package io.gravitee.node.secrets.service.conf;

import io.gravitee.common.util.EnvironmentUtils;
import io.gravitee.node.api.secrets.SecretManagerConfiguration;
import io.gravitee.node.api.secrets.errors.SecretManagerConfigurationException;
import io.gravitee.node.api.secrets.errors.SecretManagerException;
import io.gravitee.node.api.secrets.errors.SecretProviderNotFoundException;
import io.gravitee.node.api.secrets.model.Secret;
import io.gravitee.node.api.secrets.model.SecretLocation;
import io.gravitee.node.api.secrets.model.SecretMap;
import io.gravitee.node.api.secrets.model.SecretMount;
import io.gravitee.node.api.secrets.model.SecretURL;
import io.gravitee.node.api.secrets.util.ConfigHelper;
import io.gravitee.node.secrets.plugins.SecretProviderPluginManager;
import io.gravitee.node.secrets.service.AbstractSecretProviderDispatcher;
import io.reactivex.rxjava3.core.Maybe;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.Environment;

/* loaded from: input_file:io/gravitee/node/secrets/service/conf/GraviteeConfigurationSecretResolverDispatcher.class */
public class GraviteeConfigurationSecretResolverDispatcher extends AbstractSecretProviderDispatcher {
    private static final Logger log = LoggerFactory.getLogger(GraviteeConfigurationSecretResolverDispatcher.class);
    private static final String SECRETS_CONFIG_KEY = "secrets";
    private final Environment environment;
    private final Map<SecretLocation, SecretMap> secrets;
    private final List<String> enabledProviders;

    public GraviteeConfigurationSecretResolverDispatcher(SecretProviderPluginManager secretProviderPluginManager, Environment environment) {
        super(secretProviderPluginManager);
        this.secrets = Collections.synchronizedMap(new HashMap());
        this.enabledProviders = new ArrayList();
        this.environment = environment;
        setupConverters((ConfigurableEnvironment) environment);
        secretProviderPluginManager.setOnNewPluginCallback(str -> {
            if (isEnabled(str)) {
                super.createAndRegister(str);
                this.enabledProviders.add(str);
            }
        });
    }

    private void setupConverters(ConfigurableEnvironment configurableEnvironment) {
        configurableEnvironment.getConversionService().addConverter(new Converter<Secret, String>() { // from class: io.gravitee.node.secrets.service.conf.GraviteeConfigurationSecretResolverDispatcher.1
            public String convert(@Nonnull Secret secret) {
                return secret.asString();
            }
        });
        configurableEnvironment.getConversionService().addConverter(new Converter<Secret, byte[]>() { // from class: io.gravitee.node.secrets.service.conf.GraviteeConfigurationSecretResolverDispatcher.2
            public byte[] convert(@Nonnull Secret secret) {
                return secret.asBytes();
            }
        });
    }

    @Override // io.gravitee.node.secrets.service.AbstractSecretProviderDispatcher
    public boolean isEnabled(String str) {
        return ((Boolean) this.environment.getProperty(String.format("%s.%s.enabled", SECRETS_CONFIG_KEY, str), Boolean.TYPE, false)).booleanValue();
    }

    public <T extends SecretManagerConfiguration> T readConfiguration(String str, Class<?> cls) {
        try {
            return (T) cls.getDeclaredConstructor(Map.class).newInstance(ConfigHelper.removePrefix(EnvironmentUtils.getAllProperties((ConfigurableEnvironment) this.environment), "%s.%s".formatted(SECRETS_CONFIG_KEY, str)));
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new SecretManagerConfigurationException("Could not create configuration class for secret manager: %s".formatted(str), e);
        }
    }

    @Override // io.gravitee.node.secrets.service.AbstractSecretProviderDispatcher
    public Maybe<SecretMap> resolve(SecretMount secretMount) throws SecretProviderNotFoundException, SecretManagerException {
        return this.secrets.containsKey(secretMount.location()) ? Maybe.just(this.secrets.get(secretMount.location())) : super.resolve(secretMount).doOnSuccess(secretMap -> {
            this.secrets.put(secretMount.location(), secretMap);
        });
    }

    public boolean canHandle(String str) {
        Objects.requireNonNull(str);
        return str.startsWith("secret://") && enabledProviders().stream().anyMatch(str2 -> {
            return canProviderHandle(str, str2);
        });
    }

    public boolean canResolveSingleValue(String str) {
        Objects.requireNonNull(str);
        if (!canHandle(str)) {
            return false;
        }
        try {
            if (toSecretMount(str).isKeyEmpty()) {
                throw new IllegalArgumentException("Secret URL should must specify a 'key' in order to resolve a single value, such as: %s:<KEY>".formatted(str));
            }
            return true;
        } catch (IllegalArgumentException | SecretProviderNotFoundException e) {
            return false;
        }
    }

    public SecretMount toSecretMount(String str) {
        SecretURL from = SecretURL.from(str);
        return (SecretMount) findSecretProvider(from.provider()).map(secretProvider -> {
            try {
                return secretProvider.fromURL(from);
            } catch (IllegalArgumentException e) {
                throw new SecretManagerConfigurationException("cannot create secret URL from: " + str, e);
            }
        }).orElseThrow(() -> {
            return new SecretProviderNotFoundException(AbstractSecretProviderDispatcher.SECRET_PROVIDER_NOT_FOUND_FOR_ID.formatted(from.provider()));
        });
    }

    Map<SecretLocation, SecretMap> secrets() {
        return Map.copyOf(this.secrets);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean canProviderHandle(String str, String str2) {
        return str.startsWith("%s%s/".formatted("secret://", str2));
    }

    public List<String> enabledProviders() {
        return this.enabledProviders;
    }
}
