package org.finos.tracdap.common.config;

import com.google.protobuf.Message;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
import java.util.Properties;
import org.finos.tracdap.common.config.local.JksSecretLoader;
import org.finos.tracdap.common.exception.EConfigLoad;
import org.finos.tracdap.common.exception.EStartup;
import org.finos.tracdap.common.plugin.IPluginManager;
import org.finos.tracdap.common.startup.StartupLog;
import org.finos.tracdap.config._ConfigFile;
import org.slf4j.event.Level;

/* loaded from: input_file:org/finos/tracdap/common/config/ConfigManager.class */
public class ConfigManager {
    private final IPluginManager plugins;
    private final URI rootConfigFile;
    private final URI rootConfigDir;
    private final String secretKey;
    private ISecretLoader secrets;
    private byte[] rootConfigCache;

    public ConfigManager(String str, Path path, IPluginManager iPluginManager) {
        this(str, path, iPluginManager, null);
    }

    public ConfigManager(String str, Path path, IPluginManager iPluginManager, String str2) {
        this.secrets = null;
        this.rootConfigCache = null;
        this.plugins = iPluginManager;
        this.secretKey = str2;
        this.rootConfigFile = resolveRootUrl(parseUrl(str), path);
        this.rootConfigDir = this.rootConfigFile.resolve(".").normalize();
        StartupLog.log(this, Level.INFO, String.format("Using config root: %s", "file".equals(this.rootConfigDir.getScheme()) ? Paths.get(this.rootConfigDir).toString() : this.rootConfigDir.toString()));
    }

    public void prepareSecrets() {
        Map<String, String> configMap = loadRootConfigObject(_ConfigFile.class, true).getConfigMap();
        String orDefault = configMap.getOrDefault(ConfigKeys.SECRET_TYPE_KEY, "");
        String orDefault2 = configMap.getOrDefault(ConfigKeys.SECRET_URL_KEY, "");
        if (orDefault == null || orDefault.isBlank()) {
            StartupLog.log(this, Level.INFO, "Using secrets: [none]");
        } else {
            StartupLog.log(this, Level.INFO, String.format("Using secrets: [%s] %s", orDefault, orDefault2));
            this.secrets = secretLoaderForProtocol(orDefault, configMap);
        }
    }

    public ISecretLoader getUserDb() {
        _ConfigFile loadRootConfigObject = loadRootConfigObject(_ConfigFile.class, true);
        if (!loadRootConfigObject.containsConfig(ConfigKeys.USER_DB_TYPE)) {
            throw new EStartup(String.format("TRAC user database is not enabled (set config key [%s] to turn it on)", ConfigKeys.USER_DB_TYPE));
        }
        if (!loadRootConfigObject.containsConfig(ConfigKeys.USER_DB_URL)) {
            throw new EStartup("Missing required config key [users.url]");
        }
        String configOrThrow = loadRootConfigObject.getConfigOrThrow(ConfigKeys.USER_DB_TYPE);
        String configOrThrow2 = loadRootConfigObject.getConfigOrThrow(ConfigKeys.USER_DB_URL);
        String configOrDefault = loadRootConfigObject.getConfigOrDefault(ConfigKeys.USER_DB_KEY, "");
        Path path = Paths.get(resolveConfigFile(URI.create(configOrThrow2)));
        String loadPassword = configOrDefault.isEmpty() ? this.secretKey : loadPassword(configOrDefault);
        Properties properties = new Properties();
        properties.put(ConfigKeys.SECRET_TYPE_KEY, configOrThrow);
        properties.put(ConfigKeys.SECRET_URL_KEY, path.toString());
        properties.put(ConfigKeys.SECRET_KEY_KEY, loadPassword);
        JksSecretLoader jksSecretLoader = new JksSecretLoader(properties);
        jksSecretLoader.init(this);
        return jksSecretLoader;
    }

    public URI configRoot() {
        return this.rootConfigDir;
    }

    public URI resolveConfigFile(URI uri) {
        return resolveUrl(uri);
    }

    public byte[] loadBinaryConfig(String str) {
        return loadUrl(resolveUrl(parseUrl(str)));
    }

    public String loadTextConfig(String str) {
        return new String(loadUrl(resolveUrl(parseUrl(str))), StandardCharsets.UTF_8);
    }

    public <TConfig extends Message> TConfig loadConfigObject(String str, Class<TConfig> cls, boolean z) {
        URI resolveUrl = resolveUrl(parseUrl(str));
        return (TConfig) ConfigParser.parseConfig(loadUrl(resolveUrl), ConfigFormat.fromExtension(resolveUrl), cls, z);
    }

    public <TConfig extends Message> TConfig loadConfigObject(String str, Class<TConfig> cls) {
        return (TConfig) loadConfigObject(str, cls, false);
    }

    public <TConfig extends Message> TConfig loadRootConfigObject(Class<TConfig> cls, boolean z) {
        byte[] bArr = this.rootConfigCache;
        if (bArr == null) {
            bArr = loadUrl(resolveUrl(parseUrl(this.rootConfigFile.toString())));
            this.rootConfigCache = bArr;
        }
        return (TConfig) ConfigParser.parseConfig(bArr, ConfigFormat.fromExtension(this.rootConfigFile), cls, z);
    }

    public <TConfig extends Message> TConfig loadRootConfigObject(Class<TConfig> cls) {
        return (TConfig) loadRootConfigObject(cls, false);
    }

    public boolean hasSecret(String str) {
        if (this.secrets == null) {
            return false;
        }
        return this.secrets.hasSecret(str);
    }

    public String loadPassword(String str) {
        if (this.secrets != null) {
            return this.secrets.loadPassword(str);
        }
        String format = String.format("Secrets are not enabled, to use secrets set secret.type in [%s]", this.rootConfigFile);
        StartupLog.log(this, Level.ERROR, format);
        throw new EStartup(format);
    }

    public PublicKey loadPublicKey(String str) {
        if (this.secrets != null) {
            return this.secrets.loadPublicKey(str);
        }
        String format = String.format("Secrets are not enabled, to use secrets set secret.type in [%s]", this.rootConfigFile);
        StartupLog.log(this, Level.ERROR, format);
        throw new EStartup(format);
    }

    public PrivateKey loadPrivateKey(String str) {
        if (this.secrets != null) {
            return this.secrets.loadPrivateKey(str);
        }
        String format = String.format("Secrets are not enabled, to use secrets set secret.type in [%s]", this.rootConfigFile);
        StartupLog.log(this, Level.ERROR, format);
        throw new EStartup(format);
    }

    private URI parseUrl(String str) {
        if (str == null || str.isBlank()) {
            throw new EConfigLoad("Config URL is missing or blank");
        }
        Path path = null;
        URI uri = null;
        try {
            path = Paths.get(str, new String[0]).normalize();
        } catch (InvalidPathException e) {
        }
        try {
            uri = URI.create(str);
        } catch (IllegalArgumentException e2) {
        }
        if ((str.startsWith("/") || str.startsWith("\\") || str.startsWith(":\\", 1)) && path != null) {
            return path.toUri();
        }
        if (uri != null) {
            return uri;
        }
        if (path != null) {
            return path.toUri();
        }
        throw new EConfigLoad("Requested config URL is not a valid URL or path: " + str);
    }

    private URI resolveUrl(URI uri) {
        String scheme = uri.getScheme();
        String path = uri.getPath() != null ? uri.getPath() : uri.getSchemeSpecificPart();
        boolean z = path.startsWith("/") || path.startsWith("\\");
        if (z) {
            if (scheme == null || scheme.isBlank()) {
                throw new EConfigLoad(String.format("Invalid URL for config file: %2$s [%1$s]", uri, "Absolute URLs must specify an explicit protocol"));
            }
        } else if (scheme != null && !scheme.isBlank()) {
            throw new EConfigLoad(String.format("Invalid URL for config file: %2$s [%1$s]", uri, "Relative URLs cannot specify an explicit protocol"));
        }
        if (!"file".equals(scheme) || uri.getHost() == null) {
            return z ? uri.normalize() : this.rootConfigDir.resolve(uri).normalize();
        }
        throw new EConfigLoad(String.format("Invalid URL for config file: %2$s [%1$s]", uri, "Network file paths are not supported"));
    }

    private URI resolveRootUrl(URI uri, Path path) {
        String scheme = uri.getScheme();
        if (scheme == null || scheme.isBlank() || scheme.equals("file")) {
            return uri.isAbsolute() ? uri : path.resolve(uri.getPath()).toUri();
        }
        if (uri.isAbsolute()) {
            return uri;
        }
        throw new EConfigLoad(String.format("Relative URL is not allowed for root config file with protocol [%s]: [%s]", scheme, uri));
    }

    private byte[] loadUrl(URI uri) {
        StartupLog.log(this, Level.INFO, String.format("Loading config file: [%s]", this.rootConfigDir.relativize(uri)));
        return configLoaderForProtocol(uri.getScheme()).loadBinaryFile(uri);
    }

    private IConfigLoader configLoaderForProtocol(String str) {
        if (str == null || str.isBlank()) {
            str = "file";
        }
        if (this.plugins.isServiceAvailable(IConfigLoader.class, str)) {
            return (IConfigLoader) this.plugins.createService(IConfigLoader.class, str);
        }
        String format = String.format("No config loader available for protocol [%s]", str);
        StartupLog.log(this, Level.ERROR, format);
        throw new EConfigLoad(format);
    }

    private ISecretLoader secretLoaderForProtocol(String str, Map<String, String> map) {
        if (this.plugins.isServiceAvailable(ISecretLoader.class, str)) {
            ISecretLoader iSecretLoader = (ISecretLoader) this.plugins.createService(ISecretLoader.class, str, buildSecretProps(map));
            iSecretLoader.init(this);
            return iSecretLoader;
        }
        String format = String.format("No secret loader available for protocol [%s]", str);
        StartupLog.log(this, Level.ERROR, format);
        throw new EConfigLoad(format);
    }

    private Properties buildSecretProps(Map<String, String> map) {
        Properties properties = new Properties();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey().startsWith("secret.") && entry.getValue() != null) {
                properties.put(entry.getKey(), entry.getValue());
            }
        }
        if (this.secretKey != null && !this.secretKey.isBlank()) {
            properties.put(ConfigKeys.SECRET_KEY_KEY, this.secretKey);
        }
        return properties;
    }
}
