package org.apache.nifi.properties;

import java.util.Properties;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.DecryptRequest;
import software.amazon.awssdk.services.kms.model.DescribeKeyRequest;
import software.amazon.awssdk.services.kms.model.EncryptRequest;

/* loaded from: input_file:org/apache/nifi/properties/AwsKmsSensitivePropertyProvider.class */
public class AwsKmsSensitivePropertyProvider extends ClientBasedEncodedSensitivePropertyProvider<KmsClient> {
    protected static final String KEY_ID_PROPERTY = "aws.kms.key.id";
    private static final String IDENTIFIER_KEY = "aws/kms";

    AwsKmsSensitivePropertyProvider(KmsClient kmsClient, Properties properties) throws SensitivePropertyProtectionException {
        super(kmsClient, properties);
    }

    public String getIdentifierKey() {
        return IDENTIFIER_KEY;
    }

    public void cleanUp() {
        KmsClient kmsClient = (KmsClient) getClient();
        if (kmsClient == null) {
            this.logger.debug("AWS KMS Client not configured");
        } else {
            kmsClient.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validate(KmsClient kmsClient) {
        if (kmsClient == null) {
            this.logger.debug("AWS KMS Client not configured");
            return;
        }
        String keyId = getKeyId();
        try {
            if (!kmsClient.describeKey((DescribeKeyRequest) DescribeKeyRequest.builder().keyId(keyId).build()).keyMetadata().enabled().booleanValue()) {
                throw new SensitivePropertyProtectionException(String.format("AWS KMS Key [%s] Disabled", keyId));
            }
            this.logger.info("AWS KMS Key [{}] Enabled", keyId);
        } catch (RuntimeException e) {
            throw new SensitivePropertyProtectionException(String.format("AWS KMS Key [%s] Validation Failed", keyId), e);
        }
    }

    protected byte[] getEncrypted(byte[] bArr) {
        return ((KmsClient) getClient()).encrypt((EncryptRequest) EncryptRequest.builder().keyId(getKeyId()).plaintext(SdkBytes.fromByteArray(bArr)).build()).ciphertextBlob().asByteArray();
    }

    protected byte[] getDecrypted(byte[] bArr) {
        return ((KmsClient) getClient()).decrypt((DecryptRequest) DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(bArr)).keyId(getKeyId()).build()).plaintext().asByteArray();
    }

    private String getKeyId() {
        return getProperties().getProperty(KEY_ID_PROPERTY);
    }
}
