package org.openmetadata.service.secrets;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.util.List;
import org.jetbrains.annotations.Nullable;
import org.openmetadata.schema.api.services.ingestionPipelines.TestServiceConnection;
import org.openmetadata.schema.entity.services.ServiceType;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.services.connections.metadata.OpenMetadataServerConnection;
import org.openmetadata.schema.services.connections.metadata.SecretsManagerProvider;
import org.openmetadata.schema.teams.authn.JWTAuthMechanism;
import org.openmetadata.schema.teams.authn.SSOAuthMechanism;
import org.openmetadata.service.Entity;
import org.openmetadata.service.exception.InvalidServiceConnectionException;
import org.openmetadata.service.exception.SecretsManagerException;
import org.openmetadata.service.jdbi3.UserRepository;
import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.JsonUtils;

/* loaded from: input_file:org/openmetadata/service/secrets/ThirdPartySecretsManager.class */
public abstract class ThirdPartySecretsManager extends SecretsManager {
    public static final String DATABASE_METADATA_PIPELINE_SECRET_ID_PREFIX = "database-metadata-pipeline";
    public static final String TEST_CONNECTION_TEMP_SECRET_ID_PREFIX = "test-connection-temp";
    public static final String BOT_USER_PREFIX = "bot-user";
    public static final String BOT_PREFIX = "bot";
    public static final String AUTH_PROVIDER = "auth-provider";
    public static final String NULL_SECRET_STRING = "null";

    /* JADX INFO: Access modifiers changed from: protected */
    public ThirdPartySecretsManager(SecretsManagerProvider secretsManagerProvider, String str) {
        super(secretsManagerProvider, str);
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    public Object encryptOrDecryptServiceConnectionConfig(Object obj, String str, String str2, ServiceType serviceType, boolean z) {
        String buildSecretId = buildSecretId("service", serviceType.value(), str, str2);
        try {
            try {
                if (!z) {
                    return JsonUtils.readValue(getSecret(buildSecretId), createConnectionConfigClass(str, extractConnectionPackageName(serviceType)));
                }
                validateServiceConnection(obj, str, serviceType);
                String pojoToJson = JsonUtils.pojoToJson(obj);
                if (pojoToJson == null) {
                    return null;
                }
                upsertSecret(buildSecretId, pojoToJson);
                return null;
            } catch (Exception e) {
                throw SecretsManagerException.byMessage(getClass().getSimpleName(), buildSecretId, e.getMessage());
            }
        } catch (ClassNotFoundException | InvalidServiceConnectionException e2) {
            throw InvalidServiceConnectionException.byMessage(str, String.format("Failed to construct connection instance of %s", str));
        }
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    public Object storeTestConnectionObject(TestServiceConnection testServiceConnection) {
        try {
            upsertSecret(buildSecretId(TEST_CONNECTION_TEMP_SECRET_ID_PREFIX, testServiceConnection.getConnectionType().value()), JsonUtils.pojoToJson(testServiceConnection.getConnection()));
            return null;
        } catch (JsonProcessingException e) {
            throw new SecretsManagerException("Error parsing to JSON the service connection config: " + e.getMessage());
        }
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    public Object encryptOrDecryptBotUserCredentials(String str, Object obj, boolean z) {
        return encryptOrDecryptObject(obj, z, buildSecretId(BOT_USER_PREFIX, str));
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    public Object encryptOrDecryptBotCredentials(String str, String str2, boolean z) {
        String buildSecretId = buildSecretId("bot", str);
        if (!z) {
            return encryptOrDecryptObject(null, false, buildSecretId);
        }
        try {
            Object encryptOrDecryptBotUserCredentials = encryptOrDecryptBotUserCredentials(str2, null, false);
            AuthenticationMechanism authenticationMechanism = ((UserRepository) UserRepository.class.cast(Entity.getEntityRepository(Entity.USER))).getByName(null, str2, new EntityUtil.Fields(List.of(UserResource.USER_PROTECTED_FIELDS))).getAuthenticationMechanism();
            if (authenticationMechanism != null) {
                String buildSecretId2 = buildSecretId("bot", str, AUTH_PROVIDER);
                String str3 = null;
                if (AuthenticationMechanism.AuthType.JWT.equals(authenticationMechanism.getAuthType())) {
                    encryptOrDecryptObject(new OpenMetadataJWTClientConfig().withJwtToken(((JWTAuthMechanism) JsonUtils.convertValue(encryptOrDecryptBotUserCredentials, JWTAuthMechanism.class)).getJWTToken()), true, buildSecretId);
                    str3 = OpenMetadataServerConnection.AuthProvider.OPENMETADATA.value();
                } else if (encryptOrDecryptBotUserCredentials != null && AuthenticationMechanism.AuthType.SSO.equals(authenticationMechanism.getAuthType())) {
                    encryptOrDecryptObject(((SSOAuthMechanism) JsonUtils.convertValue(encryptOrDecryptBotUserCredentials, SSOAuthMechanism.class)).getAuthConfig(), true, buildSecretId);
                    str3 = OpenMetadataServerConnection.AuthProvider.fromValue((String) JsonUtils.getMap(encryptOrDecryptBotUserCredentials).get("ssoServiceType")).value();
                }
                encryptOrDecryptObject(str3, true, buildSecretId2);
            }
            return null;
        } catch (Exception e) {
            throw SecretsManagerException.byMessage(getClass().getSimpleName(), buildSecretId, e.getMessage());
        }
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    public Object encryptOrDecryptDbtConfigSource(Object obj, String str, boolean z) {
        return encryptOrDecryptObject(obj, z, buildSecretId(DATABASE_METADATA_PIPELINE_SECRET_ID_PREFIX, str));
    }

    @Nullable
    private Object encryptOrDecryptObject(Object obj, boolean z, String str) {
        try {
            if (z) {
                upsertSecret(str, JsonUtils.pojoToJson(obj));
                return null;
            }
            String secret = getSecret(str);
            if (NULL_SECRET_STRING.equals(secret)) {
                return null;
            }
            return JsonUtils.readValue(secret, Object.class);
        } catch (Exception e) {
            throw SecretsManagerException.byMessage(getClass().getSimpleName(), str, e.getMessage());
        }
    }

    private void upsertSecret(String str, String str2) {
        if (existSecret(str)) {
            updateSecret(str, str2 != null ? str2 : NULL_SECRET_STRING);
        } else {
            storeSecret(str, str2 != null ? str2 : NULL_SECRET_STRING);
        }
    }

    public boolean existSecret(String str) {
        try {
            return getSecret(str) != null;
        } catch (Exception e) {
            return false;
        }
    }

    abstract void storeSecret(String str, String str2);

    abstract void updateSecret(String str, String str2);

    abstract String getSecret(String str);
}
