package org.apache.nifi.properties;

import com.google.api.gax.rpc.ApiException;
import com.google.cloud.kms.v1.CryptoKeyName;
import com.google.cloud.kms.v1.CryptoKeyVersion;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.protobuf.ByteString;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/apache/nifi/properties/GcpKmsSensitivePropertyProvider.class */
public class GcpKmsSensitivePropertyProvider extends ClientBasedEncodedSensitivePropertyProvider<KeyManagementServiceClient> {
    protected static final String PROJECT_PROPERTY = "gcp.kms.project";
    protected static final String LOCATION_PROPERTY = "gcp.kms.location";
    protected static final String KEYRING_PROPERTY = "gcp.kms.keyring";
    protected static final String KEY_PROPERTY = "gcp.kms.key";
    private static final String SCHEME_BASE_PATH = "gcp/kms";
    private CryptoKeyName cryptoKeyName;

    GcpKmsSensitivePropertyProvider(KeyManagementServiceClient keyManagementServiceClient, Properties properties) {
        super(keyManagementServiceClient, properties);
    }

    public String getIdentifierKey() {
        return SCHEME_BASE_PATH;
    }

    public void cleanUp() {
        KeyManagementServiceClient keyManagementServiceClient = (KeyManagementServiceClient) getClient();
        if (keyManagementServiceClient == null) {
            this.logger.debug("GCP KMS Client not configured");
        } else {
            keyManagementServiceClient.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(KeyManagementServiceClient keyManagementServiceClient) {
        if (keyManagementServiceClient == null) {
            this.logger.debug("GCP KMS Client not configured");
            return;
        }
        String property = getProperties().getProperty(PROJECT_PROPERTY);
        String property2 = getProperties().getProperty(LOCATION_PROPERTY);
        String property3 = getProperties().getProperty(KEYRING_PROPERTY);
        String property4 = getProperties().getProperty(KEY_PROPERTY);
        if (!StringUtils.isNoneBlank(new CharSequence[]{property, property2, property3, property4})) {
            throw new SensitivePropertyProtectionException("GCP KMS Missing Required Properties");
        }
        this.cryptoKeyName = CryptoKeyName.of(property, property2, property3, property4);
        try {
            if (CryptoKeyVersion.CryptoKeyVersionState.ENABLED != keyManagementServiceClient.getCryptoKey(this.cryptoKeyName).getPrimary().getState()) {
                throw new SensitivePropertyProtectionException(String.format("GCP KMS Crypto Key [%s] Disabled", this.cryptoKeyName));
            }
            this.logger.info("GCP KMS Crypto Key [{}] Validated", this.cryptoKeyName);
        } catch (ApiException e) {
            throw new SensitivePropertyProtectionException(String.format("GCP KMS Crypto Key [%s] Validation Failed", this.cryptoKeyName), e);
        }
    }

    protected byte[] getEncrypted(byte[] bArr) {
        return ((KeyManagementServiceClient) getClient()).encrypt(this.cryptoKeyName, ByteString.copyFrom(bArr)).getCiphertext().toByteArray();
    }

    protected byte[] getDecrypted(byte[] bArr) {
        return ((KeyManagementServiceClient) getClient()).decrypt(this.cryptoKeyName, ByteString.copyFrom(bArr)).getPlaintext().toByteArray();
    }
}
