package org.apache.nifi.toolkit.config.command;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import org.apache.nifi.encrypt.PropertyEncryptor;
import org.apache.nifi.encrypt.PropertyEncryptorBuilder;
import org.apache.nifi.properties.ApplicationProperties;
import org.apache.nifi.properties.ApplicationPropertiesProtector;
import org.apache.nifi.properties.NiFiPropertiesLoader;
import org.apache.nifi.properties.ProtectedNiFiProperties;
import org.apache.nifi.toolkit.config.transformer.ApplicationPropertiesFileTransformer;
import org.apache.nifi.toolkit.config.transformer.FlowConfigurationFileTransformer;
import org.apache.nifi.toolkit.config.transformer.XmlFileTransformer;
import picocli.CommandLine;

@CommandLine.Command
/* loaded from: input_file:org/apache/nifi/toolkit/config/command/StandardEncryptConfig.class */
public class StandardEncryptConfig extends SharedEncryptConfig implements Runnable {
    static final String BOOTSTRAP_ROOT_KEY_PROPERTY = "nifi.bootstrap.sensitive.key";
    private static final String DEFAULT_PROPERTIES_ALGORITHM = "NIFI_PBKDF2_AES_GCM_256";

    @CommandLine.Option(names = {"-m", "--migrate"}, description = {"Migrate configuration files from current protection configuration to new protection configuration"})
    boolean migrationRequested;

    @CommandLine.Option(names = {"-x", "--encryptFlowXmlOnly", "--encryptFlowJsonOnly"}, description = {"Process Flow Configuration [flow.json.gz] sensitive property values without modifying other configuration files"})
    boolean flowConfigurationRequested;

    @CommandLine.Option(names = {"-n", "--niFiProperties"}, description = {"Path to file containing Application Properties [nifi.properties] that will be updated unless the output argument is provided"})
    Path applicationPropertiesPath;

    @CommandLine.Option(names = {"-o", "--outputNiFiProperties"}, description = {"Path to output file for Application Properties [nifi.properties] with property protection applied"})
    Path outputApplicationPropertiesPath;

    @CommandLine.Option(names = {"-l", "--loginIdentityProviders"}, description = {"Path to file containing Login Identity Providers [login-identity-providers.xml] configuration that will be updated unless the output argument is provided"})
    Path loginIdentityProvidersPath;

    @CommandLine.Option(names = {"-i", "--outputLoginIdentityProviders"}, description = {"Path to output file for Login Identity Providers [login-identity-providers.xml] with property protection applied"})
    Path outputLoginIdentityProvidersPath;

    @CommandLine.Option(names = {"-f", "--flowConfiguration", "--flowJson", "--flowXml"}, description = {"Path to file containing Flow Configuration [flow.json.gz] that will be updated unless the output argument is provided"})
    Path flowConfigurationPath;

    @CommandLine.Option(names = {"-g", "--outputFlowConfiguration", "--outputFlowJson", "--outputFlowXml"}, description = {"Path to output file for Flow Configuration [flow.json.gz] with property protection applied"})
    Path outputFlowConfigurationPath;

    @CommandLine.Option(names = {"-s", "--propsKey"}, description = {"Properties Key [nifi.sensitive.props.key] from which to derive the key used to encrypt the sensitive values in the Flow Configuration"}, arity = "0..1", interactive = true)
    String sensitivePropertiesKey;

    @CommandLine.Option(names = {"-A", "--newFlowAlgorithm"}, description = {"Properties Algorithm [nifi.sensitive.props.algorithm] with which to encrypt the sensitive values in the Flow Configuration. Default is ${DEFAULT-VALUE}"}, defaultValue = DEFAULT_PROPERTIES_ALGORITHM)
    String newFlowAlgorithm;

    @Override // java.lang.Runnable
    public void run() {
        ApplicationProperties loadApplicationProperties = loadApplicationProperties();
        processBootstrapConf(BOOTSTRAP_ROOT_KEY_PROPERTY);
        processApplicationProperties(loadApplicationProperties);
        processFlowConfiguration(loadApplicationProperties);
        processAuthorizers();
        processLoginIdentityProviders();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.toolkit.config.command.SharedEncryptConfig
    public void processBootstrapConf(String str) {
        if (this.flowConfigurationRequested) {
            this.logger.info("Bootstrap Configuration [bootstrap.conf] not modified based on provided arguments");
        } else {
            super.processBootstrapConf(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.toolkit.config.command.SharedEncryptConfig
    public void processAuthorizers() {
        if (this.flowConfigurationRequested) {
            this.logger.info("Authorizers not modified based on provided arguments");
        } else {
            super.processAuthorizers();
        }
    }

    private ApplicationProperties loadApplicationProperties() {
        ApplicationProperties load;
        if (this.applicationPropertiesPath == null) {
            load = new ApplicationProperties(Collections.emptyMap());
            if (this.verboseModeEnabled) {
                this.logger.info("Application Properties [nifi.properties] not specified");
            }
        } else {
            if (Files.notExists(this.applicationPropertiesPath, new LinkOption[0])) {
                throw new IllegalArgumentException(String.format("Application Properties [nifi.properties] not found [%s]", this.applicationPropertiesPath));
            }
            NiFiPropertiesLoader niFiPropertiesLoader = new NiFiPropertiesLoader();
            niFiPropertiesLoader.setKeyHex(this.migrationRequested ? getInputRootKey() : getRootKey());
            load = niFiPropertiesLoader.load(this.applicationPropertiesPath.toFile());
        }
        return load;
    }

    private void processApplicationProperties(ApplicationProperties applicationProperties) {
        if (this.applicationPropertiesPath == null) {
            if (this.verboseModeEnabled) {
                this.logger.info("Application Properties [nifi.properties] not specified");
            }
        } else {
            if (this.flowConfigurationRequested) {
                this.logger.info("Application Properties [nifi.properties] not modified based on provided arguments");
                return;
            }
            this.logger.info("Started processing Application Properties [{}]", this.applicationPropertiesPath);
            runFileTransformer(new ApplicationPropertiesFileTransformer(applicationProperties, getSensitivePropertyProviderFactory().getProvider(this.protectionScheme), getSensitivePropertyNames()), this.applicationPropertiesPath, this.outputApplicationPropertiesPath);
            this.logger.info("Completed processing Application Properties [{}]", this.applicationPropertiesPath);
        }
    }

    private void processFlowConfiguration(ApplicationProperties applicationProperties) {
        if (this.flowConfigurationPath == null) {
            if (this.verboseModeEnabled) {
                this.logger.info("Flow Configuration not specified");
            }
        } else {
            this.logger.info("Started processing Flow Configuration [{}]", this.flowConfigurationPath);
            runFileTransformer(new FlowConfigurationFileTransformer(getInputPropertyEncryptor(applicationProperties), getOutputPropertyEncryptor(applicationProperties)), this.flowConfigurationPath, this.outputFlowConfigurationPath);
            this.logger.info("Completed processing Flow Configuration [{}]", this.flowConfigurationPath);
        }
    }

    private void processLoginIdentityProviders() {
        if (this.loginIdentityProvidersPath == null) {
            if (this.verboseModeEnabled) {
                this.logger.info("Login Identity Providers not specified");
            }
        } else {
            if (this.flowConfigurationRequested) {
                this.logger.info("Login Identity Providers not modified based on provided arguments");
                return;
            }
            this.logger.info("Started processing Login Identity Providers [{}]", this.loginIdentityProvidersPath);
            runFileTransformer(new XmlFileTransformer(getInputSensitivePropertyProvider(), getSensitivePropertyProviderFactory(), this.protectionScheme), this.loginIdentityProvidersPath, this.outputLoginIdentityProvidersPath);
            this.logger.info("Completed processing Login Identity Providers [{}]", this.loginIdentityProvidersPath);
        }
    }

    private PropertyEncryptor getInputPropertyEncryptor(ApplicationProperties applicationProperties) {
        String property = applicationProperties.getProperty("nifi.sensitive.props.key");
        if (property == null) {
            throw new IllegalArgumentException(String.format("Sensitive Properties Key [%s] not found in Application Properties", "nifi.sensitive.props.key"));
        }
        return new PropertyEncryptorBuilder(property).setAlgorithm(applicationProperties.getProperty("nifi.sensitive.props.algorithm", DEFAULT_PROPERTIES_ALGORITHM)).build();
    }

    private PropertyEncryptor getOutputPropertyEncryptor(ApplicationProperties applicationProperties) {
        if (this.sensitivePropertiesKey == null) {
            throw new IllegalArgumentException("Sensitive Properties Key not provided");
        }
        String str = (String) Objects.requireNonNullElse(this.newFlowAlgorithm, applicationProperties.getProperty("nifi.sensitive.props.algorithm", DEFAULT_PROPERTIES_ALGORITHM));
        if (this.verboseModeEnabled) {
            this.logger.info("Output Sensitive Properties Algorithm configured [{}]", str);
        }
        return new PropertyEncryptorBuilder(this.sensitivePropertiesKey).setAlgorithm(str).build();
    }

    private Set<String> getSensitivePropertyNames() {
        return Set.copyOf(new ApplicationPropertiesProtector(new ProtectedNiFiProperties()).getSensitivePropertyKeys());
    }
}
