package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SealedSecretFormat;
import com.atlassian.secrets.api.SecretService;
import com.atlassian.secrets.api.SecretServiceBackend;
import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.api.SecretServiceState;
import com.atlassian.secrets.api.SecretServiceType;
import com.atlassian.secrets.service.aes.AESConfig;
import com.atlassian.secrets.service.aes.AESEncryptionBackend;
import com.atlassian.secrets.service.aws.AWSSecretBackend;
import com.atlassian.secrets.service.aws.AWSSecretBackendConfig;
import com.atlassian.secrets.service.config.BackendConfig;
import com.atlassian.secrets.service.config.SecretServiceConfig;
import com.atlassian.secrets.service.lock.ConfigFileLock;
import com.atlassian.secrets.service.utils.OSUtils;
import com.atlassian.secrets.service.vault.VaultSecretBackend;
import com.atlassian.secrets.vault.auth.VaultConfig;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/secrets/service/SecretServiceFactory.class */
public class SecretServiceFactory {
    private static final Logger log = LoggerFactory.getLogger(SecretServiceFactory.class);
    public static final String SECRETS_CONFIG_LOCK_FILE_NAME = "secrets-config.yaml.lock";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.secrets.service.SecretServiceFactory$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/secrets/service/SecretServiceFactory$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$secrets$api$SecretServiceType = new int[SecretServiceType.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$secrets$api$SecretServiceType[SecretServiceType.AES.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$secrets$api$SecretServiceType[SecretServiceType.VAULT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$atlassian$secrets$api$SecretServiceType[SecretServiceType.AWS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private SecretServiceFactory() {
    }

    public static SecretService getSecretService(SecretServiceParams secretServiceParams) throws SecretServiceException {
        if (SecretService.getState() == SecretServiceState.DISABLED) {
            return new DisabledSecretService();
        }
        Path secretsConfigFile = secretServiceParams.getSecretsConfigFile();
        SecretServiceConfig orCreateConfig = getOrCreateConfig(secretServiceParams, secretsConfigFile);
        try {
            Map<String, SecretServiceBackend> parseBackends = parseBackends(orCreateConfig.getBackends(), secretServiceParams);
            String defaultBackend = orCreateConfig.getDefaultBackend();
            if (parseBackends.get(defaultBackend) == null) {
                throw new IllegalArgumentException(String.format("Default service must be a valid backend. Make sure %s is appropriately defined.", secretsConfigFile.getFileName()));
            }
            return new DefaultSecretService(secretServiceParams.getSecretDao(), parseBackends, defaultBackend);
        } catch (Exception e) {
            throw new SecretServiceException(String.format("Backend properties in secret service configuration file is invalid, review the %s file.", secretsConfigFile.getFileName()));
        }
    }

    private static SecretServiceConfig getOrCreateConfig(SecretServiceParams secretServiceParams, Path path) {
        if (!Files.exists(path, new LinkOption[0])) {
            if (OSUtils.isWindows()) {
                log.debug("Running on Windows, skipping lock file creation as it is not supported with NFS.");
                SecretConfigManager.maybeGenerateDefaultConfigFile(secretServiceParams);
            } else {
                ConfigFileLock configFileLock = new ConfigFileLock(path);
                configFileLock.cleanupStaleLockFile();
                configFileLock.underLock(() -> {
                    SecretConfigManager.maybeGenerateDefaultConfigFile(secretServiceParams);
                });
            }
        }
        return SecretConfigManager.readConfigFile(path);
    }

    private static Map<String, SecretServiceBackend> parseBackends(Map<String, BackendConfig> map, SecretServiceParams secretServiceParams) throws SecretServiceException {
        return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return getSecretService((String) entry.getKey(), (BackendConfig) entry.getValue(), secretServiceParams);
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretServiceBackend getSecretService(String str, BackendConfig backendConfig, SecretServiceParams secretServiceParams) throws SecretServiceException {
        SecretServiceType type = backendConfig.getType();
        Map<String, Object> properties = backendConfig.getProperties();
        SealedSecretFormat.setFormat(new CBORFormat());
        switch (AnonymousClass1.$SwitchMap$com$atlassian$secrets$api$SecretServiceType[type.ordinal()]) {
            case 1:
                return new AESEncryptionBackend(str, ((AESConfig) SecretConfigManager.mapToServiceConfig(properties, AESConfig.class)).withResolvedKey(secretServiceParams.getKeyDirectory()));
            case 2:
                return new VaultSecretBackend(str, (VaultConfig) SecretConfigManager.mapToServiceConfig(properties, VaultConfig.class));
            case 3:
                return new AWSSecretBackend(str, (AWSSecretBackendConfig) SecretConfigManager.mapToServiceConfig(properties, AWSSecretBackendConfig.class));
            default:
                throw new IncompatibleClassChangeError();
        }
    }
}
