package org.openmetadata.service.secrets;

import com.google.cloud.secretmanager.v1.AccessSecretVersionResponse;
import com.google.cloud.secretmanager.v1.ProjectName;
import com.google.cloud.secretmanager.v1.Replication;
import com.google.cloud.secretmanager.v1.Secret;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretName;
import com.google.cloud.secretmanager.v1.SecretPayload;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.regex.Pattern;
import java.util.zip.CRC32C;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.service.exception.SecretsManagerException;
import org.openmetadata.service.exception.SecretsManagerUpdateException;
import org.openmetadata.service.search.models.IndexMapping;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.security.auth.BotTokenCache;

/* loaded from: input_file:org/openmetadata/service/secrets/GCPSecretsManager.class */
public class GCPSecretsManager extends ExternalSecretsManager {
    private static final String FIXED_VERSION_ID = "latest";
    public static final String PROJECT_ID_NAME = "projectId";
    private static GCPSecretsManager instance = null;
    private String projectId;

    private GCPSecretsManager(SecretsManager.SecretsConfig secretsConfig) {
        super(SecretsManagerProvider.GCP, secretsConfig, 100L);
        this.projectId = null;
        this.projectId = (String) secretsConfig.parameters().getAdditionalProperties().getOrDefault(PROJECT_ID_NAME, BotTokenCache.EMPTY_STRING);
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    protected SecretsManager.SecretsIdConfig builSecretsIdConfig() {
        return new SecretsManager.SecretsIdConfig(IndexMapping.indexNameSeparator, Boolean.FALSE, BotTokenCache.EMPTY_STRING, Pattern.compile("[^A-Za-z0-9_]"));
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    void storeSecret(String str, String str2) {
        try {
            SecretManagerServiceClient create = SecretManagerServiceClient.create();
            try {
                create.createSecret(ProjectName.of(this.projectId), str, Secret.newBuilder().setReplication(Replication.newBuilder().setAutomatic(Replication.Automatic.newBuilder().build()).build()).build());
                if (create != null) {
                    create.close();
                }
                updateSecret(str, cleanNullOrEmpty(str2));
            } finally {
            }
        } catch (IOException e) {
            throw new SecretsManagerUpdateException(e.getMessage(), e);
        }
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    void updateSecret(String str, String str2) {
        try {
            SecretManagerServiceClient create = SecretManagerServiceClient.create();
            try {
                SecretName of = SecretName.of(this.projectId, str);
                byte[] bytes = str2.getBytes();
                CRC32C crc32c = new CRC32C();
                crc32c.update(bytes, 0, bytes.length);
                create.addSecretVersion(of, SecretPayload.newBuilder().setData(ByteString.copyFrom(bytes)).setDataCrc32C(crc32c.getValue()).build());
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new SecretsManagerUpdateException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.openmetadata.service.secrets.SecretsManager
    public String getSecret(String str) {
        try {
            SecretManagerServiceClient create = SecretManagerServiceClient.create();
            try {
                AccessSecretVersionResponse accessSecretVersion = create.accessSecretVersion(SecretVersionName.of(this.projectId, str, FIXED_VERSION_ID));
                byte[] byteArray = accessSecretVersion.getPayload().getData().toByteArray();
                CRC32C crc32c = new CRC32C();
                crc32c.update(byteArray, 0, byteArray.length);
                if (accessSecretVersion.getPayload().getDataCrc32C() != crc32c.getValue()) {
                    throw new SecretsManagerException("Data corruption detected.");
                }
                String stringUtf8 = accessSecretVersion.getPayload().getData().toStringUtf8();
                if (create != null) {
                    create.close();
                }
                return stringUtf8;
            } finally {
            }
        } catch (IOException e) {
            throw new SecretsManagerUpdateException(e.getMessage(), e);
        }
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    protected void deleteSecretInternal(String str) {
        try {
            SecretManagerServiceClient create = SecretManagerServiceClient.create();
            try {
                create.deleteSecret(SecretName.of(this.projectId, str));
                System.out.printf("Deleted secret %s\n", str);
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new SecretsManagerUpdateException(e.getMessage(), e);
        }
    }

    public static GCPSecretsManager getInstance(SecretsManager.SecretsConfig secretsConfig) {
        if (instance == null) {
            instance = new GCPSecretsManager(secretsConfig);
        }
        return instance;
    }
}
