package org.apache.nifi.properties;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;

/* loaded from: input_file:org/apache/nifi/properties/AwsSecretsManagerSensitivePropertyProvider.class */
public class AwsSecretsManagerSensitivePropertyProvider implements SensitivePropertyProvider {
    private static final String IDENTIFIER_KEY = "aws/secretsmanager";
    private final SecretsManagerClient client;
    private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
    private final Lock readLock = this.rwLock.readLock();
    private final Lock writeLock = this.rwLock.writeLock();
    private final ObjectMapper objectMapper = new ObjectMapper();

    AwsSecretsManagerSensitivePropertyProvider(SecretsManagerClient secretsManagerClient) {
        this.client = secretsManagerClient;
    }

    public String getIdentifierKey() {
        return IDENTIFIER_KEY;
    }

    public boolean isSupported() {
        return this.client != null;
    }

    public String protect(String str, ProtectedPropertyContext protectedPropertyContext) throws SensitivePropertyProtectionException {
        Objects.requireNonNull(protectedPropertyContext, "Property context must be provided");
        Objects.requireNonNull(str, "Property value must be provided");
        try {
            if (this.client == null) {
                throw new SensitivePropertyProtectionException("AWS Secrets Manager Provider Not Configured");
            }
            try {
                this.writeLock.lock();
                String contextName = protectedPropertyContext.getContextName();
                Optional<ObjectNode> secretKeyValues = getSecretKeyValues(protectedPropertyContext);
                ObjectNode orElse = secretKeyValues.orElse(this.objectMapper.createObjectNode());
                orElse.put(protectedPropertyContext.getPropertyName(), str);
                String writeValueAsString = this.objectMapper.writeValueAsString(orElse);
                if (secretKeyValues.isPresent()) {
                    this.client.putSecretValue(builder -> {
                        builder.secretId(contextName).secretString(writeValueAsString);
                    });
                } else {
                    this.client.createSecret(builder2 -> {
                        builder2.name(contextName).secretString(writeValueAsString);
                    });
                }
                String contextKey = protectedPropertyContext.getContextKey();
                this.writeLock.unlock();
                return contextKey;
            } catch (SecretsManagerException | JsonProcessingException e) {
                throw new SensitivePropertyProtectionException(String.format("AWS Secrets Manager Secret Could Not Be Stored for [%s]", protectedPropertyContext), e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    public String unprotect(String str, ProtectedPropertyContext protectedPropertyContext) throws SensitivePropertyProtectionException {
        Objects.requireNonNull(protectedPropertyContext, "Property context must be provided");
        if (this.client == null) {
            throw new SensitivePropertyProtectionException("AWS Secrets Manager Provider Not Configured");
        }
        try {
            this.readLock.lock();
            String str2 = null;
            Optional<ObjectNode> secretKeyValues = getSecretKeyValues(protectedPropertyContext);
            if (secretKeyValues.isPresent()) {
                ObjectNode objectNode = secretKeyValues.get();
                String propertyName = protectedPropertyContext.getPropertyName();
                if (objectNode.has(propertyName)) {
                    str2 = objectNode.get(propertyName).textValue();
                }
            }
            if (str2 == null) {
                throw new SensitivePropertyProtectionException(String.format("AWS Secret Name [%s] Property Name [%s] not found", protectedPropertyContext.getContextName(), protectedPropertyContext.getPropertyName()));
            }
            return str2;
        } finally {
            this.readLock.unlock();
        }
    }

    private Optional<ObjectNode> getSecretKeyValues(ProtectedPropertyContext protectedPropertyContext) {
        try {
            GetSecretValueResponse secretValue = this.client.getSecretValue(builder -> {
                builder.secretId(protectedPropertyContext.getContextName());
            });
            if (secretValue.secretString() == null) {
                throw new SensitivePropertyProtectionException(String.format("AWS Secret Name [%s] string value not found", protectedPropertyContext.getContextKey()));
            }
            ObjectNode readTree = this.objectMapper.readTree(secretValue.secretString());
            if (readTree instanceof ObjectNode) {
                return Optional.of(readTree);
            }
            throw new SensitivePropertyProtectionException(String.format("AWS Secrets Manager Secret [%s] JSON parsing failed", protectedPropertyContext.getContextKey()));
        } catch (ResourceNotFoundException e) {
            return Optional.empty();
        } catch (SecretsManagerException e2) {
            throw new SensitivePropertyProtectionException(String.format("AWS Secrets Manager Secret [%s] retrieval failed", protectedPropertyContext.getContextKey()), e2);
        } catch (JsonProcessingException e3) {
            throw new SensitivePropertyProtectionException(String.format("AWS Secrets Manager Secret [%s] JSON parsing failed", protectedPropertyContext.getContextKey()), e3);
        }
    }

    public void cleanUp() {
        if (this.client != null) {
            this.client.close();
        }
    }
}
