package org.apache.nifi.pgp.service.standard;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnDisabled;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.pgp.service.api.KeyIdentifierConverter;
import org.apache.nifi.pgp.service.api.PGPPrivateKeyService;
import org.apache.nifi.pgp.service.standard.exception.PGPConfigurationException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.util.StringUtils;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;

@CapabilityDescription("PGP Private Key Service provides Private Keys loaded from files or properties")
@Tags({"PGP", "GPG", "OpenPGP", "Encryption", "Private", "Key", "RFC 4880"})
/* loaded from: input_file:org/apache/nifi/pgp/service/standard/StandardPGPPrivateKeyService.class */
public class StandardPGPPrivateKeyService extends AbstractControllerService implements PGPPrivateKeyService {
    public static final PropertyDescriptor KEYRING_FILE = new PropertyDescriptor.Builder().name("keyring-file").displayName("Keyring File").description("File path to PGP Keyring or Secret Key encoded in binary or ASCII Armor").required(false).expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT).addValidator(StandardValidators.FILE_EXISTS_VALIDATOR).build();
    public static final PropertyDescriptor KEYRING = new PropertyDescriptor.Builder().name("keyring").displayName("Keyring").description("PGP Keyring or Secret Key encoded in ASCII Armor").required(false).sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor KEY_PASSWORD = new PropertyDescriptor.Builder().name("key-password").displayName("Key Password").description("Password used for decrypting Private Keys").required(true).sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    private static final Charset KEY_CHARSET = StandardCharsets.US_ASCII;
    private static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS = List.of(KEYRING_FILE, KEYRING, KEY_PASSWORD);
    private volatile Map<Long, PGPPrivateKey> privateKeys = Collections.emptyMap();

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) throws InitializationException {
        try {
            PBESecretKeyDecryptor keyDecryptor = getKeyDecryptor(configurationContext);
            ArrayList arrayList = new ArrayList(readKeyringFile(keyDecryptor, configurationContext));
            arrayList.addAll(readKeyring(keyDecryptor, configurationContext));
            this.privateKeys = (Map) arrayList.stream().collect(Collectors.toMap(pGPPrivateKey -> {
                return Long.valueOf(pGPPrivateKey.getKeyID());
            }, pGPPrivateKey2 -> {
                return pGPPrivateKey2;
            }));
        } catch (RuntimeException e) {
            throw new InitializationException("Reading Private Keys Failed", e);
        }
    }

    @OnDisabled
    public void onDisabled() {
        this.privateKeys = Collections.emptyMap();
    }

    public Optional<PGPPrivateKey> findPrivateKey(long j) {
        getLogger().debug("Find Private Key [{}]", new Object[]{KeyIdentifierConverter.format(j)});
        return Optional.ofNullable(this.privateKeys.get(Long.valueOf(j)));
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTY_DESCRIPTORS;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        PBESecretKeyDecryptor keyDecryptor = getKeyDecryptor(validationContext);
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.addAll(readKeyringFile(keyDecryptor, validationContext));
        } catch (RuntimeException e) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(KEYRING_FILE.getDisplayName()).explanation(String.format("Reading Secret Keyring File Failed: %s", e.getMessage())).build());
        }
        try {
            arrayList2.addAll(readKeyring(keyDecryptor, validationContext));
        } catch (RuntimeException e2) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(KEYRING.getDisplayName()).explanation(String.format("Reading Secret Keyring Failed: %s", e2.getMessage())).build());
        }
        if (arrayList2.isEmpty()) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(getClass().getSimpleName()).explanation(String.format("No Private Keys Read from [%s] or [%s]", KEYRING_FILE.getDisplayName(), KEYRING.getDisplayName())).build());
        }
        return arrayList;
    }

    private List<PGPPrivateKey> readKeyringFile(PBESecretKeyDecryptor pBESecretKeyDecryptor, PropertyContext propertyContext) {
        ArrayList arrayList = new ArrayList();
        String value = propertyContext.getProperty(KEYRING_FILE).evaluateAttributeExpressions().getValue();
        if (StringUtils.isNotBlank(value)) {
            try {
                FileInputStream fileInputStream = new FileInputStream(value);
                try {
                    arrayList.addAll(extractPrivateKeys(fileInputStream, pBESecretKeyDecryptor));
                    fileInputStream.close();
                } finally {
                }
            } catch (IOException | RuntimeException e) {
                throw new PGPConfigurationException(String.format("Reading Secret Keyring File [%s] Failed", value), e);
            }
        }
        return arrayList;
    }

    private List<PGPPrivateKey> readKeyring(PBESecretKeyDecryptor pBESecretKeyDecryptor, PropertyContext propertyContext) {
        ArrayList arrayList = new ArrayList();
        String value = propertyContext.getProperty(KEYRING).getValue();
        if (StringUtils.isNotBlank(value)) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(value.getBytes(KEY_CHARSET));
                try {
                    arrayList.addAll(extractPrivateKeys(byteArrayInputStream, pBESecretKeyDecryptor));
                    byteArrayInputStream.close();
                } finally {
                }
            } catch (IOException | RuntimeException e) {
                throw new PGPConfigurationException("Reading Secret Keyring Failed", e);
            }
        }
        return arrayList;
    }

    private List<PGPPrivateKey> extractPrivateKeys(InputStream inputStream, PBESecretKeyDecryptor pBESecretKeyDecryptor) {
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
            try {
                List<PGPPrivateKey> extractPrivateKeys = extractPrivateKeys(readKeyRings(decoderStream), pBESecretKeyDecryptor);
                if (decoderStream != null) {
                    decoderStream.close();
                }
                return extractPrivateKeys;
            } finally {
            }
        } catch (IOException e) {
            throw new PGPConfigurationException("Reading Secret Keyring Stream Failed", e);
        }
    }

    private PGPSecretKeyRingCollection readKeyRings(InputStream inputStream) throws IOException {
        try {
            return new PGPSecretKeyRingCollection(inputStream, new JcaKeyFingerprintCalculator());
        } catch (PGPException e) {
            throw new PGPConfigurationException("Reading Secret Keyring Collection Failed", e);
        }
    }

    private List<PGPPrivateKey> extractPrivateKeys(PGPSecretKeyRingCollection pGPSecretKeyRingCollection, PBESecretKeyDecryptor pBESecretKeyDecryptor) {
        ArrayList arrayList = new ArrayList();
        Iterator it = pGPSecretKeyRingCollection.iterator();
        while (it.hasNext()) {
            Iterator it2 = ((PGPSecretKeyRing) it.next()).iterator();
            while (it2.hasNext()) {
                PGPSecretKey pGPSecretKey = (PGPSecretKey) it2.next();
                String format = KeyIdentifierConverter.format(pGPSecretKey.getKeyID());
                try {
                    arrayList.add(pGPSecretKey.extractPrivateKey(pBESecretKeyDecryptor));
                    getLogger().debug("Extracted Private Key [{}]", new Object[]{format});
                } catch (PGPException e) {
                    throw new PGPConfigurationException(String.format("Private Key [%s] Extraction Failed: check password", format), e);
                }
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    private PBESecretKeyDecryptor getKeyDecryptor(PropertyContext propertyContext) {
        try {
            return new JcePBESecretKeyDecryptorBuilder().build(propertyContext.getProperty(KEY_PASSWORD).getValue().toCharArray());
        } catch (PGPException e) {
            throw new PGPConfigurationException("Building Secret Key Decryptor using password failed", e);
        }
    }
}
