package org.apache.nifi.repository.encryption.configuration.kms;

import java.util.Objects;
import org.apache.nifi.repository.encryption.configuration.EncryptedRepositoryType;
import org.apache.nifi.security.kms.KeyProvider;
import org.apache.nifi.security.kms.KeyProviderFactory;
import org.apache.nifi.security.kms.configuration.KeyProviderConfiguration;
import org.apache.nifi.security.kms.configuration.KeyStoreKeyProviderConfiguration;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;

/* loaded from: input_file:org/apache/nifi/repository/encryption/configuration/kms/StandardRepositoryKeyProviderFactory.class */
public class StandardRepositoryKeyProviderFactory implements RepositoryKeyProviderFactory {
    @Override // org.apache.nifi.repository.encryption.configuration.kms.RepositoryKeyProviderFactory
    public KeyProvider getKeyProvider(EncryptedRepositoryType encryptedRepositoryType, NiFiProperties niFiProperties) {
        Objects.requireNonNull(encryptedRepositoryType, "Encrypted Repository Type required");
        Objects.requireNonNull(niFiProperties, "NiFi Properties required");
        return KeyProviderFactory.getKeyProvider(getKeyProviderConfiguration(getEncryptionKeyProvider(encryptedRepositoryType, niFiProperties), niFiProperties));
    }

    private EncryptionKeyProvider getEncryptionKeyProvider(EncryptedRepositoryType encryptedRepositoryType, NiFiProperties niFiProperties) {
        String property = niFiProperties.getProperty("nifi.repository.encryption.key.provider");
        if (StringUtils.isBlank(property)) {
            throw new EncryptedConfigurationException(String.format("Key Provider [%s] not configured for Repository Type [%s] ", property, encryptedRepositoryType));
        }
        try {
            return EncryptionKeyProvider.valueOf(property);
        } catch (IllegalArgumentException e) {
            throw new EncryptedConfigurationException(String.format("Key Provider [%s] not supported for Repository Type [%s] ", property, encryptedRepositoryType));
        }
    }

    private KeyProviderConfiguration<?> getKeyProviderConfiguration(EncryptionKeyProvider encryptionKeyProvider, NiFiProperties niFiProperties) {
        if (EncryptionKeyProvider.KEYSTORE != encryptionKeyProvider) {
            throw new UnsupportedOperationException(String.format("Key Provider [%s] not supported", encryptionKeyProvider));
        }
        String property = niFiProperties.getProperty("nifi.repository.encryption.key.provider.keystore.password");
        if (StringUtils.isBlank(property)) {
            throw new EncryptedConfigurationException("Key Provider Password not configured");
        }
        char[] charArray = property.toCharArray();
        String property2 = niFiProperties.getProperty("nifi.repository.encryption.key.provider.keystore.location");
        try {
            return new KeyStoreKeyProviderConfiguration(KeyStoreUtils.loadSecretKeyStore(property2, charArray, KeyStoreUtils.getKeystoreTypeFromExtension(property2).getType()), charArray);
        } catch (TlsException e) {
            throw new EncryptedConfigurationException("Key Store Provider loading failed", e);
        }
    }
}
