package com.google.scp.shared.clients.configclient.gcp;

import com.google.api.gax.rpc.NotFoundException;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.inject.Inject;
import com.google.scp.shared.clients.configclient.ParameterClient;
import com.google.scp.shared.clients.configclient.ParameterClientUtils;
import com.google.scp.shared.clients.configclient.gcp.Annotations;
import com.google.scp.shared.clients.configclient.model.ErrorReason;
import java.io.IOException;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/google/scp/shared/clients/configclient/gcp/GcpParameterClient.class */
public final class GcpParameterClient implements ParameterClient {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) GcpParameterClient.class);
    private static final int MAX_CACHE_SIZE = 100;
    private static final long CACHE_ENTRY_TTL_SEC = 3600;
    private static final String DEFAULT_PARAM_PREFIX = "scp";
    private static final String METADATA_ENVIRONMENT_KEY = "scp-environment";
    private final Supplier<String> environmentSupplier = Suppliers.memoizeWithExpiration(this::loadEnvironment, CACHE_ENTRY_TTL_SEC, TimeUnit.SECONDS);
    private final LoadingCache<String, Optional<String>> paramCache = CacheBuilder.newBuilder().maximumSize(100).expireAfterWrite(CACHE_ENTRY_TTL_SEC, TimeUnit.SECONDS).build(new CacheLoader<String, Optional<String>>() { // from class: com.google.scp.shared.clients.configclient.gcp.GcpParameterClient.1
        @Override // com.google.common.cache.CacheLoader
        public Optional<String> load(String str) throws ParameterClient.ParameterClientException {
            return GcpParameterClient.this.getParameterValue(str);
        }
    });
    private final SecretManagerServiceClientProxy secretManagerServiceClient;
    private final GcpMetadataServiceClient metadataServiceClient;
    private final String projectId;

    @Inject
    public GcpParameterClient(SecretManagerServiceClientProxy secretManagerServiceClientProxy, @Annotations.GcpClientConfigMetadataServiceClient GcpMetadataServiceClient gcpMetadataServiceClient, @Annotations.GcpProjectId String str) {
        this.secretManagerServiceClient = secretManagerServiceClientProxy;
        this.metadataServiceClient = gcpMetadataServiceClient;
        this.projectId = str;
    }

    @Override // com.google.scp.shared.clients.configclient.ParameterClient
    public Optional<String> getParameter(String str) throws ParameterClient.ParameterClientException {
        return getParameter(str, Optional.of(DEFAULT_PARAM_PREFIX), true);
    }

    @Override // com.google.scp.shared.clients.configclient.ParameterClient
    public Optional<String> getParameter(String str, Optional<String> optional, boolean z) throws ParameterClient.ParameterClientException {
        String storageParameterName = ParameterClientUtils.getStorageParameterName(str, optional, z ? getEnvironmentName() : Optional.empty());
        try {
            return this.paramCache.get(storageParameterName);
        } catch (Exception e) {
            throw new ParameterClient.ParameterClientException(String.format("Error reading parameter %s from GCP param cache.", storageParameterName), ErrorReason.FETCH_ERROR, e);
        }
    }

    @Override // com.google.scp.shared.clients.configclient.ParameterClient
    public Optional<String> getEnvironmentName() {
        return Optional.of(this.environmentSupplier.get());
    }

    private Optional<String> getParameterValue(String str) throws ParameterClient.ParameterClientException {
        String format = String.format("projects/%s/secrets/%s/versions/latest", this.projectId, str);
        logger.info(String.format(format, new Object[0]));
        try {
            return Optional.of(this.secretManagerServiceClient.accessSecretVersion(format).getPayload().getData().toStringUtf8());
        } catch (NotFoundException e) {
            return Optional.empty();
        } catch (Exception e2) {
            throw new ParameterClient.ParameterClientException(String.format("Error reading parameter %s from GCP secret manager.", str), ErrorReason.FETCH_ERROR, e2);
        }
    }

    private String loadEnvironment() {
        try {
            return this.metadataServiceClient.getMetadata(METADATA_ENVIRONMENT_KEY).orElseThrow(() -> {
                return new IllegalStateException(String.format("Environment missing, metadata field '%s' not found on instance.", METADATA_ENVIRONMENT_KEY));
            });
        } catch (IOException e) {
            throw new IllegalStateException("Failed to fetch environment from instance metadata.", e);
        }
    }
}
