package com.netflix.spinnaker.kork.secrets.user;

import com.netflix.spinnaker.kork.annotations.NonnullByDefault;
import com.netflix.spinnaker.kork.secrets.EncryptedSecret;
import com.netflix.spinnaker.kork.secrets.SecretDecryptionException;
import com.netflix.spinnaker.kork.secrets.SecretEngine;
import com.netflix.spinnaker.kork.secrets.SecretEngineRegistry;
import java.nio.charset.StandardCharsets;
import org.springframework.stereotype.Component;

@NonnullByDefault
@Component
/* loaded from: input_file:com/netflix/spinnaker/kork/secrets/user/UserSecretManager.class */
public class UserSecretManager {
    private final SecretEngineRegistry registry;

    public UserSecret getUserSecret(UserSecretReference userSecretReference) {
        String engineIdentifier = userSecretReference.getEngineIdentifier();
        SecretEngine engine = this.registry.getEngine(engineIdentifier);
        if (engine == null) {
            throw new SecretDecryptionException("Unknown secret engine identifier: " + engineIdentifier);
        }
        engine.validate(userSecretReference);
        return engine.decrypt(userSecretReference);
    }

    public byte[] getExternalSecret(EncryptedSecret encryptedSecret) {
        String engineIdentifier = encryptedSecret.getEngineIdentifier();
        SecretEngine engine = this.registry.getEngine(engineIdentifier);
        if (engine == null) {
            throw new SecretDecryptionException("Unknown secret engine identifier: " + engineIdentifier);
        }
        engine.validate(encryptedSecret);
        return engine.decrypt(encryptedSecret);
    }

    public String getExternalSecretString(EncryptedSecret encryptedSecret) {
        return new String(getExternalSecret(encryptedSecret), StandardCharsets.UTF_8);
    }

    public UserSecretManager(SecretEngineRegistry secretEngineRegistry) {
        this.registry = secretEngineRegistry;
    }
}
