package org.apache.nifi.key.service;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnDisabled;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.components.resource.ResourceCardinality;
import org.apache.nifi.components.resource.ResourceType;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.key.service.api.PrivateKeyService;
import org.apache.nifi.key.service.reader.BouncyCastlePrivateKeyReader;
import org.apache.nifi.key.service.reader.PrivateKeyReader;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;

@CapabilityDescription("Private Key Service provides access to a Private Key loaded from configured sources")
@Tags({"PEM", "PKCS8"})
/* loaded from: input_file:org/apache/nifi/key/service/StandardPrivateKeyService.class */
public class StandardPrivateKeyService extends AbstractControllerService implements PrivateKeyService {
    public static final PropertyDescriptor KEY_FILE = new PropertyDescriptor.Builder().name("key-file").displayName("Key File").description("File path to Private Key structured using PKCS8 and encoded as PEM").required(false).identifiesExternalResource(ResourceCardinality.SINGLE, ResourceType.FILE, new ResourceType[0]).build();
    public static final PropertyDescriptor KEY = new PropertyDescriptor.Builder().name("key").displayName("Key").description("Private Key structured using PKCS8 and encoded as PEM").required(false).sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor KEY_PASSWORD = new PropertyDescriptor.Builder().name("key-password").displayName("Key Password").description("Password used for decrypting Private Keys").required(false).sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    private static final List<PropertyDescriptor> DESCRIPTORS = Arrays.asList(KEY_FILE, KEY, KEY_PASSWORD);
    private static final Charset KEY_CHARACTER_SET = StandardCharsets.US_ASCII;
    private static final PrivateKeyReader PRIVATE_KEY_READER = new BouncyCastlePrivateKeyReader();
    private final AtomicReference<PrivateKey> keyReference = new AtomicReference<>();

    public PrivateKey getPrivateKey() {
        return this.keyReference.get();
    }

    public void onPropertyModified(PropertyDescriptor propertyDescriptor, String str, String str2) {
        this.keyReference.set(null);
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) throws InitializationException {
        try {
            this.keyReference.set(readKey(configurationContext));
        } catch (RuntimeException e) {
            throw new InitializationException("Reading Private Key Failed", e);
        }
    }

    @OnDisabled
    public void onDisabled() {
        this.keyReference.set(null);
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return DESCRIPTORS;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        PropertyValue property = validationContext.getProperty(KEY_FILE);
        PropertyValue property2 = validationContext.getProperty(KEY);
        if (property.isSet() && property2.isSet()) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(KEY.getDisplayName()).explanation(String.format("Both [%s] and [%s] properties configured", KEY_FILE.getDisplayName(), KEY.getDisplayName())).build());
        } else if (this.keyReference.get() == null) {
            try {
                this.keyReference.set(readKey(validationContext));
            } catch (RuntimeException e) {
                arrayList.add(new ValidationResult.Builder().valid(false).subject(KEY.getDisplayName()).explanation(e.getMessage()).build());
            }
        }
        return arrayList;
    }

    private PrivateKey readKey(PropertyContext propertyContext) {
        PrivateKey readPrivateKey;
        char[] keyPassword = getKeyPassword(propertyContext);
        PropertyValue property = propertyContext.getProperty(KEY_FILE);
        PropertyValue property2 = propertyContext.getProperty(KEY);
        if (property.isSet()) {
            try {
                InputStream read = property.asResource().read();
                try {
                    readPrivateKey = PRIVATE_KEY_READER.readPrivateKey(read, keyPassword);
                    if (read != null) {
                        read.close();
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException("Read Private Key File failed", e);
            }
        } else {
            if (!property2.isSet()) {
                throw new IllegalStateException("Private Key not configured");
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(property2.getValue().getBytes(KEY_CHARACTER_SET));
                try {
                    readPrivateKey = PRIVATE_KEY_READER.readPrivateKey(byteArrayInputStream, keyPassword);
                    byteArrayInputStream.close();
                } finally {
                }
            } catch (IOException e2) {
                throw new UncheckedIOException("Read Private Key failed", e2);
            }
        }
        return readPrivateKey;
    }

    private char[] getKeyPassword(PropertyContext propertyContext) {
        PropertyValue property = propertyContext.getProperty(KEY_PASSWORD);
        return property.isSet() ? property.getValue().toCharArray() : new char[0];
    }
}
