package org.apache.nifi.vault.hashicorp;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.Validator;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.parameter.AbstractParameterProvider;
import org.apache.nifi.parameter.Parameter;
import org.apache.nifi.parameter.ParameterDescriptor;
import org.apache.nifi.parameter.ParameterGroup;
import org.apache.nifi.parameter.ParameterProvider;
import org.apache.nifi.parameter.VerifiableParameterProvider;
import org.apache.nifi.processor.util.StandardValidators;

@CapabilityDescription("Provides parameters from HashiCorp Vault Key/Value Version 1 Secrets.  Each Secret represents a parameter group, which will map to a Parameter Context.  The keys and values in the Secret map to Parameters.")
@Tags({"hashicorp", "vault", "secret"})
/* loaded from: input_file:org/apache/nifi/vault/hashicorp/HashiCorpVaultParameterProvider.class */
public class HashiCorpVaultParameterProvider extends AbstractParameterProvider implements ParameterProvider, VerifiableParameterProvider {
    public static final PropertyDescriptor VAULT_CLIENT_SERVICE = new PropertyDescriptor.Builder().name("vault-client-service").displayName("HashiCorp Vault Client Service").description("The service used to interact with HashiCorp Vault").identifiesControllerService(HashiCorpVaultClientService.class).addValidator(Validator.VALID).required(true).build();
    public static final PropertyDescriptor KV_PATH = new PropertyDescriptor.Builder().name("kv-path").displayName("Key/Value Path").description("The HashiCorp Vault path to the Key/Value Version 1 Secrets Engine").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).required(true).defaultValue("kv").build();
    public static final PropertyDescriptor SECRET_NAME_PATTERN = new PropertyDescriptor.Builder().name("secret-name-pattern").displayName("Secret Name Pattern").description("A Regular Expression indicating which Secrets to include as parameter groups to map to Parameter Contexts by name.").addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR).required(true).defaultValue(".*").build();
    private static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(VAULT_CLIENT_SERVICE, KV_PATH, SECRET_NAME_PATTERN));
    private HashiCorpVaultCommunicationService vaultCommunicationService;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    public List<ParameterGroup> fetchParameters(ConfigurationContext configurationContext) {
        if (this.vaultCommunicationService == null) {
            this.vaultCommunicationService = getVaultCommunicationService(configurationContext);
        }
        return getParameterGroups(this.vaultCommunicationService, configurationContext);
    }

    private List<ParameterGroup> getParameterGroups(HashiCorpVaultCommunicationService hashiCorpVaultCommunicationService, ConfigurationContext configurationContext) {
        String value = configurationContext.getProperty(KV_PATH).getValue();
        String value2 = configurationContext.getProperty(SECRET_NAME_PATTERN).getValue();
        List<String> list = (List) hashiCorpVaultCommunicationService.listKeyValueSecrets(value).stream().filter(str -> {
            return str.matches(value2);
        }).collect(Collectors.toList());
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            Map readKeyValueSecretMap = hashiCorpVaultCommunicationService.readKeyValueSecretMap(value, str2);
            ArrayList arrayList2 = new ArrayList();
            readKeyValueSecretMap.forEach((str3, str4) -> {
                arrayList2.add(new Parameter(new ParameterDescriptor.Builder().name(str3).build(), str4, (String) null, true));
            });
            arrayList.add(new ParameterGroup(str2, arrayList2));
        }
        long count = arrayList.stream().flatMap(parameterGroup -> {
            return parameterGroup.getParameters().stream();
        }).count();
        getLogger().info("Fetched parameter groups {}, containing a total of {} parameters", new Object[]{(List) arrayList.stream().map(parameterGroup2 -> {
            return parameterGroup2.getGroupName();
        }).distinct().collect(Collectors.toList()), Long.valueOf(count)});
        return arrayList;
    }

    public void onPropertyModified(PropertyDescriptor propertyDescriptor, String str, String str2) {
        if (VAULT_CLIENT_SERVICE.equals(propertyDescriptor)) {
            this.vaultCommunicationService = null;
        }
    }

    public List<ConfigVerificationResult> verify(ConfigurationContext configurationContext, ComponentLog componentLog) {
        ArrayList arrayList = new ArrayList();
        try {
            List<ParameterGroup> parameterGroups = getParameterGroups(getVaultCommunicationService(configurationContext), configurationContext);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).verificationStepName("Fetch Secrets as Parameter Groups").explanation(String.format("Successfully fetched %s secrets matching the filter as Parameter Groups, containing a total of %s Parameters.", Integer.valueOf(parameterGroups.size()), Long.valueOf(parameterGroups.stream().flatMap(parameterGroup -> {
                return parameterGroup.getParameters().stream();
            }).count()))).build());
        } catch (Exception e) {
            componentLog.error("Failed to fetch secrets as Parameter Groups", e);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.FAILED).verificationStepName("Fetch Secrets as Parameter Groups").explanation(String.format("Failed to fetch secrets as Parameter Groups: " + e.getMessage(), new Object[0])).build());
        }
        return arrayList;
    }

    HashiCorpVaultCommunicationService getVaultCommunicationService(ConfigurationContext configurationContext) {
        return configurationContext.getProperty(VAULT_CLIENT_SERVICE).asControllerService(HashiCorpVaultClientService.class).getHashiCorpVaultCommunicationService();
    }
}
