package org.apache.nifi.vault.hashicorp;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.nifi.annotation.behavior.DynamicProperties;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.SupportsSensitiveDynamicProperties;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnDisabled;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.resource.ResourceReference;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultConfiguration;
import org.springframework.core.env.PropertySource;

@CapabilityDescription("A controller service for interacting with HashiCorp Vault.")
@SupportsSensitiveDynamicProperties
@DynamicProperties({@DynamicProperty(name = "A Spring Vault configuration property name", value = "The property value", description = "Allows any Spring Vault property keys to be specified, as described in (https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration). See Additional Details for more information.", expressionLanguageScope = ExpressionLanguageScope.VARIABLE_REGISTRY)})
@Tags({"hashicorp", "vault", "client"})
/* loaded from: input_file:org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultClientService.class */
public class StandardHashiCorpVaultClientService extends AbstractControllerService implements HashiCorpVaultClientService {
    private static List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(CONFIGURATION_STRATEGY, VAULT_URI, VAULT_AUTHENTICATION, SSL_CONTEXT_SERVICE, VAULT_PROPERTIES_FILES, CONNECTION_TIMEOUT, READ_TIMEOUT));
    private HashiCorpVaultCommunicationService communicationService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultClientService$DirectPropertySource.class */
    public static class DirectPropertySource extends PropertySource<ConfigurationContext> {
        private static final String VAULT_SSL_KEY_PATTERN = "vault.ssl.(key.*|trust.*|enabledProtocols)";

        public DirectPropertySource(String str, ConfigurationContext configurationContext) {
            super(str, configurationContext);
        }

        public Object getProperty(String str) {
            return str.matches(VAULT_SSL_KEY_PATTERN) ? getSslProperty(str) : ((ConfigurationContext) getSource()).getAllProperties().get(str);
        }

        private String getSslProperty(String str) {
            if (!((ConfigurationContext) getSource()).getProperty(HashiCorpVaultClientService.SSL_CONTEXT_SERVICE).isSet()) {
                return null;
            }
            SSLContextService asControllerService = ((ConfigurationContext) getSource()).getProperty(HashiCorpVaultClientService.SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            boolean z = -1;
            switch (str.hashCode()) {
                case -1155821448:
                    if (str.equals("vault.ssl.enabledProtocols")) {
                        z = 6;
                        break;
                    }
                    break;
                case -538630918:
                    if (str.equals("vault.ssl.trust-store-password")) {
                        z = 4;
                        break;
                    }
                    break;
                case -352651885:
                    if (str.equals("vault.ssl.key-store-password")) {
                        z = true;
                        break;
                    }
                    break;
                case -177471207:
                    if (str.equals("vault.ssl.trust-store-type")) {
                        z = 5;
                        break;
                    }
                    break;
                case 875644885:
                    if (str.equals("vault.ssl.key-store")) {
                        z = false;
                        break;
                    }
                    break;
                case 1487668786:
                    if (str.equals("vault.ssl.key-store-type")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1664866446:
                    if (str.equals("vault.ssl.trust-store")) {
                        z = 3;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return asControllerService.getKeyStoreFile();
                case true:
                    return asControllerService.getKeyStorePassword();
                case true:
                    return asControllerService.getKeyStoreType();
                case true:
                    return asControllerService.getTrustStoreFile();
                case true:
                    return asControllerService.getTrustStorePassword();
                case true:
                    return asControllerService.getTrustStoreType();
                case true:
                    return asControllerService.getSslAlgorithm();
                default:
                    return null;
            }
        }
    }

    protected PropertyDescriptor getSupportedDynamicPropertyDescriptor(String str) {
        return new PropertyDescriptor.Builder().name(str).displayName(str).dynamic(true).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    public List<ConfigVerificationResult> verify(ConfigurationContext configurationContext, ComponentLog componentLog, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        HashiCorpVaultCommunicationService hashiCorpVaultCommunicationService = null;
        try {
            hashiCorpVaultCommunicationService = createCommunicationService(configurationContext);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).verificationStepName("Configure HashiCorp Vault Client").explanation("Successfully configured HashiCorp Vault Client").build());
        } catch (Exception e) {
            componentLog.error("Failed to configure HashiCorp Vault Client", e);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.FAILED).verificationStepName("Configure HashiCorp Vault Client").explanation("Failed to configure HashiCorp Vault Client: " + e.getMessage()).build());
        }
        if (hashiCorpVaultCommunicationService != null) {
            try {
                hashiCorpVaultCommunicationService.getServerVersion();
                arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).verificationStepName("Connect to HashiCorp Vault Server").explanation("Successfully connected to HashiCorp Vault Server").build());
            } catch (Exception e2) {
                componentLog.error("Failed to connect to HashiCorp Vault Server", e2);
                arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.FAILED).verificationStepName("Connect to HashiCorp Vault Server").explanation("Failed to connect to HashiCorp Vault Server: " + e2.getMessage()).build());
            }
        }
        return arrayList;
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) throws InitializationException {
        try {
            this.communicationService = createCommunicationService(configurationContext);
        } catch (Exception e) {
            throw new InitializationException("Failed to initialize HashiCorp Vault client", e);
        }
    }

    @OnDisabled
    public void onDisabled() {
        this.communicationService = null;
    }

    public HashiCorpVaultCommunicationService getHashiCorpVaultCommunicationService() {
        return this.communicationService;
    }

    private HashiCorpVaultCommunicationService createCommunicationService(ConfigurationContext configurationContext) throws IOException {
        ArrayList arrayList = new ArrayList();
        if (DIRECT_PROPERTIES.getValue().equals(configurationContext.getProperty(CONFIGURATION_STRATEGY).getValue())) {
            arrayList.add(new DirectPropertySource("Direct Properties", configurationContext));
        } else {
            Iterator it = configurationContext.getProperty(VAULT_PROPERTIES_FILES).asResources().asList().iterator();
            while (it.hasNext()) {
                arrayList.add(HashiCorpVaultConfiguration.createPropertiesFileSource(((ResourceReference) it.next()).getLocation()));
            }
        }
        return new StandardHashiCorpVaultCommunicationService((PropertySource[]) arrayList.toArray(new PropertySource[0]));
    }
}
