package org.apache.nifi.provenance;

import java.io.IOException;
import java.security.KeyManagementException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.OperationNotSupportedException;
import org.apache.nifi.properties.NiFiPropertiesLoader;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/provenance/FileBasedKeyProvider.class */
public class FileBasedKeyProvider extends StaticKeyProvider {
    private static final Logger logger = LoggerFactory.getLogger(FileBasedKeyProvider.class);
    private String filepath;

    FileBasedKeyProvider(String str) throws KeyManagementException {
        this(str, getMasterKey());
    }

    FileBasedKeyProvider(String str, SecretKey secretKey) throws KeyManagementException {
        super(CryptoUtils.readKeys(str, secretKey));
        this.filepath = str;
    }

    private static SecretKey getMasterKey() throws KeyManagementException {
        try {
            return new SecretKeySpec(Hex.decode(NiFiPropertiesLoader.extractKeyFromBootstrapFile()), "AES");
        } catch (IOException e) {
            logger.error("Encountered an error: ", e);
            throw new KeyManagementException(e);
        }
    }

    @Override // org.apache.nifi.provenance.StaticKeyProvider, org.apache.nifi.provenance.KeyProvider
    public boolean addKey(String str, SecretKey secretKey) throws OperationNotSupportedException, KeyManagementException {
        throw new OperationNotSupportedException("This implementation does not allow adding keys. Modify the file backing this provider at " + this.filepath);
    }
}
