package io.datarouter.aws.s3.client;

import io.datarouter.aws.s3.SerializableStaticAwsCredentialsProviderProvider;
import io.datarouter.secret.op.SecretOpConfig;
import io.datarouter.secret.op.SecretOpReason;
import io.datarouter.secret.service.SecretNamespacer;
import io.datarouter.secret.service.SecretService;
import io.datarouter.storage.client.ClientOptions;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/aws/s3/client/S3Options.class */
public class S3Options {
    private static final Logger logger = LoggerFactory.getLogger(S3Options.class);
    protected static final String PROP_credentialsLocation = "credentials.location";
    protected static final String PROP_accessKey = "accessKey";
    protected static final String PROP_secretKey = "secretKey";
    private final ConcurrentHashMap<String, Optional<SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto>> clientCredentials = new ConcurrentHashMap<>();

    @Inject
    private ClientOptions clientOptions;

    @Inject
    private SecretNamespacer secretNamespacer;

    @Inject
    private SecretService secretService;

    public SerializableStaticAwsCredentialsProviderProvider makeCredentialsProvider(String str) {
        return new SerializableStaticAwsCredentialsProviderProvider(new SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto(getAccessKey(str), getSecretKey(str)));
    }

    private String getAccessKey(String str) {
        return (String) readCredentialsSecret(str).map((v0) -> {
            return v0.accessKey();
        }).orElseGet(() -> {
            return this.clientOptions.getRequiredString(str, PROP_accessKey);
        });
    }

    private String getSecretKey(String str) {
        return (String) readCredentialsSecret(str).map((v0) -> {
            return v0.secretKey();
        }).orElseGet(() -> {
            return this.clientOptions.getRequiredString(str, PROP_secretKey);
        });
    }

    private Optional<SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto> readCredentialsSecret(String str) {
        return this.clientCredentials.computeIfAbsent(str, str2 -> {
            Optional optString = this.clientOptions.optString(str, PROP_credentialsLocation);
            if (optString.isEmpty()) {
                logger.warn("credentialsLocation not specified");
            }
            return optString.map(str2 -> {
                String sharedNamespaced = this.secretNamespacer.sharedNamespaced(str2);
                try {
                    SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto s3CredentialsDto = (SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto) this.secretService.read(str2, SerializableStaticAwsCredentialsProviderProvider.S3CredentialsDto.class, SecretOpConfig.builder(SecretOpReason.automatedOp(getClass().getName())).useSharedNamespace().build());
                    logger.info("using secret at credentialsLocation={}", sharedNamespaced);
                    return s3CredentialsDto;
                } catch (RuntimeException e) {
                    logger.error("Failed to locate credentialsLocation={} for clientName={}", new Object[]{sharedNamespaced, str, e});
                    return null;
                }
            });
        });
    }
}
