package org.apache.nifi.provenance;

import java.io.IOException;
import java.security.KeyManagementException;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.events.EventReporter;
import org.apache.nifi.provenance.serialization.RecordReaders;
import org.apache.nifi.provenance.store.EventFileManager;
import org.apache.nifi.provenance.store.RecordWriterFactory;
import org.apache.nifi.provenance.toc.StandardTocWriter;
import org.apache.nifi.provenance.toc.TocUtil;
import org.apache.nifi.security.kms.KeyProvider;
import org.apache.nifi.security.repository.RepositoryEncryptorUtils;
import org.apache.nifi.security.repository.config.ProvenanceRepositoryEncryptionConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/provenance/EncryptedWriteAheadProvenanceRepository.class */
public class EncryptedWriteAheadProvenanceRepository extends WriteAheadProvenanceRepository {
    private static final Logger logger = LoggerFactory.getLogger(EncryptedWriteAheadProvenanceRepository.class);

    public EncryptedWriteAheadProvenanceRepository() {
    }

    public EncryptedWriteAheadProvenanceRepository(NiFiProperties niFiProperties) {
        super(RepositoryConfiguration.create(niFiProperties));
    }

    public EncryptedWriteAheadProvenanceRepository(RepositoryConfiguration repositoryConfiguration) {
        super(repositoryConfiguration);
    }

    @Override // org.apache.nifi.provenance.WriteAheadProvenanceRepository
    public synchronized void initialize(EventReporter eventReporter, Authorizer authorizer, ProvenanceAuthorizableFactory provenanceAuthorizableFactory, IdentifierLookup identifierLookup) throws IOException {
        if (!getConfig().supportsEncryption()) {
            throw new IOException("The provided configuration does not support a encrypted repository");
        }
        try {
            KeyProvider buildKeyProvider = buildKeyProvider();
            AESProvenanceEventEncryptor aESProvenanceEventEncryptor = new AESProvenanceEventEncryptor();
            aESProvenanceEventEncryptor.initialize(buildKeyProvider);
            RecordWriterFactory recordWriterFactory = (file, atomicLong, z, z2) -> {
                StandardTocWriter standardTocWriter;
                if (z2) {
                    try {
                        standardTocWriter = new StandardTocWriter(TocUtil.getTocFile(file), false, false);
                    } catch (EncryptionException e) {
                        logger.error("Encountered an error building the schema record writer factory: ", e);
                        throw new IOException((Throwable) e);
                    }
                } else {
                    standardTocWriter = null;
                }
                return new EncryptedSchemaRecordWriter(file, atomicLong, standardTocWriter, z, 32768, identifierLookup, aESProvenanceEventEncryptor, getConfig().getDebugFrequency());
            };
            EventFileManager eventFileManager = new EventFileManager();
            super.init(recordWriterFactory, (file2, collection, i) -> {
                eventFileManager.obtainReadLock(file2);
                try {
                    EncryptedSchemaRecordReader encryptedSchemaRecordReader = (EncryptedSchemaRecordReader) RecordReaders.newRecordReader(file2, collection, i);
                    encryptedSchemaRecordReader.setProvenanceEventEncryptor(aESProvenanceEventEncryptor);
                    eventFileManager.releaseReadLock(file2);
                    return encryptedSchemaRecordReader;
                } catch (Throwable th) {
                    eventFileManager.releaseReadLock(file2);
                    throw th;
                }
            }, eventReporter, authorizer, provenanceAuthorizableFactory);
        } catch (KeyManagementException e) {
            logger.error("Encountered an error building the key provider", e);
            throw new IOException("Encountered an error building the key provider", e);
        }
    }

    private KeyProvider buildKeyProvider() throws IOException {
        RepositoryConfiguration config = getConfig();
        return RepositoryEncryptorUtils.validateAndBuildRepositoryKeyProvider(new ProvenanceRepositoryEncryptionConfiguration(config.getKeyProviderImplementation(), config.getKeyProviderLocation(), config.getKeyId(), config.getEncryptionKeys(), getClass().getName(), config.getKeyProviderPassword()));
    }
}
