package org.apache.nifi.security.kms;

import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.nifi.security.kms.configuration.FileBasedKeyProviderConfiguration;
import org.apache.nifi.security.kms.configuration.KeyProviderConfiguration;
import org.apache.nifi.security.kms.configuration.KeyStoreKeyProviderConfiguration;
import org.apache.nifi.security.kms.configuration.StaticKeyProviderConfiguration;
import org.apache.nifi.security.kms.reader.KeyReaderException;

/* loaded from: input_file:org/apache/nifi/security/kms/KeyProviderFactory.class */
public class KeyProviderFactory {
    private static final String SECRET_KEY_ALGORITHM = "AES";

    public static KeyProvider getKeyProvider(KeyProviderConfiguration<?> keyProviderConfiguration) {
        StaticKeyProvider keyStoreKeyProvider;
        if (keyProviderConfiguration instanceof StaticKeyProviderConfiguration) {
            try {
                keyStoreKeyProvider = new StaticKeyProvider(getSecretKeys(((StaticKeyProviderConfiguration) keyProviderConfiguration).getKeys()));
            } catch (DecoderException e) {
                throw new KeyReaderException("Decoding Hexadecimal Secret Keys failed", e);
            }
        } else if (keyProviderConfiguration instanceof FileBasedKeyProviderConfiguration) {
            FileBasedKeyProviderConfiguration fileBasedKeyProviderConfiguration = (FileBasedKeyProviderConfiguration) keyProviderConfiguration;
            keyStoreKeyProvider = new FileBasedKeyProvider(Paths.get(fileBasedKeyProviderConfiguration.getLocation(), new String[0]), fileBasedKeyProviderConfiguration.getRootKey());
        } else {
            if (!(keyProviderConfiguration instanceof KeyStoreKeyProviderConfiguration)) {
                throw new UnsupportedOperationException(String.format("Key Provider [%s] not supported", keyProviderConfiguration.getKeyProviderClass().getName()));
            }
            KeyStoreKeyProviderConfiguration keyStoreKeyProviderConfiguration = (KeyStoreKeyProviderConfiguration) keyProviderConfiguration;
            keyStoreKeyProvider = new KeyStoreKeyProvider(keyStoreKeyProviderConfiguration.getKeyStore(), keyStoreKeyProviderConfiguration.getKeyPassword());
        }
        return keyStoreKeyProvider;
    }

    private static Map<String, SecretKey> getSecretKeys(Map<String, String> map) throws DecoderException {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), new SecretKeySpec(Hex.decodeHex(entry.getValue()), SECRET_KEY_ALGORITHM));
        }
        return hashMap;
    }
}
