package software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.sql.SQLException;
import java.util.Properties;
import java.util.concurrent.Callable;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import software.amazon.awssdk.utils.Pair;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.conf.ConnectionUrl;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.conf.PropertySet;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.exceptions.CJException;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.log.Log;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.util.LRUCache;
import software.aws.rds.jdbc.mysql.shading.com.mysql.cj.util.StringUtils;

/* loaded from: input_file:software/aws/rds/jdbc/mysql/shading/com/mysql/cj/jdbc/ha/plugins/AWSSecretsManagerPlugin.class */
public class AWSSecretsManagerPlugin implements IConnectionPlugin {
    static final String SECRET_ID_PROPERTY = "secretsManagerSecretId";
    static final String REGION_PROPERTY = "secretsManagerRegion";
    private static final String ERROR_MISSING_DEPENDENCY_SECRETS = "[AWSSecretsManagerPlugin] Required dependency 'AWS Java SDK for AWS Secrets Manager' is not on the classpath";
    private static final String ERROR_MISSING_DEPENDENCY_JACKSON = "[AWSSecretsManagerPlugin] Required dependency 'Jackson Databind' is not on the classpath";
    static final String ERROR_GET_SECRETS_FAILED = "[AWSSecretsManagerPlugin] Was not able to either fetch or read the database credentials from AWS Secrets Manager. Ensure the correct secretId and region properties have been provided";
    static final String SQLSTATE_ACCESS_ERROR = "28000";
    static final LRUCache<Pair<String, Region>, Secret> SECRET_CACHE = new LRUCache<>(100);
    private final IConnectionPlugin nextPlugin;
    private final Log logger;
    private final String secretId;
    private final Region region;
    private final SecretsManagerClient secretsManagerClient;
    private final GetSecretValueRequest getSecretValueRequest;
    private final Pair<String, Region> secretKey;
    private Secret secret;

    /* JADX INFO: Access modifiers changed from: package-private */
    @JsonIgnoreProperties(ignoreUnknown = true)
    /* loaded from: input_file:software/aws/rds/jdbc/mysql/shading/com/mysql/cj/jdbc/ha/plugins/AWSSecretsManagerPlugin$Secret.class */
    public static class Secret {

        @JsonProperty("username")
        private String username;

        @JsonProperty("password")
        private String password;

        Secret() {
        }

        Secret(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        String getUsername() {
            return this.username;
        }

        String getPassword() {
            return this.password;
        }
    }

    public AWSSecretsManagerPlugin(ICurrentConnectionProvider iCurrentConnectionProvider, PropertySet propertySet, IConnectionPlugin iConnectionPlugin, Log log) throws SQLException {
        this(iCurrentConnectionProvider, propertySet, iConnectionPlugin, log, null, null);
    }

    AWSSecretsManagerPlugin(ICurrentConnectionProvider iCurrentConnectionProvider, PropertySet propertySet, IConnectionPlugin iConnectionPlugin, Log log, SecretsManagerClient secretsManagerClient, GetSecretValueRequest getSecretValueRequest) throws SQLException {
        try {
            Class.forName("software.amazon.awssdk.services.secretsmanager.SecretsManagerClient");
            try {
                Class.forName("com.fasterxml.jackson.databind.ObjectMapper");
                if (StringUtils.isNullOrEmpty(propertySet.getStringProperty(SECRET_ID_PROPERTY).getValue())) {
                    throw new SQLException(String.format("Configuration parameter '%s' is required.", SECRET_ID_PROPERTY));
                }
                if (StringUtils.isNullOrEmpty(propertySet.getStringProperty(REGION_PROPERTY).getValue())) {
                    throw new SQLException(String.format("Configuration parameter '%s' is required.", REGION_PROPERTY));
                }
                this.nextPlugin = iConnectionPlugin;
                this.logger = log;
                this.secretId = propertySet.getStringProperty(SECRET_ID_PROPERTY).getValue();
                this.region = Region.of(propertySet.getStringProperty(REGION_PROPERTY).getValue());
                this.secretKey = Pair.of(this.secretId, this.region);
                if (secretsManagerClient == null || getSecretValueRequest == null) {
                    this.secretsManagerClient = (SecretsManagerClient) SecretsManagerClient.builder().region(this.region).build();
                    this.getSecretValueRequest = (GetSecretValueRequest) GetSecretValueRequest.builder().secretId(this.secretId).build();
                } else {
                    this.secretsManagerClient = secretsManagerClient;
                    this.getSecretValueRequest = getSecretValueRequest;
                }
            } catch (ClassNotFoundException e) {
                log.logError(ERROR_MISSING_DEPENDENCY_JACKSON);
                throw new SQLException(ERROR_MISSING_DEPENDENCY_JACKSON);
            }
        } catch (ClassNotFoundException e2) {
            log.logError(ERROR_MISSING_DEPENDENCY_SECRETS);
            throw new SQLException(ERROR_MISSING_DEPENDENCY_SECRETS);
        }
    }

    @Override // software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins.IConnectionPlugin
    public void openInitialConnection(ConnectionUrl connectionUrl) throws SQLException {
        Properties properties = new Properties();
        properties.putAll(connectionUrl.getOriginalProperties());
        boolean updateSecret = updateSecret(false);
        try {
            applySecretToProperties(properties);
            attemptToLogin(properties, connectionUrl);
        } catch (SQLException e) {
            if (!isLoginUnsuccessful(e) || updateSecret || !updateSecret(true)) {
                throw e;
            }
            applySecretToProperties(properties);
            attemptToLogin(properties, connectionUrl);
        } catch (Exception e2) {
            this.logger.logError("Unhandled exception:", e2);
            throw new SQLException(e2);
        }
    }

    private boolean isLoginUnsuccessful(SQLException sQLException) {
        this.logger.logTrace("Login failed. SQLState=" + sQLException.getSQLState(), sQLException);
        Throwable th = sQLException;
        while (true) {
            Throwable th2 = th;
            if (th2 == null) {
                return false;
            }
            String str = "";
            if (th2 instanceof SQLException) {
                str = ((SQLException) th2).getSQLState();
            } else if (th2 instanceof CJException) {
                str = ((CJException) th2).getSQLState();
            }
            if ("28000".equals(str)) {
                return true;
            }
            th = th2.getCause();
        }
    }

    private void applySecretToProperties(Properties properties) {
        if (this.secret != null) {
            properties.put("user", this.secret.getUsername());
            properties.put("password", this.secret.getPassword());
        }
    }

    private boolean updateSecret(boolean z) throws SQLException {
        boolean z2 = false;
        this.secret = SECRET_CACHE.get(this.secretKey);
        if (this.secret == null || z) {
            try {
                this.secret = fetchLatestCredentials();
                if (this.secret != null) {
                    z2 = true;
                    SECRET_CACHE.put(this.secretKey, this.secret);
                }
            } catch (SecretsManagerException | JsonProcessingException e) {
                this.logger.logError(ERROR_GET_SECRETS_FAILED, e);
                throw new SQLException(ERROR_GET_SECRETS_FAILED, e);
            }
        }
        return z2;
    }

    private void attemptToLogin(Properties properties, ConnectionUrl connectionUrl) throws SQLException {
        this.nextPlugin.openInitialConnection(ConnectionUrl.getConnectionUrlInstance(connectionUrl.getDatabaseUrl(), properties));
    }

    Secret fetchLatestCredentials() throws SecretsManagerException, JsonProcessingException {
        return (Secret) new ObjectMapper().readValue(this.secretsManagerClient.getSecretValue(this.getSecretValueRequest).secretString(), Secret.class);
    }

    @Override // software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins.IConnectionPlugin
    public Object execute(Class<?> cls, String str, Callable<?> callable, Object[] objArr) throws Exception {
        return this.nextPlugin.execute(cls, str, callable, objArr);
    }

    @Override // software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins.ITransactionContextHandler
    public void transactionBegun() {
        this.nextPlugin.transactionBegun();
    }

    @Override // software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins.ITransactionContextHandler
    public void transactionCompleted() {
        this.nextPlugin.transactionCompleted();
    }

    @Override // software.aws.rds.jdbc.mysql.shading.com.mysql.cj.jdbc.ha.plugins.IConnectionPlugin
    public void releaseResources() {
        this.nextPlugin.releaseResources();
    }
}
