package io.camunda.connector.runtime.cloud;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import io.camunda.connector.api.error.ConnectorException;
import io.camunda.connector.api.secret.SecretProvider;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/connector/runtime/cloud/GcpSecretManagerSecretProvider.class */
public class GcpSecretManagerSecretProvider implements SecretProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(GcpSecretManagerSecretProvider.class);
    private static final ObjectMapper DEFAULT_MAPPER = new ObjectMapper().registerModule(new Jdk8Module()).registerModule(new JavaTimeModule()).disable(SerializationFeature.FAIL_ON_EMPTY_BEANS).disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
    public static final String SECRETS_PROJECT_ENV_NAME = "SECRETS_PROJECT_ID";
    public static final String SECRETS_PREFIX_ENV_NAME = "SECRETS_PREFIX";
    public static final String CLUSTER_ID_ENV_NAME = "CAMUNDA_CLUSTER_ID";
    public static final String SECRETS_CACHE_MILLIS_ENV_NAME = "CAMUNDA_CONNECTOR_SECRETS_CACHE_MILLIS";
    private ObjectMapper mapper;
    private final String clusterId;
    private final String secretsProjectId;
    private final String secretsNamePrefix;
    private static final String CACHE_KEY = "SECRETS";
    LoadingCache<String, Map<String, String>> secretsCache;

    public GcpSecretManagerSecretProvider() {
        this(System.getenv(CLUSTER_ID_ENV_NAME), System.getenv(SECRETS_PROJECT_ENV_NAME), System.getenv(SECRETS_PREFIX_ENV_NAME));
    }

    public GcpSecretManagerSecretProvider(String str, String str2, String str3) {
        this(DEFAULT_MAPPER, str, str2, str3);
    }

    public GcpSecretManagerSecretProvider(ObjectMapper objectMapper, String str, String str2, String str3) {
        this.mapper = objectMapper;
        this.clusterId = str;
        this.secretsProjectId = (String) Objects.requireNonNull(str2, "Configuration for Secrets project id is missing");
        this.secretsNamePrefix = (String) Objects.requireNonNull(str3, "Configuration for Secrets name prefix is missing");
        setupSecretsCache();
    }

    public void setupSecretsCache() {
        this.secretsCache = CacheBuilder.newBuilder().refreshAfterWrite(Long.parseLong((String) Optional.ofNullable(System.getenv(SECRETS_CACHE_MILLIS_ENV_NAME)).orElseGet(() -> {
            return "5000";
        })), TimeUnit.MILLISECONDS).build(new CacheLoader<String, Map<String, String>>() { // from class: io.camunda.connector.runtime.cloud.GcpSecretManagerSecretProvider.1
            public Map<String, String> load(String str) throws JsonProcessingException {
                return GcpSecretManagerSecretProvider.this.unwrapSecrets(GcpSecretManagerSecretProvider.this.loadGoogleSecrets(GcpSecretManagerSecretProvider.this.clusterId));
            }
        });
    }

    protected Map<String, String> unwrapSecrets(String str) throws JsonProcessingException {
        return (Map) this.mapper.readValue(str, Map.class);
    }

    protected String loadGoogleSecrets(String str) {
        Objects.requireNonNull(str, "You need to specify the clusterId to load secrets for");
        LOGGER.info("Fetching secrets for cluster {} from secret manager", str);
        try {
            SecretManagerServiceClient create = SecretManagerServiceClient.create();
            try {
                String stringUtf8 = create.accessSecretVersion(SecretVersionName.of(this.secretsProjectId, String.format("%s-%s", this.secretsNamePrefix, str), "latest")).getPayload().getData().toStringUtf8();
                if (create != null) {
                    create.close();
                }
                return stringUtf8;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.trace("Failed to load secrets from secret manager", e);
            throw new RuntimeException("Failed to load secrets from secret manager", e);
        }
    }

    public String getSecret(String str) {
        try {
            return (String) ((Map) this.secretsCache.get(CACHE_KEY)).get(str);
        } catch (ExecutionException e) {
            throw new ConnectorException("Could not resolve secrets: " + e.getMessage(), e);
        }
    }
}
