package org.apache.nifi.stateless.parameter;

import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
import com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.GetSecretValueResult;
import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.util.StandardValidators;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.class */
public class AwsSecretsManagerParameterValueProvider extends AbstractSecretBasedParameterValueProvider implements ParameterValueProvider {
    private static final String ACCESS_KEY_PROPS_NAME = "aws.access.key.id";
    private static final String SECRET_KEY_PROPS_NAME = "aws.secret.access.key";
    private static final String REGION_KEY_PROPS_NAME = "aws.region";
    private final ObjectMapper objectMapper = new ObjectMapper();
    private AWSSecretsManager secretsManager;
    private static final Logger logger = LoggerFactory.getLogger(AwsSecretsManagerParameterValueProvider.class);
    public static final PropertyDescriptor AWS_CREDENTIALS_FILE = new PropertyDescriptor.Builder().displayName("AWS Credentials File").name("aws-credentials-file").required(false).description("Location of the configuration file (e.g., ./conf/bootstrap-aws.conf) that configures the AWS credentials.  If not provided, the default AWS credentials will be used.").addValidator(StandardValidators.FILE_EXISTS_VALIDATOR).build();

    protected List<PropertyDescriptor> getAdditionalSupportedPropertyDescriptors() {
        return Collections.singletonList(AWS_CREDENTIALS_FILE);
    }

    protected void additionalInit(ParameterValueProviderInitializationContext parameterValueProviderInitializationContext) {
        try {
            this.secretsManager = configureClient(parameterValueProviderInitializationContext.getProperty(AWS_CREDENTIALS_FILE).getValue());
        } catch (IOException e) {
            throw new IllegalStateException("Could not configure AWS Secrets Manager Client", e);
        }
    }

    protected String getSecretValue(String str, String str2) {
        try {
            GetSecretValueResult secretValue = this.secretsManager.getSecretValue(new GetSecretValueRequest().withSecretId(str));
            if (secretValue.getSecretString() != null) {
                return parseParameterValue(secretValue.getSecretString(), str2);
            }
            logger.debug("Secret [{}] not configured", str);
            return null;
        } catch (AWSSecretsManagerException e) {
            logger.debug("Error retrieving secret [{}]", str);
            return null;
        } catch (ResourceNotFoundException e2) {
            logger.debug("Secret [{}] not found", str);
            return null;
        }
    }

    private String parseParameterValue(String str, String str2) {
        try {
            JsonNode jsonNode = this.objectMapper.readTree(str).get(str2);
            if (jsonNode != null) {
                return jsonNode.textValue();
            }
            logger.debug("Parameter [{}] not found", str2);
            return null;
        } catch (JsonProcessingException e) {
            throw new IllegalArgumentException(String.format("Secret String for [%s] could not be parsed", str2), e);
        }
    }

    private Properties loadProperties(String str) throws IOException {
        Properties properties = new Properties();
        FileInputStream fileInputStream = new FileInputStream(Paths.get(str, new String[0]).toFile());
        try {
            properties.load(fileInputStream);
            fileInputStream.close();
            return properties;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    AWSSecretsManager configureClient(String str) throws IOException {
        if (str == null) {
            return getDefaultClient();
        }
        Properties loadProperties = loadProperties(str);
        String property = loadProperties.getProperty(ACCESS_KEY_PROPS_NAME);
        String property2 = loadProperties.getProperty(SECRET_KEY_PROPS_NAME);
        String property3 = loadProperties.getProperty(REGION_KEY_PROPS_NAME);
        return (isNotBlank(property) && isNotBlank(property2) && isNotBlank(property3)) ? (AWSSecretsManager) AWSSecretsManagerClientBuilder.standard().withRegion(property3).withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(property, property2))).build() : getDefaultClient();
    }

    private AWSSecretsManager getDefaultClient() {
        return (AWSSecretsManager) AWSSecretsManagerClientBuilder.standard().withCredentials(DefaultAWSCredentialsProviderChain.getInstance()).build();
    }

    private static boolean isNotBlank(String str) {
        return (str == null || str.trim().equals("")) ? false : true;
    }
}
