package io.opentdf.nifi;

import com.google.gson.Gson;
import io.opentdf.platform.sdk.AssertionConfig;
import io.opentdf.platform.sdk.Config;
import io.opentdf.platform.sdk.SDK;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import org.apache.nifi.annotation.behavior.ReadsAttribute;
import org.apache.nifi.annotation.behavior.ReadsAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.key.service.api.PrivateKeyService;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;

@CapabilityDescription("Transforms flow file content into a ZTDF")
@Tags({"ZTDF", "OpenTDF", "Zero Trust Data Format", "Encrypt", "Data Centric Security"})
@ReadsAttributes({@ReadsAttribute(attribute = "kas_url", description = "The Key Access Server (KAS) URL used TDF Creation. This overrides the KAS URL property of this processor."), @ReadsAttribute(attribute = "tdf_attribute", description = "A comma separated list of data attributes added to created TDF Data Policy. e.g. http://example.org/attr/foo/value/bar,http://example.org/attr/foo/value/bar2"), @ReadsAttribute(attribute = "tdf_assertion_<id>", description = "A single assertion with a JSON payload reflecting the assertion schema :\n{\"type\":<>,\n\"scope\":<>\n,\"appliesToState\":<>\n\"statement\": {\n \"value\":<>,\n \"format\":<>,\n} \n}; more than one assertion supported through the \"tdf_assertion_\" attribute name prefix. e.g. tdf_assertion_1, tdf_assertion_2")})
/* loaded from: input_file:io/opentdf/nifi/ConvertToZTDF.class */
public class ConvertToZTDF extends AbstractToProcessor {
    public static final PropertyDescriptor SIGN_ASSERTIONS = new PropertyDescriptor.Builder().name("Sign Assertions").description("sign assertions").required(false).defaultValue("false").allowableValues(new String[]{"true", "false"}).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor PRIVATE_KEY_CONTROLLER_SERVICE = new PropertyDescriptor.Builder().name("Private Key Controller Service").description("Optional Private Key Service; this is need for assertion signing").required(true).identifiesControllerService(PrivateKeyService.class).dependsOn(SIGN_ASSERTIONS, new AllowableValue[]{new AllowableValue("true")}).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    Gson gson = new Gson();
    Map<String, AssertionConfig.Type> assertionTypeMap = Map.of("handling", AssertionConfig.Type.HandlingAssertion, "base", AssertionConfig.Type.BaseAssertion);
    Map<String, AssertionConfig.Scope> assertionScopeMap = Map.of("tdo", AssertionConfig.Scope.TrustedDataObj, "payload", AssertionConfig.Scope.Payload);
    Map<String, AssertionConfig.AppliesToState> assertionAppliesToStateMap = Map.of("encrypted", AssertionConfig.AppliesToState.Encrypted, "unencrypted", AssertionConfig.AppliesToState.Unencrypted);

    PrivateKeyService getPrivateKeyService(ProcessContext processContext) {
        if (processContext.getProperty(PRIVATE_KEY_CONTROLLER_SERVICE).isSet()) {
            return processContext.getProperty(PRIVATE_KEY_CONTROLLER_SERVICE).asControllerService(PrivateKeyService.class);
        }
        return null;
    }

    @Override // io.opentdf.nifi.AbstractToProcessor, io.opentdf.nifi.AbstractTDFProcessor
    public List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        ArrayList arrayList = new ArrayList(super.getSupportedPropertyDescriptors());
        arrayList.add(PRIVATE_KEY_CONTROLLER_SERVICE);
        arrayList.add(SIGN_ASSERTIONS);
        return Collections.unmodifiableList(arrayList);
    }

    AssertionConfig buildAssertion(ProcessContext processContext, FlowFile flowFile, String str) throws Exception {
        Map<?, ?> map = (Map) this.gson.fromJson(flowFile.getAttribute(str), Map.class);
        AssertionConfig assertionConfig = new AssertionConfig();
        assertionConfig.id = map.containsKey("id") ? (String) map.get("id") : null;
        populateFieldFromMap(map, "type", this.assertionTypeMap, obj -> {
            assertionConfig.type = (AssertionConfig.Type) obj;
        });
        populateFieldFromMap(map, "scope", this.assertionScopeMap, obj2 -> {
            assertionConfig.scope = (AssertionConfig.Scope) obj2;
        });
        populateFieldFromMap(map, "appliesToState", this.assertionAppliesToStateMap, obj3 -> {
            assertionConfig.appliesToState = (AssertionConfig.AppliesToState) obj3;
        });
        assertionConfig.statement = new AssertionConfig.Statement();
        Map map2 = (Map) map.get("statement");
        if (map2 != null) {
            assertionConfig.statement.format = map2.containsKey("format") ? (String) map2.get("format") : null;
            assertionConfig.statement.value = (String) map2.get("value");
        }
        addSigningInfoToAssertionConfig(processContext, assertionConfig);
        if (assertionConfig.scope == null) {
            throw new Exception("assertion scope is required");
        }
        if (assertionConfig.statement == null) {
            throw new Exception("assertion statement is required");
        }
        if (assertionConfig.statement.format == null) {
            throw new Exception("assertion statement format is required");
        }
        if (assertionConfig.appliesToState == null) {
            throw new Exception("assertion appliesToState is required");
        }
        if (assertionConfig.type == null) {
            throw new Exception("assertion type is required");
        }
        return assertionConfig;
    }

    private void populateFieldFromMap(Map<?, ?> map, String str, Map<?, ?> map2, Consumer<Object> consumer) {
        if (map.containsKey(str)) {
            consumer.accept(map2.get(map.get(str)));
        } else {
            consumer.accept(null);
        }
    }

    @Override // io.opentdf.nifi.AbstractTDFProcessor
    void processFlowFiles(ProcessContext processContext, ProcessSession processSession, List<FlowFile> list) throws ProcessException {
        SDK tdfsdk = getTDFSDK(processContext);
        for (FlowFile flowFile : list) {
            try {
                ArrayList arrayList = new ArrayList(Arrays.asList(Config.withKasInformation((Config.KASInfo[]) getKASInfoFromKASURLs(getKasUrl(flowFile, processContext)).toArray(new Config.KASInfo[0])), Config.withDataAttributes((String[]) getDataAttributes(flowFile).toArray(new String[0]))));
                for (String str : flowFile.getAttributes().keySet().stream().filter(str2 -> {
                    return str2.startsWith("tdf_assertion_");
                }).toList()) {
                    getLogger().debug(String.format("Adding assertion for NiFi attribute = %s", str));
                    arrayList.add(Config.withAssertionConfig(new AssertionConfig[]{buildAssertion(processContext, flowFile, str)}));
                }
                Config.TDFConfig newTDFConfig = Config.newTDFConfig((Consumer[]) arrayList.toArray(new Consumer[0]));
                processSession.transfer(processSession.putAttribute(processSession.write(flowFile, (inputStream, outputStream) -> {
                    try {
                        getTDF().createTDF(inputStream, outputStream, newTDFConfig, tdfsdk.getServices().kas(), tdfsdk.getServices().attributes());
                    } catch (InterruptedException e) {
                        getLogger().error("Interrupted inner", e);
                        Thread.currentThread().interrupt();
                    } catch (Exception e2) {
                        getLogger().error("error creating ZTDF", e2);
                        throw new IOException(e2);
                    }
                }), "mime.type", "application/ztdf+zip"), REL_SUCCESS);
            } catch (InterruptedException e) {
                getLogger().error("Interrupted outer", e);
                Thread.currentThread().interrupt();
            } catch (Exception e2) {
                getLogger().error(flowFile.getId() + ": error converting plain text to ZTDF", e2);
                processSession.transfer(flowFile, REL_FAILURE);
            }
        }
    }

    private void addSigningInfoToAssertionConfig(ProcessContext processContext, AssertionConfig assertionConfig) {
        Optional<PropertyValue> propertyValue = getPropertyValue(processContext);
        if (propertyValue.isPresent() && Boolean.TRUE.equals(propertyValue.get().asBoolean())) {
            getLogger().debug("signed assertions is active");
            PrivateKeyService privateKeyService = getPrivateKeyService(processContext);
            if (privateKeyService != null) {
                getLogger().debug("adding signing configuration for assertion");
                assertionConfig.assertionKey = new AssertionConfig.AssertionKey(AssertionConfig.AssertionKeyAlg.RS256, privateKeyService.getPrivateKey());
            }
        }
    }
}
