package org.apache.nifi.properties;

import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.secrets.SecretClient;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.nifi.properties.BootstrapProperties;
import org.apache.nifi.properties.configuration.AwsKmsClientProvider;
import org.apache.nifi.properties.configuration.AwsSecretsManagerClientProvider;
import org.apache.nifi.properties.configuration.AzureCryptographyClientProvider;
import org.apache.nifi.properties.configuration.AzureSecretClientProvider;
import org.apache.nifi.properties.configuration.ClientProvider;
import org.apache.nifi.properties.configuration.GoogleKeyManagementServiceClientProvider;
import org.apache.nifi.properties.scheme.ProtectionScheme;
import org.apache.nifi.util.NiFiBootstrapUtils;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;

/* loaded from: input_file:org/apache/nifi/properties/StandardSensitivePropertyProviderFactory.class */
public class StandardSensitivePropertyProviderFactory implements SensitivePropertyProviderFactory {
    private static final Logger logger = LoggerFactory.getLogger(StandardSensitivePropertyProviderFactory.class);
    private static final List<Class<? extends SensitivePropertyProvider>> PROVIDER_CLASSES = Arrays.asList(AesGcmSensitivePropertyProvider.class, AwsKmsSensitivePropertyProvider.class, AwsSecretsManagerSensitivePropertyProvider.class, AzureKeyVaultKeySensitivePropertyProvider.class, AzureKeyVaultSecretSensitivePropertyProvider.class, GcpKmsSensitivePropertyProvider.class, HashiCorpVaultKeyValueSensitivePropertyProvider.class, HashiCorpVaultTransitSensitivePropertyProvider.class);
    private Optional<String> keyHex;
    private final Supplier<BootstrapProperties> bootstrapPropertiesSupplier;
    private final Map<Class<? extends SensitivePropertyProvider>, SensitivePropertyProvider> providers;
    private Map<String, Pattern> customPropertyContextMap;

    public StandardSensitivePropertyProviderFactory() {
        this(null, null);
    }

    public void setKeyHex(String str) {
        this.keyHex = Optional.ofNullable(str);
    }

    public static SensitivePropertyProviderFactory withDefaults() {
        return withKeyAndBootstrapSupplier(null, null);
    }

    public static SensitivePropertyProviderFactory withKey(String str) {
        return new StandardSensitivePropertyProviderFactory(str, null);
    }

    public static SensitivePropertyProviderFactory withKeyAndBootstrapSupplier(String str, Supplier<BootstrapProperties> supplier) {
        return new StandardSensitivePropertyProviderFactory(str, supplier);
    }

    private StandardSensitivePropertyProviderFactory(String str, Supplier<BootstrapProperties> supplier) {
        this.keyHex = Optional.ofNullable(str);
        this.bootstrapPropertiesSupplier = supplier == null ? () -> {
            return null;
        } : supplier;
        this.providers = new HashMap();
        this.customPropertyContextMap = null;
    }

    public SensitivePropertyProvider getProvider(ProtectionScheme protectionScheme) throws SensitivePropertyProtectionException {
        String path = ((ProtectionScheme) Objects.requireNonNull(protectionScheme, "Protection Scheme required")).getPath();
        return getSupportedProviders().stream().filter(sensitivePropertyProvider -> {
            return sensitivePropertyProvider.getIdentifierKey().startsWith(path);
        }).findFirst().orElseThrow(() -> {
            return new SensitivePropertyProtectionException(String.format("Protection Scheme [%s] not found", path));
        });
    }

    public Collection<SensitivePropertyProvider> getSupportedProviders() {
        return (Collection) PROVIDER_CLASSES.stream().map(this::getProvider).filter((v0) -> {
            return v0.isSupported();
        }).collect(Collectors.toList());
    }

    public ProtectedPropertyContext getPropertyContext(String str, String str2) {
        if (this.customPropertyContextMap == null) {
            populateCustomPropertyContextMap();
        }
        return ProtectedPropertyContext.contextFor(str2, (String) this.customPropertyContextMap.entrySet().stream().filter(entry -> {
            return ((Pattern) entry.getValue()).matcher(str).find();
        }).map((v0) -> {
            return v0.getKey();
        }).findFirst().orElse(null));
    }

    private void populateCustomPropertyContextMap() {
        BootstrapProperties bootstrapProperties = getBootstrapProperties();
        this.customPropertyContextMap = new HashMap();
        String key = BootstrapProperties.BootstrapPropertyKey.CONTEXT_MAPPING_PREFIX.getKey();
        bootstrapProperties.getPropertyKeys().stream().filter(str -> {
            return str.contains(key);
        }).forEach(str2 -> {
            this.customPropertyContextMap.put(StringUtils.substringAfter(str2, key), Pattern.compile(bootstrapProperties.getProperty(str2)));
        });
    }

    private String getKeyHex() {
        return this.keyHex.orElseGet(() -> {
            return (String) getBootstrapProperties().getProperty(BootstrapProperties.BootstrapPropertyKey.SENSITIVE_KEY).orElseThrow(() -> {
                return new SensitivePropertyProtectionException("Could not read root key from bootstrap.conf");
            });
        });
    }

    private BootstrapProperties getBootstrapProperties() {
        return (BootstrapProperties) Optional.ofNullable(this.bootstrapPropertiesSupplier.get()).orElseGet(() -> {
            try {
                return NiFiBootstrapUtils.loadBootstrapProperties();
            } catch (IOException e) {
                logger.debug("Bootstrap Properties loading failed", e);
                return BootstrapProperties.EMPTY;
            }
        });
    }

    private <T> Properties getClientProperties(ClientProvider<T> clientProvider) {
        return (Properties) clientProvider.getClientProperties(getBootstrapProperties()).orElse(null);
    }

    private SensitivePropertyProvider getProvider(Class<? extends SensitivePropertyProvider> cls) throws SensitivePropertyProtectionException {
        AesGcmSensitivePropertyProvider aesGcmSensitivePropertyProvider = (SensitivePropertyProvider) this.providers.get(cls);
        if (aesGcmSensitivePropertyProvider == null) {
            if (AesGcmSensitivePropertyProvider.class.equals(cls)) {
                aesGcmSensitivePropertyProvider = new AesGcmSensitivePropertyProvider(getKeyHex());
            } else if (AwsKmsSensitivePropertyProvider.class.equals(cls)) {
                AwsKmsClientProvider awsKmsClientProvider = new AwsKmsClientProvider();
                Properties clientProperties = getClientProperties(awsKmsClientProvider);
                aesGcmSensitivePropertyProvider = new AwsKmsSensitivePropertyProvider((KmsClient) awsKmsClientProvider.getClient(clientProperties).orElse(null), clientProperties);
            } else if (AwsSecretsManagerSensitivePropertyProvider.class.equals(cls)) {
                AwsSecretsManagerClientProvider awsSecretsManagerClientProvider = new AwsSecretsManagerClientProvider();
                aesGcmSensitivePropertyProvider = new AwsSecretsManagerSensitivePropertyProvider((SecretsManagerClient) awsSecretsManagerClientProvider.getClient(getClientProperties(awsSecretsManagerClientProvider)).orElse(null));
            } else if (AzureKeyVaultKeySensitivePropertyProvider.class.equals(cls)) {
                AzureCryptographyClientProvider azureCryptographyClientProvider = new AzureCryptographyClientProvider();
                Properties clientProperties2 = getClientProperties(azureCryptographyClientProvider);
                aesGcmSensitivePropertyProvider = new AzureKeyVaultKeySensitivePropertyProvider((CryptographyClient) azureCryptographyClientProvider.getClient(clientProperties2).orElse(null), clientProperties2);
            } else if (AzureKeyVaultSecretSensitivePropertyProvider.class.equals(cls)) {
                AzureSecretClientProvider azureSecretClientProvider = new AzureSecretClientProvider();
                aesGcmSensitivePropertyProvider = new AzureKeyVaultSecretSensitivePropertyProvider((SecretClient) azureSecretClientProvider.getClient(getClientProperties(azureSecretClientProvider)).orElse(null));
            } else if (GcpKmsSensitivePropertyProvider.class.equals(cls)) {
                GoogleKeyManagementServiceClientProvider googleKeyManagementServiceClientProvider = new GoogleKeyManagementServiceClientProvider();
                Properties clientProperties3 = getClientProperties(googleKeyManagementServiceClientProvider);
                aesGcmSensitivePropertyProvider = new GcpKmsSensitivePropertyProvider((KeyManagementServiceClient) googleKeyManagementServiceClientProvider.getClient(clientProperties3).orElse(null), clientProperties3);
            } else if (HashiCorpVaultKeyValueSensitivePropertyProvider.class.equals(cls)) {
                aesGcmSensitivePropertyProvider = new HashiCorpVaultKeyValueSensitivePropertyProvider(getBootstrapProperties());
            } else if (HashiCorpVaultTransitSensitivePropertyProvider.class.equals(cls)) {
                aesGcmSensitivePropertyProvider = new HashiCorpVaultTransitSensitivePropertyProvider(getBootstrapProperties());
            }
        }
        if (aesGcmSensitivePropertyProvider == null) {
            throw new UnsupportedOperationException(String.format("Provider class not supported [%s]", cls));
        }
        this.providers.put(cls, aesGcmSensitivePropertyProvider);
        return aesGcmSensitivePropertyProvider;
    }
}
