package com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.algorithms;

import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.SecretAgentClient;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.GetOrGenerateSecretKeyException;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.GetOrGenerateSecretRequest;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.GetSecretRequest;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.Secret;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.SecretAgentClientException;
import com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.emr.secretagent.client.model.StoreSecretRequest;
import java.time.Duration;
import java.time.ZonedDateTime;
import java.time.chrono.ChronoZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.Random;
import java.util.TreeSet;

/* loaded from: input_file:com/amazon/ws/emr/hadoop/fs/shaded/com/amazonaws/emr/secretagent/client/algorithms/GetOrGenerateSecretAlgorithm.class */
public class GetOrGenerateSecretAlgorithm {
    private static final int DEFAULT_MAX_SLEEP_INTERVAL_MILLIS = 1000;
    private final Random random;
    private final SecretAgentClient secretAgentClient;
    private final int maxSleepIntervalMillis;

    public GetOrGenerateSecretAlgorithm(SecretAgentClient secretAgentClient) {
        this(secretAgentClient, 1000);
    }

    public GetOrGenerateSecretAlgorithm(SecretAgentClient secretAgentClient, int i) {
        this.random = new Random();
        this.secretAgentClient = secretAgentClient;
        this.maxSleepIntervalMillis = i;
    }

    public Secret getOrGenerateSecret(GetOrGenerateSecretRequest getOrGenerateSecretRequest) {
        validateRequest(getOrGenerateSecretRequest);
        try {
            Optional<Secret> checkForValidLatestSecret = checkForValidLatestSecret(getOrGenerateSecretRequest);
            if (checkForValidLatestSecret.isPresent()) {
                return checkForValidLatestSecret.get();
            }
            sleep();
            return createSecretIfItDoesNotExit(getOrGenerateSecretRequest);
        } catch (GetOrGenerateSecretKeyException e) {
            throw e;
        } catch (SecretAgentClientException e2) {
            throw new GetOrGenerateSecretKeyException("Secret Agent client failure creating " + getOrGenerateSecretRequest.getSecretName(), e2);
        } catch (InterruptedException e3) {
            throw new GetOrGenerateSecretKeyException("Interrupted sleeping while creating " + getOrGenerateSecretRequest.getSecretName());
        }
    }

    private void validateRequest(GetOrGenerateSecretRequest getOrGenerateSecretRequest) {
        if (getOrGenerateSecretRequest.getProposedSecretValue() == null) {
            throw new GetOrGenerateSecretKeyException("Proposed secret cannot be null");
        }
        if (getOrGenerateSecretRequest.getUsernameThatCreatedSecret() == null) {
            throw new GetOrGenerateSecretKeyException("Username that created secret cannot be null");
        }
    }

    private Secret createSecretIfItDoesNotExit(GetOrGenerateSecretRequest getOrGenerateSecretRequest) {
        Optional<Secret> checkForValidLatestSecret = checkForValidLatestSecret(getOrGenerateSecretRequest);
        if (checkForValidLatestSecret.isPresent()) {
            return checkForValidLatestSecret.get();
        }
        Optional<String> storeVersionedSecret = this.secretAgentClient.storeVersionedSecret(StoreSecretRequest.builder().enableUserAuthenticatedNamespaces(true).versioned(true).usernameThatCreatedSecret(getOrGenerateSecretRequest.getUsernameThatCreatedSecret()).secret(getOrGenerateSecretRequest.getProposedSecretValue().toBuilder().accessUsers(addOurselvesToUserList(getOrGenerateSecretRequest.getUsernameThatCreatedSecret(), getOrGenerateSecretRequest.getProposedSecretValue().getAccessUsers())).adminUsers(addOurselvesToUserList(getOrGenerateSecretRequest.getUsernameThatCreatedSecret(), getOrGenerateSecretRequest.getProposedSecretValue().getAdminUsers())).build()).build());
        if (storeVersionedSecret == null) {
            throw new GetOrGenerateSecretKeyException("Server sent a null response secretName=" + getOrGenerateSecretRequest.getSecretName());
        }
        if (storeVersionedSecret.isPresent()) {
            return getOrGenerateSecretRequest.getProposedSecretValue().toBuilder().version(storeVersionedSecret.get()).build();
        }
        throw new GetOrGenerateSecretKeyException("Server did not set a version! Is it running old code? secretName=" + getOrGenerateSecretRequest.getSecretName());
    }

    private void sleep() throws InterruptedException {
        Thread.sleep(this.random.nextInt(this.maxSleepIntervalMillis));
    }

    private List<String> addOurselvesToUserList(String str, List<String> list) {
        TreeSet treeSet = new TreeSet();
        if (list != null && !list.isEmpty()) {
            treeSet.addAll(list);
        }
        treeSet.add(str);
        return new ArrayList(treeSet);
    }

    private Optional<Secret> checkForValidLatestSecret(GetOrGenerateSecretRequest getOrGenerateSecretRequest) {
        Optional<Secret> secret = this.secretAgentClient.getSecret(GetSecretRequest.builder().secretName(getOrGenerateSecretRequest.getSecretName()).usernameThatCreatedSecret(getOrGenerateSecretRequest.getUsernameThatCreatedSecret()).version(null).build());
        return isLatestSecretValid(secret, getOrGenerateSecretRequest.getDurationUntilPriorSecretExpiresToCreateNewVersion()) ? secret : Optional.empty();
    }

    private boolean isLatestSecretValid(Optional<Secret> optional, Duration duration) {
        if (!optional.isPresent()) {
            return false;
        }
        Secret secret = optional.get();
        if (secret.getExpirationDateTime() == null) {
            return true;
        }
        return duration == null ? secret.getExpirationDateTime().compareTo((ChronoZonedDateTime<?>) ZonedDateTime.now()) >= 0 : secret.getExpirationDateTime().compareTo((ChronoZonedDateTime<?>) ZonedDateTime.now().plus((TemporalAmount) duration)) >= 0;
    }
}
