package org.apache.nifi.vault.hashicorp;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultConfiguration;
import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultProperties;
import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultPropertySource;
import org.springframework.core.env.PropertySource;
import org.springframework.vault.authentication.SimpleSessionManager;
import org.springframework.vault.client.ClientHttpRequestFactoryFactory;
import org.springframework.vault.core.VaultKeyValueOperations;
import org.springframework.vault.core.VaultKeyValueOperationsSupport;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.core.VaultTransitOperations;
import org.springframework.vault.support.Ciphertext;
import org.springframework.vault.support.Plaintext;
import org.springframework.vault.support.VaultResponseSupport;

/* loaded from: input_file:org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultCommunicationService.class */
public class StandardHashiCorpVaultCommunicationService implements HashiCorpVaultCommunicationService {
    private final VaultTemplate vaultTemplate;
    private final VaultTransitOperations transitOperations;
    private final Map<String, VaultKeyValueOperations> keyValueOperationsMap;

    /* loaded from: input_file:org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultCommunicationService$SecretData.class */
    private static class SecretData {
        private final String value;

        @JsonCreator
        public SecretData(@JsonProperty("value") String str) {
            this.value = str;
        }

        public String getValue() {
            return this.value;
        }
    }

    public StandardHashiCorpVaultCommunicationService(PropertySource<?>... propertySourceArr) throws HashiCorpVaultConfigurationException {
        HashiCorpVaultConfiguration hashiCorpVaultConfiguration = new HashiCorpVaultConfiguration(propertySourceArr);
        this.vaultTemplate = new VaultTemplate(hashiCorpVaultConfiguration.vaultEndpoint(), ClientHttpRequestFactoryFactory.create(hashiCorpVaultConfiguration.clientOptions(), hashiCorpVaultConfiguration.sslConfiguration()), new SimpleSessionManager(hashiCorpVaultConfiguration.clientAuthentication()));
        this.transitOperations = this.vaultTemplate.opsForTransit();
        this.keyValueOperationsMap = new HashMap();
    }

    public StandardHashiCorpVaultCommunicationService(HashiCorpVaultProperties hashiCorpVaultProperties) throws HashiCorpVaultConfigurationException {
        this((PropertySource<?>[]) new PropertySource[]{new HashiCorpVaultPropertySource(hashiCorpVaultProperties)});
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public String encrypt(String str, byte[] bArr) {
        return this.transitOperations.encrypt(str, Plaintext.of(bArr)).getCiphertext();
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public byte[] decrypt(String str, String str2) {
        return this.transitOperations.decrypt(str, Ciphertext.of(str2)).getPlaintext();
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public void writeKeyValueSecret(String str, String str2, String str3) {
        Objects.requireNonNull(str, "Vault K/V path must be specified");
        Objects.requireNonNull(str2, "Secret secretKey must be specified");
        Objects.requireNonNull(str3, "Secret value must be specified");
        this.keyValueOperationsMap.computeIfAbsent(str, str4 -> {
            return this.vaultTemplate.opsForKeyValue(str4, VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
        }).put(str2, new SecretData(str3));
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public Optional<String> readKeyValueSecret(String str, String str2) {
        Objects.requireNonNull(str, "Vault K/V path must be specified");
        Objects.requireNonNull(str2, "Secret secretKey must be specified");
        VaultResponseSupport vaultResponseSupport = this.keyValueOperationsMap.computeIfAbsent(str, str3 -> {
            return this.vaultTemplate.opsForKeyValue(str3, VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
        }).get(str2, SecretData.class);
        return vaultResponseSupport == null ? Optional.empty() : Optional.ofNullable(((SecretData) vaultResponseSupport.getRequiredData()).getValue());
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public void writeKeyValueSecretMap(String str, String str2, Map<String, String> map) {
        Objects.requireNonNull(str, "Vault K/V path must be specified");
        Objects.requireNonNull(str2, "Secret secretKey must be specified");
        Objects.requireNonNull(map, "Key/values map must be specified");
        if (map.isEmpty()) {
            return;
        }
        this.keyValueOperationsMap.computeIfAbsent(str, str3 -> {
            return this.vaultTemplate.opsForKeyValue(str3, VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
        }).put(str2, map);
    }

    @Override // org.apache.nifi.vault.hashicorp.HashiCorpVaultCommunicationService
    public Map<String, String> readKeyValueSecretMap(String str, String str2) {
        VaultResponseSupport vaultResponseSupport = this.keyValueOperationsMap.computeIfAbsent(str, str3 -> {
            return this.vaultTemplate.opsForKeyValue(str3, VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
        }).get(str2, Map.class);
        return vaultResponseSupport == null ? Collections.emptyMap() : (Map) vaultResponseSupport.getRequiredData();
    }
}
