get(1)).toString();
        MatchResult matchEntire2 = this.keyRegex.matchEntire(obj);
        Pair pair = matchEntire2 == null ? new Pair(obj, (Object) null) : new Pair(matchEntire2.getGroupValues().get(1), matchEntire2.getGroupValues().get(2));
        return fetchSecret((String) pair.component1(), (String) pair.component2(), (StringNode) primitiveNode, decoderContext);
    }

    private final Validated<ConfigFailure, Node> fetchSecret(String str, String str2, StringNode stringNode, DecoderContext decoderContext) {
        Validated<ConfigFailure, Node> invalid;
        Object obj;
        Validated<ConfigFailure, Node> invalid2;
        try {
            GetSecretValueResult secretValue = getClient().getSecretValue(new GetSecretValueRequest().withSecretId(str));
            if (this.report) {
                decoderContext.getReporter().report(AwsOps.ReportSection, MapsKt.mapOf(new Pair[]{TuplesKt.to("Name", secretValue.getName()), TuplesKt.to("Arn", secretValue.getARN()), TuplesKt.to("Created Date", secretValue.getCreatedDate().toString()), TuplesKt.to("Version Id", secretValue.getVersionId())}));
            }
            String secretString = secretValue.getSecretString();
            String str3 = secretString;
            if (str3 == null || StringsKt.isBlank(str3)) {
                invalid2 = ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Empty secret '" + str + "' in AWS SecretsManager"));
            } else if (str2 == null) {
                Intrinsics.checkNotNullExpressionValue(secretString, "secret");
                invalid2 = ValidatedKt.valid(NodesKt.withMeta(NodesKt.withMeta(NodesKt.withMeta(StringNode.copy$default(stringNode, secretString, (Pos) null, (DotPath) null, (Map) null, 14, (Object) null), "Secret", true), "UnprocessedValue", stringNode.getValue()), "RemoteLookup", "AWS '" + str + "'"));
            } else {
                try {
                    Result.Companion companion = Result.Companion;
                    AwsSecretsManagerPreprocessor awsSecretsManagerPreprocessor = this;
                    StringFormat stringFormat = Json.Default;
                    Intrinsics.checkNotNullExpressionValue(secretString, "secret");
                    DeserializationStrategy serializer = SerializersKt.serializer(stringFormat.getSerializersModule(), Reflection.typeOf(Map.class, KTypeProjection.Companion.invariant(Reflection.typeOf(String.class)), KTypeProjection.Companion.invariant(Reflection.typeOf(String.class))));
                    Intrinsics.checkNotNull(serializer, "null cannot be cast to non-null type kotlinx.serialization.KSerializer<T of kotlinx.serialization.internal.Platform_commonKt.cast>");
                    obj = Result.constructor-impl((Map) stringFormat.decodeFromString(serializer, secretString));
                } catch (Throwable th) {
                    Result.Companion companion2 = Result.Companion;
                    obj = Result.constructor-impl(ResultKt.createFailure(th));
                }
                Object obj2 = obj;
                Map map = (Map) (Result.exceptionOrNull-impl(obj2) == null ? obj2 : MapsKt.emptyMap());
                String str4 = (String) map.get(str2);
                invalid2 = str4 == null ? ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Index '" + str2 + "' not present in secret '" + str + "'. Available keys are " + CollectionsKt.joinToString$default(map.keySet(), ",", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null))) : ValidatedKt.valid(NodesKt.withMeta(NodesKt.withMeta(NodesKt.withMeta(StringNode.copy$default(stringNode, str4, (Pos) null, (DotPath) null, (Map) null, 14, (Object) null), "Secret", true), "UnprocessedValue", stringNode.getValue()), "RemoteLookup", "AWS '" + str + "[" + str2 + "]'"));
            }
            invalid = invalid2;
        } catch (InvalidParameterException e) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Invalid parameter name '" + str + "' in AWS SecretsManager"));
        } catch (AmazonClientException e2) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorFailure("Failed loading secret '" + str + "' from AWS SecretsManager", e2));
        } catch (ResourceNotFoundException e3) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Could not locate resource '" + str + "' in AWS SecretsManager"));
        } catch (DecryptionFailureException e4) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Could not decrypt resource '" + str + "' in AWS SecretsManager"));
        } catch (AmazonServiceException e5) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorFailure("Failed loading secret '" + str + "' from AWS SecretsManager", e5));
        } catch (LimitExceededException e6) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorWarning("Could not load resource '" + str + "' due to limits exceeded"));
        } catch (Exception e7) {
            invalid = ValidatedKt.invalid(new ConfigFailure.PreprocessorFailure("Failed loading secret '" + str + "' from AWS SecretsManager", e7));
        }
        return invalid;
    }

    public AwsSecretsManagerPreprocessor() {
        this(false, null, 3, null);
    }
}
