package com.refinitiv.myplugin;

import com.refinitiv.collab.platform.msgfeed.Data.Credentials;
import com.refinitiv.collab.platform.msgfeed.handler.ServiceCredentialProvider;

public class AwsSecretsManagerCredentialProvider implements ServiceCredentialProvider {

    private static final String DEFAULT_SECRET_NAME_ENV = "AWS_SECRET_NAME";
    private static final String DEFAULT_REGION_ENV = "AWS_REGION";

    private final ObjectMapper mapper = new ObjectMapper();

    public AwsSecretsManagerCredentialProvider() {
        // No-arg constructor required for dynamic loading
    }

    @Override
    public String getName() {
        return "MyAwsSecretsManagerCredentialProvider";
    }

    @Override
    public Credentials getCredentials() {
        try {
            // Load configuration from environment variables or fallback system properties
            String secretName = System.getenv(DEFAULT_SECRET_NAME_ENV);
            if (secretName == null) {
                secretName = System.getProperty(DEFAULT_SECRET_NAME_ENV);
            }
            String regionName = System.getenv(DEFAULT_REGION_ENV);
            if (regionName == null) {
                regionName = System.getProperty(DEFAULT_REGION_ENV);
            }
            if (secretName == null || regionName == null) {
                throw new IllegalStateException("Missing required AWS_SECRET_NAME or AWS_REGION configuration.");
            }
            Region region = Region.of(regionName);
            SecretsManagerClient secretsClient = SecretsManagerClient.builder()
                    .region(region)
                    .build();
            GetSecretValueRequest request = GetSecretValueRequest.builder()
                    .secretId(secretName)
                    .build();
            GetSecretValueResponse response = secretsClient.getSecretValue(request);
            String secretString = response.secretString();
            JsonNode secretJson = mapper.readTree(secretString);
            String loginId = secretJson.get("loginId").asText();
            String password = secretJson.get("password").asText();
            return new Credentials(loginId, password);
        } catch (SecretsManagerException e) {
//... any error handling
            throw new RuntimeException("Failed to retrieve secret from AWS Secrets Manager", e);
        } catch (Exception e) {
//... any error handling
            throw new RuntimeException("Failed to resolve credentials", e);
        }
    }
}