package org.zalando.baigan.repository.aws;

import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.DependencyTimeoutException;
import com.amazonaws.services.kms.model.KMSInternalException;
import com.amazonaws.services.s3.AmazonS3;
import com.google.common.io.BaseEncoding;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.time.temporal.ChronoUnit;
import java.util.Optional;
import javax.annotation.Nonnull;
import net.jodah.failsafe.Failsafe;
import net.jodah.failsafe.RetryPolicy;

/* loaded from: input_file:org/zalando/baigan/repository/aws/S3FileLoader.class */
public class S3FileLoader {
    private static final String KMS_START_TAG = "aws:kms:";
    private static final int MAX_RETRIES = 5;
    private static final int RETRY_SECONDS_WAIT = 10;
    private final RetryPolicy<ByteBuffer> retryPolicy = ((RetryPolicy) ((RetryPolicy) new RetryPolicy().handle(KMSInternalException.class)).handle(DependencyTimeoutException.class)).withBackoff(1, 10, ChronoUnit.SECONDS).withMaxRetries(MAX_RETRIES);
    private final AmazonS3 s3Client;
    private final AWSKMS kmsClient;
    private final String bucketName;
    private final String key;

    public S3FileLoader(@Nonnull String str, @Nonnull String str2, @Nonnull AmazonS3 amazonS3, @Nonnull AWSKMS awskms) {
        this.s3Client = amazonS3;
        this.kmsClient = awskms;
        this.bucketName = str;
        this.key = str2;
    }

    public String loadContent() {
        return decryptIfNecessary(this.s3Client.getObjectAsString(this.bucketName, this.key));
    }

    public String getBucketName() {
        return this.bucketName;
    }

    public String getKey() {
        return this.key;
    }

    private String decryptIfNecessary(String str) {
        Optional<byte[]> encryptedValue = getEncryptedValue(str);
        return encryptedValue.isPresent() ? new String(toByteArray(decryptValue(encryptedValue.get())), StandardCharsets.UTF_8) : str;
    }

    private ByteBuffer decryptValue(byte[] bArr) {
        DecryptRequest withCiphertextBlob = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(bArr));
        return (ByteBuffer) Failsafe.with(this.retryPolicy, new RetryPolicy[0]).get(() -> {
            return this.kmsClient.decrypt(withCiphertextBlob).getPlaintext();
        });
    }

    private static Optional<byte[]> getEncryptedValue(String str) {
        if (!str.startsWith(KMS_START_TAG)) {
            return Optional.empty();
        }
        try {
            return Optional.of(BaseEncoding.base64().decode(str.substring(KMS_START_TAG.length())));
        } catch (IllegalArgumentException e) {
            throw new RuntimeException("value is not Base 64 encoded", e);
        }
    }

    private static byte[] toByteArray(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr, byteBuffer.position(), byteBuffer.remaining());
        return bArr;
    }
}
