package io.quarkiverse.googlecloudservices.secretmanager.runtime.config;

import com.google.api.gax.core.FixedCredentialsProvider;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretManagerServiceSettings;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import io.quarkiverse.googlecloudservices.common.GcpBootstrapConfiguration;
import io.smallrye.config.common.AbstractConfigSource;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;

/* loaded from: input_file:io/quarkiverse/googlecloudservices/secretmanager/runtime/config/SecretManagerConfigSource.class */
public class SecretManagerConfigSource extends AbstractConfigSource {
    private static final int SECRET_MANAGER_ORDINAL = 50;
    private static final String CONFIG_SOURCE_NAME = "io.quarkiverse.googlecloudservices.secretmanager.runtime.config";
    private final String projectId;
    private final SecretManagerServiceClient client;
    private final AtomicBoolean closed;
    private static final String CLOUD_OAUTH_SCOPE = "https://www.googleapis.com/auth/cloud-platform";

    public SecretManagerConfigSource(GcpBootstrapConfiguration gcpBootstrapConfiguration, String str) {
        super(CONFIG_SOURCE_NAME, SECRET_MANAGER_ORDINAL);
        this.projectId = str;
        if (gcpBootstrapConfiguration.secretManagerEnabled()) {
            this.client = createClient(gcpBootstrapConfiguration, str);
            this.closed = new AtomicBoolean(false);
        } else {
            this.client = null;
            this.closed = new AtomicBoolean(true);
        }
    }

    public String getValue(String str) {
        SecretVersionName secretVersionName = SecretManagerConfigUtils.getSecretVersionName(str, this.projectId);
        if (secretVersionName == null || this.closed.get()) {
            return null;
        }
        return this.client.accessSecretVersion(secretVersionName).getPayload().getData().toStringUtf8();
    }

    public Set<String> getPropertyNames() {
        return Collections.emptySet();
    }

    public Map<String, String> getProperties() {
        return Collections.emptyMap();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeClient() {
        this.closed.compareAndSet(false, true);
        if (this.client != null) {
            this.client.close();
        }
    }

    private static SecretManagerServiceClient createClient(GcpBootstrapConfiguration gcpBootstrapConfiguration, String str) {
        try {
            return SecretManagerServiceClient.create(SecretManagerServiceSettings.newBuilder().setQuotaProjectId(str).setCredentialsProvider(FixedCredentialsProvider.create(credentials(gcpBootstrapConfiguration))).build());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static GoogleCredentials credentials(GcpBootstrapConfiguration gcpBootstrapConfiguration) throws IOException {
        if (gcpBootstrapConfiguration.serviceAccountLocation().isPresent()) {
            FileInputStream fileInputStream = new FileInputStream((String) gcpBootstrapConfiguration.serviceAccountLocation().get());
            try {
                GoogleCredentials createScoped = GoogleCredentials.fromStream(fileInputStream).createScoped(new String[]{CLOUD_OAUTH_SCOPE});
                fileInputStream.close();
                return createScoped;
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        if (!gcpBootstrapConfiguration.serviceAccountEncodedKey().isPresent()) {
            return GoogleCredentials.getApplicationDefault().createScoped(new String[]{CLOUD_OAUTH_SCOPE});
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode((String) gcpBootstrapConfiguration.serviceAccountEncodedKey().get()));
        try {
            GoogleCredentials createScoped2 = GoogleCredentials.fromStream(byteArrayInputStream).createScoped(new String[]{CLOUD_OAUTH_SCOPE});
            byteArrayInputStream.close();
            return createScoped2;
        } catch (Throwable th3) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }
}
