package org.apache.nifi.properties;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Properties;
import java.util.stream.Collectors;
import org.apache.nifi.util.NiFiBootstrapUtils;
import org.apache.nifi.util.NiFiProperties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/properties/NiFiPropertiesLoader.class */
public class NiFiPropertiesLoader {
    private static final int SENSITIVE_PROPERTIES_KEY_LENGTH = 24;
    private final String defaultPropertiesFilePath = NiFiBootstrapUtils.getDefaultApplicationPropertiesFilePath();
    private NiFiProperties instance;
    private String keyHex;
    private SensitivePropertyProviderFactory sensitivePropertyProviderFactory;
    private static final Logger logger = LoggerFactory.getLogger(NiFiPropertiesLoader.class);
    private static final Base64.Encoder KEY_ENCODER = Base64.getEncoder().withoutPadding();
    private static final String EMPTY_SENSITIVE_PROPERTIES_KEY = String.format("%s=", "nifi.sensitive.props.key");
    private static final String MIGRATION_INSTRUCTIONS = "See Admin Guide section [Updating the Sensitive Properties Key]";
    private static final String PROPERTIES_KEY_MESSAGE = String.format("Sensitive Properties Key [%s] not found: %s", "nifi.sensitive.props.key", MIGRATION_INSTRUCTIONS);

    public static NiFiPropertiesLoader withKey(String str) {
        NiFiPropertiesLoader niFiPropertiesLoader = new NiFiPropertiesLoader();
        niFiPropertiesLoader.setKeyHex(str);
        return niFiPropertiesLoader;
    }

    public void setKeyHex(String str) {
        if (this.keyHex != null && !this.keyHex.trim().isEmpty()) {
            throw new RuntimeException("Cannot overwrite an existing key");
        }
        this.keyHex = str;
    }

    public static NiFiProperties loadDefaultWithKeyFromBootstrap() throws IOException {
        try {
            return new NiFiPropertiesLoader().loadDefault();
        } catch (Exception e) {
            logger.warn("Encountered an error naively loading the nifi.properties file because one or more properties are protected: {}", e.getLocalizedMessage());
            throw e;
        }
    }

    private NiFiProperties loadDefault() {
        return load(this.defaultPropertiesFilePath);
    }

    private SensitivePropertyProviderFactory getSensitivePropertyProviderFactory() {
        if (this.sensitivePropertyProviderFactory == null) {
            this.sensitivePropertyProviderFactory = StandardSensitivePropertyProviderFactory.withKey(this.keyHex);
        }
        return this.sensitivePropertyProviderFactory;
    }

    ProtectedNiFiProperties readProtectedPropertiesFromDisk(File file) {
        if (file == null || !file.exists() || !file.canRead()) {
            logger.error("Cannot read from '{}' -- file is missing or not readable", file == null ? "missing file" : file.getAbsolutePath());
            throw new IllegalArgumentException("NiFi properties file missing or unreadable");
        }
        Properties properties = new Properties();
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            Throwable th = null;
            try {
                try {
                    properties.load(bufferedInputStream);
                    logger.info("Loaded {} properties from {}", Integer.valueOf(properties.size()), file.getAbsolutePath());
                    for (String str : properties.stringPropertyNames()) {
                        properties.setProperty(str, properties.getProperty(str).trim());
                    }
                    ProtectedNiFiProperties protectedNiFiProperties = new ProtectedNiFiProperties(properties);
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    return protectedNiFiProperties;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            logger.error("Cannot load properties file due to {}", e.getLocalizedMessage());
            throw new RuntimeException("Cannot load properties file due to " + e.getLocalizedMessage(), e);
        }
    }

    public NiFiProperties load(File file) {
        ProtectedNiFiProperties readProtectedPropertiesFromDisk = readProtectedPropertiesFromDisk(file);
        if (readProtectedPropertiesFromDisk.hasProtectedKeys()) {
            Security.addProvider(new BouncyCastleProvider());
            Collection supportedSensitivePropertyProviders = getSensitivePropertyProviderFactory().getSupportedSensitivePropertyProviders();
            readProtectedPropertiesFromDisk.getClass();
            supportedSensitivePropertyProviders.forEach(readProtectedPropertiesFromDisk::addSensitivePropertyProvider);
        }
        return readProtectedPropertiesFromDisk.m4getUnprotectedProperties();
    }

    public NiFiProperties load(String str) {
        return (str == null || str.trim().isEmpty()) ? loadDefault() : load(new File(str));
    }

    public NiFiProperties get() {
        if (this.instance == null) {
            this.instance = getDefaultProperties();
        }
        return this.instance;
    }

    private NiFiProperties getDefaultProperties() {
        NiFiProperties loadDefault = loadDefault();
        if (isKeyGenerationRequired(loadDefault)) {
            if (loadDefault.isClustered()) {
                logger.error("Clustered Configuration Found: Shared Sensitive Properties Key [{}] required for cluster nodes", "nifi.sensitive.props.key");
                throw new SensitivePropertyProtectionException(PROPERTIES_KEY_MESSAGE);
            }
            File flowConfigurationFile = loadDefault.getFlowConfigurationFile();
            if (flowConfigurationFile.exists()) {
                logger.error("Flow Configuration [{}] Found: Migration Required for blank Sensitive Properties Key [{}]", flowConfigurationFile, "nifi.sensitive.props.key");
                throw new SensitivePropertyProtectionException(PROPERTIES_KEY_MESSAGE);
            }
            setSensitivePropertiesKey();
            loadDefault = loadDefault();
        }
        return loadDefault;
    }

    private void setSensitivePropertiesKey() {
        logger.warn("Generating Random Sensitive Properties Key [{}]", "nifi.sensitive.props.key");
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[SENSITIVE_PROPERTIES_KEY_LENGTH];
        secureRandom.nextBytes(bArr);
        String encodeToString = KEY_ENCODER.encodeToString(bArr);
        try {
            Path path = Paths.get(new File(this.defaultPropertiesFilePath).toURI());
            Files.write(path, (List) Files.readAllLines(path).stream().map(str -> {
                return str.equals(EMPTY_SENSITIVE_PROPERTIES_KEY) ? str + encodeToString : str;
            }).collect(Collectors.toList()), new OpenOption[0]);
            logger.info("NiFi Properties [{}] updated with Sensitive Properties Key", path);
        } catch (IOException e) {
            throw new UncheckedIOException("Failed to set Sensitive Properties Key", e);
        }
    }

    private static boolean isKeyGenerationRequired(NiFiProperties niFiProperties) {
        String property = niFiProperties.getProperty("nifi.sensitive.props.key");
        return property == null || property.length() == 0;
    }
}
