package com.schibsted.security.strongbox.sdk.impl;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.schibsted.security.strongbox.sdk.SecretsGroup;
import com.schibsted.security.strongbox.sdk.SimpleSecretsGroup;
import com.schibsted.security.strongbox.sdk.exceptions.EncodingException;
import com.schibsted.security.strongbox.sdk.internal.SessionName;
import com.schibsted.security.strongbox.sdk.types.ByteSecretEntry;
import com.schibsted.security.strongbox.sdk.types.Encoding;
import com.schibsted.security.strongbox.sdk.types.SecretEntry;
import com.schibsted.security.strongbox.sdk.types.SecretIdentifier;
import com.schibsted.security.strongbox.sdk.types.SecretsGroupIdentifier;
import com.schibsted.security.strongbox.sdk.types.StringSecretEntry;
import com.schibsted.security.strongbox.sdk.types.arn.RoleARN;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;

/* loaded from: input_file:com/schibsted/security/strongbox/sdk/impl/DefaultSimpleSecretsGroup.class */
public class DefaultSimpleSecretsGroup implements SimpleSecretsGroup {
    private final SecretsGroup secretsGroup;

    DefaultSimpleSecretsGroup(SecretsGroup secretsGroup) {
        this.secretsGroup = secretsGroup;
    }

    public DefaultSimpleSecretsGroup(SecretsGroupIdentifier secretsGroupIdentifier) {
        this(secretsGroupIdentifier, (AWSCredentialsProvider) new DefaultAWSCredentialsProviderChain());
    }

    public DefaultSimpleSecretsGroup(SecretsGroupIdentifier secretsGroupIdentifier, RoleARN roleARN) {
        this.secretsGroup = new DefaultSecretsGroupManager(new STSAssumeRoleSessionCredentialsProvider.Builder(roleARN.toArn(), SessionName.getSessionName("StrongboxSDK")).build()).get(secretsGroupIdentifier);
    }

    public DefaultSimpleSecretsGroup(SecretsGroupIdentifier secretsGroupIdentifier, AWSCredentialsProvider aWSCredentialsProvider) {
        this.secretsGroup = new DefaultSecretsGroupManager(aWSCredentialsProvider).get(secretsGroupIdentifier);
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<String> getStringSecret(SecretIdentifier secretIdentifier) {
        return asString(this.secretsGroup.getLatestActiveVersion(secretIdentifier));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<String> getStringSecret(String str) {
        return getStringSecret(new SecretIdentifier(str));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<String> getStringSecret(SecretIdentifier secretIdentifier, long j) {
        return asString(this.secretsGroup.getActive(secretIdentifier, j));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<String> getStringSecret(String str, long j) {
        return getStringSecret(new SecretIdentifier(str), j);
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public List<StringSecretEntry> getAllStringSecrets() {
        return (List) this.secretsGroup.getLatestActiveVersionOfAllSecrets().stream().filter(secretEntry -> {
            return secretEntry.secretValue.encoding == Encoding.UTF8;
        }).map(StringSecretEntry::of).collect(Collectors.toList());
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<byte[]> getBinarySecret(SecretIdentifier secretIdentifier) {
        return asBinary(this.secretsGroup.getLatestActiveVersion(secretIdentifier));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<byte[]> getBinarySecret(String str) {
        return getBinarySecret(new SecretIdentifier(str));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<byte[]> getBinarySecret(SecretIdentifier secretIdentifier, long j) {
        return asBinary(this.secretsGroup.getActive(secretIdentifier, j));
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public Optional<byte[]> getBinarySecret(String str, long j) {
        return getBinarySecret(new SecretIdentifier(str), j);
    }

    @Override // com.schibsted.security.strongbox.sdk.SimpleSecretsGroup
    public List<ByteSecretEntry> getAllBinarySecrets() {
        return (List) this.secretsGroup.getLatestActiveVersionOfAllSecrets().stream().filter(secretEntry -> {
            return secretEntry.secretValue.encoding == Encoding.BINARY;
        }).map(ByteSecretEntry::of).collect(Collectors.toList());
    }

    private Optional<String> asString(Optional<SecretEntry> optional) {
        verifyEncodingOrThrow(optional, Encoding.UTF8);
        return optional.map(secretEntry -> {
            return secretEntry.secretValue.asString();
        });
    }

    private Optional<byte[]> asBinary(Optional<SecretEntry> optional) {
        verifyEncodingOrThrow(optional, Encoding.BINARY);
        return optional.map(secretEntry -> {
            return secretEntry.secretValue.asByteArray();
        });
    }

    private void verifyEncodingOrThrow(Optional<SecretEntry> optional, Encoding encoding) {
        if (optional.isPresent() && optional.get().secretValue.encoding != encoding) {
            throw new EncodingException(String.format("Expected secret value encoding to be '%s' but was '%s'", encoding, optional.get().secretValue.encoding));
        }
    }
}
