package org.apache.nifi.properties;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/properties/ProtectedNiFiProperties.class */
class ProtectedNiFiProperties extends StandardNiFiProperties {
    private NiFiProperties niFiProperties;
    private Map<String, SensitivePropertyProvider> localProviderCache;
    public static final String ADDITIONAL_SENSITIVE_PROPERTIES_KEY = "nifi.sensitive.props.additional.keys";
    private static final Logger logger = LoggerFactory.getLogger(ProtectedNiFiProperties.class);
    public static final List<String> DEFAULT_SENSITIVE_PROPERTIES = new ArrayList(Arrays.asList("nifi.security.keyPasswd", "nifi.security.keystorePasswd", "nifi.security.truststorePasswd", "nifi.sensitive.props.key"));

    public ProtectedNiFiProperties() {
        this(new StandardNiFiProperties());
    }

    public ProtectedNiFiProperties(NiFiProperties niFiProperties) {
        this.localProviderCache = new HashMap();
        this.niFiProperties = niFiProperties;
        logger.debug("Loaded {} properties (including {} protection schemes) into ProtectedNiFiProperties", Integer.valueOf(getPropertyKeysIncludingProtectionSchemes().size()), Integer.valueOf(getProtectedPropertyKeys().size()));
    }

    public ProtectedNiFiProperties(Properties properties) {
        this(new StandardNiFiProperties(properties));
    }

    @Override // org.apache.nifi.properties.StandardNiFiProperties
    public String getProperty(String str) {
        return getInternalNiFiProperties().getProperty(str);
    }

    @Override // org.apache.nifi.properties.StandardNiFiProperties
    public Set<String> getPropertyKeys() {
        Set<String> propertyKeysIncludingProtectionSchemes = getPropertyKeysIncludingProtectionSchemes();
        propertyKeysIncludingProtectionSchemes.removeIf(str -> {
            return str.endsWith(".protected");
        });
        return propertyKeysIncludingProtectionSchemes;
    }

    NiFiProperties getInternalNiFiProperties() {
        if (this.niFiProperties == null) {
            this.niFiProperties = new StandardNiFiProperties();
        }
        return this.niFiProperties;
    }

    @Override // org.apache.nifi.properties.StandardNiFiProperties
    public int size() {
        return getPropertyKeys().size();
    }

    Set<String> getPropertyKeysIncludingProtectionSchemes() {
        return getInternalNiFiProperties().getPropertyKeys();
    }

    private static List<String> splitMultipleProperties(String str) {
        if (str == null || str.trim().isEmpty()) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(str.split("\\s*[,;]\\s*")));
        for (int i = 0; i < arrayList.size(); i++) {
            arrayList.set(i, ((String) arrayList.get(i)).trim());
        }
        return arrayList;
    }

    public List<String> getSensitivePropertyKeys() {
        String property = getProperty(ADDITIONAL_SENSITIVE_PROPERTIES_KEY);
        if (property == null || property.trim().isEmpty()) {
            return DEFAULT_SENSITIVE_PROPERTIES;
        }
        List<String> splitMultipleProperties = splitMultipleProperties(property);
        if (splitMultipleProperties.contains(ADDITIONAL_SENSITIVE_PROPERTIES_KEY)) {
            logger.warn("The key '{}' contains itself. This is poor practice and should be removed", ADDITIONAL_SENSITIVE_PROPERTIES_KEY);
            splitMultipleProperties.remove(ADDITIONAL_SENSITIVE_PROPERTIES_KEY);
        }
        splitMultipleProperties.addAll(DEFAULT_SENSITIVE_PROPERTIES);
        return splitMultipleProperties;
    }

    public boolean hasProtectedKeys() {
        Iterator<String> it = getSensitivePropertyKeys().iterator();
        while (it.hasNext()) {
            if (isPropertyProtected(it.next())) {
                return true;
            }
        }
        return false;
    }

    public Map<String, String> getProtectedPropertyKeys() {
        List<String> sensitivePropertyKeys = getSensitivePropertyKeys();
        HashMap hashMap = new HashMap();
        for (String str : sensitivePropertyKeys) {
            String property = getProperty(getProtectionKey(str));
            if (!StringUtils.isBlank(property)) {
                hashMap.put(str, property);
            }
        }
        return hashMap;
    }

    public Set<String> getProtectionSchemes() {
        return new HashSet(getProtectedPropertyKeys().values());
    }

    public int getPercentOfSensitivePropertiesProtected() {
        return (int) Math.round((getProtectedPropertyKeys().size() / getSensitivePropertyKeys().size()) * 100.0d);
    }

    public boolean isPropertySensitive(String str) {
        return (str == null || str.equals(ADDITIONAL_SENSITIVE_PROPERTIES_KEY) || !getSensitivePropertyKeys().contains(str.trim())) ? false : true;
    }

    public boolean isPropertyProtected(String str) {
        return (str == null || !isPropertySensitive(str) || StringUtils.isBlank(getProperty(getProtectionKey(str)))) ? false : true;
    }

    public String getProtectionKey(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Cannot find protection key for null key");
        }
        return str + ".protected";
    }

    public NiFiProperties getUnprotectedProperties() throws SensitivePropertyProtectionException {
        if (!hasProtectedKeys()) {
            logger.debug("No protected properties");
            return getInternalNiFiProperties();
        }
        logger.info("There are {} protected properties of {} sensitive properties ({}%)", new Object[]{Integer.valueOf(getProtectedPropertyKeys().size()), Integer.valueOf(getSensitivePropertyKeys().size()), Integer.valueOf(getPercentOfSensitivePropertiesProtected())});
        Properties properties = new Properties();
        HashSet hashSet = new HashSet();
        for (String str : getPropertyKeys()) {
            if (!str.endsWith(".protected")) {
                if (isPropertyProtected(str)) {
                    try {
                        properties.setProperty(str, unprotectValue(str, getProperty(str)));
                    } catch (SensitivePropertyProtectionException e) {
                        logger.warn("Failed to unprotect '{}'", str, e);
                        hashSet.add(str);
                    }
                } else {
                    properties.setProperty(str, getProperty(str));
                }
            }
        }
        if (hashSet.isEmpty()) {
            return new StandardNiFiProperties(properties);
        }
        if (hashSet.size() <= 1) {
            throw new SensitivePropertyProtectionException("Failed to unprotect key " + ((String) hashSet.iterator().next()));
        }
        logger.warn("Combining {} failed keys [{}] into single exception", Integer.valueOf(hashSet.size()), StringUtils.join(hashSet, ", "));
        throw new MultipleSensitivePropertyProtectionException("Failed to unprotect keys", hashSet);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addSensitivePropertyProvider(SensitivePropertyProvider sensitivePropertyProvider) {
        if (sensitivePropertyProvider == null) {
            throw new IllegalArgumentException("Cannot add null SensitivePropertyProvider");
        }
        if (getSensitivePropertyProviders().containsKey(sensitivePropertyProvider.getIdentifierKey())) {
            throw new UnsupportedOperationException("Cannot overwrite existing sensitive property provider registered for " + sensitivePropertyProvider.getIdentifierKey());
        }
        getSensitivePropertyProviders().put(sensitivePropertyProvider.getIdentifierKey(), sensitivePropertyProvider);
    }

    private String getDefaultProtectionScheme() {
        if (getSensitivePropertyProviders().isEmpty()) {
            throw new IllegalStateException("No registered protection schemes");
        }
        ArrayList arrayList = new ArrayList(getSensitivePropertyProviders().keySet());
        Collections.sort(arrayList);
        return (String) arrayList.get(0);
    }

    NiFiProperties protectPlainProperties() {
        try {
            return protectPlainProperties(getDefaultProtectionScheme());
        } catch (IllegalStateException e) {
            logger.warn("Cannot protect properties with default scheme if no protection schemes are registered");
            throw new IllegalStateException("Cannot protect properties with default scheme if no protection schemes are registered", e);
        }
    }

    NiFiProperties protectPlainProperties(String str) {
        SensitivePropertyProvider sensitivePropertyProvider = getSensitivePropertyProvider(str);
        Properties properties = new Properties();
        Set<String> propertyKeys = getPropertyKeys();
        propertyKeys.removeAll(getSensitivePropertyKeys());
        for (String str2 : propertyKeys) {
            properties.setProperty(str2, getInternalNiFiProperties().getProperty(str2));
        }
        for (String str3 : getSensitivePropertyKeys()) {
            String property = getInternalNiFiProperties().getProperty(str3);
            if (property == null || property.trim().isEmpty()) {
                properties.setProperty(str3, property);
            } else {
                properties.setProperty(str3, sensitivePropertyProvider.protect(property));
                properties.setProperty(getProtectionKey(str3), str);
            }
        }
        return new StandardNiFiProperties(properties);
    }

    public static int countProtectedProperties(NiFiProperties niFiProperties) {
        return new ProtectedNiFiProperties(niFiProperties).getProtectedPropertyKeys().size();
    }

    public static int countSensitiveProperties(NiFiProperties niFiProperties) {
        return new ProtectedNiFiProperties(niFiProperties).getSensitivePropertyKeys().size();
    }

    @Override // org.apache.nifi.properties.StandardNiFiProperties
    public String toString() {
        Set<String> keySet = getSensitivePropertyProviders().keySet();
        return "ProtectedNiFiProperties instance with " + size() + " properties (" + getProtectedPropertyKeys().size() + " protected) and " + keySet.size() + " sensitive property providers: " + StringUtils.join(keySet, ", ");
    }

    private Map<String, SensitivePropertyProvider> getSensitivePropertyProviders() {
        if (this.localProviderCache == null) {
            this.localProviderCache = new HashMap();
        }
        return this.localProviderCache;
    }

    private SensitivePropertyProvider getSensitivePropertyProvider(String str) {
        if (isProviderAvailable(str)) {
            return getSensitivePropertyProviders().get(str);
        }
        throw new SensitivePropertyProtectionException("No provider available for " + str);
    }

    private boolean isProviderAvailable(String str) {
        return getSensitivePropertyProviders().containsKey(str);
    }

    private String unprotectValue(String str, String str2) {
        if (!isPropertyProtected(str)) {
            return str2;
        }
        String property = getProperty(getProtectionKey(str));
        if (!isProviderAvailable(property)) {
            logger.warn("No provider available for {} so passing the protected {} value back", property, str);
            return str2;
        }
        try {
            return getSensitivePropertyProvider(property).unprotect(str2);
        } catch (SensitivePropertyProtectionException e) {
            throw new SensitivePropertyProtectionException("Error unprotecting value for " + str, e.getCause());
        }
    }
}
