package org.openmetadata.service.secrets;

import com.google.common.annotations.VisibleForTesting;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import org.openmetadata.annotations.PasswordField;
import org.openmetadata.schema.entity.services.ServiceType;
import org.openmetadata.schema.entity.services.ingestionPipelines.IngestionPipeline;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.service.Entity;
import org.openmetadata.service.exception.InvalidServiceConnectionException;
import org.openmetadata.service.exception.SecretsManagerException;
import org.openmetadata.service.fernet.Fernet;
import org.openmetadata.service.security.auth.BotTokenCache;
import org.openmetadata.service.util.AuthenticationMechanismBuilder;
import org.openmetadata.service.util.IngestionPipelineBuilder;
import org.openmetadata.service.util.JsonUtils;

/* loaded from: input_file:org/openmetadata/service/secrets/SecretsManager.class */
public abstract class SecretsManager {
    private final String clusterPrefix;
    private final SecretsManagerProvider secretsManagerProvider;
    private Fernet fernet = Fernet.getInstance();
    private static final Set<Class<?>> DO_NOT_ENCRYPT_CLASSES = Set.of(OpenMetadataJWTClientConfig.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretsManager(SecretsManagerProvider secretsManagerProvider, String str) {
        this.secretsManagerProvider = secretsManagerProvider;
        this.clusterPrefix = str;
    }

    public Object encryptOrDecryptServiceConnectionConfig(Object obj, String str, String str2, ServiceType serviceType, boolean z) {
        try {
            return encryptOrDecryptPasswordFields(JsonUtils.convertValue(obj, createConnectionConfigClass(str, extractConnectionPackageName(serviceType))), buildSecretId(true, serviceType.value(), str2), z);
        } catch (Exception e) {
            throw InvalidServiceConnectionException.byMessage(str, String.format("Failed to encrypt connection instance of %s", str));
        }
    }

    public AuthenticationMechanism encryptOrDecryptAuthenticationMechanism(String str, AuthenticationMechanism authenticationMechanism, boolean z) {
        if (authenticationMechanism == null) {
            return null;
        }
        try {
            return (AuthenticationMechanism) encryptOrDecryptPasswordFields(AuthenticationMechanismBuilder.build(authenticationMechanism), buildSecretId(true, Entity.BOT, str), z);
        } catch (Exception e) {
            throw InvalidServiceConnectionException.byMessage(str, String.format("Failed to encrypt user bot instance [%s]", str));
        }
    }

    public IngestionPipeline encryptOrDecryptIngestionPipeline(IngestionPipeline ingestionPipeline, boolean z) {
        IngestionPipeline build = IngestionPipelineBuilder.build(ingestionPipeline);
        try {
            return (IngestionPipeline) encryptOrDecryptPasswordFields(build, buildSecretId(true, Entity.PIPELINE, build.getName()), z);
        } catch (Exception e) {
            throw InvalidServiceConnectionException.byMessage(build.getName(), String.format("Failed to encrypt ingestion pipeline instance [%s]", build.getName()));
        }
    }

    private Object encryptOrDecryptPasswordFields(Object obj, String str, boolean z) {
        if (z) {
            encryptPasswordFields(obj, str);
        } else {
            decryptPasswordFields(obj);
        }
        return obj;
    }

    private void encryptPasswordFields(Object obj, String str) {
        if (DO_NOT_ENCRYPT_CLASSES.contains(obj.getClass())) {
            return;
        }
        Arrays.stream(obj.getClass().getMethods()).filter(this::isGetMethodOfObject).forEach(method -> {
            Object objectFromMethod = getObjectFromMethod(method, obj);
            String replaceFirst = method.getName().replaceFirst("get", BotTokenCache.EMPTY_STRING);
            if (objectFromMethod != null && objectFromMethod.getClass().getPackageName().startsWith("org.openmetadata")) {
                encryptPasswordFields(objectFromMethod, buildSecretId(false, str, replaceFirst.toLowerCase(Locale.ROOT)));
            } else {
                if (objectFromMethod == null || method.getAnnotation(PasswordField.class) == null) {
                    return;
                }
                String storeValue = storeValue(replaceFirst, decryptFernetIfApplies((String) objectFromMethod), str);
                setValueInMethod(obj, Fernet.isTokenized(storeValue) ? storeValue : this.fernet.encrypt(storeValue), getToSetMethod(obj, objectFromMethod, replaceFirst));
            }
        });
    }

    private String decryptFernetIfApplies(String str) {
        return Fernet.isTokenized(str) ? this.fernet.decrypt(str) : str;
    }

    private void decryptPasswordFields(Object obj) {
        Arrays.stream(obj.getClass().getMethods()).filter(this::isGetMethodOfObject).forEach(method -> {
            Object objectFromMethod = getObjectFromMethod(method, obj);
            String replaceFirst = method.getName().replaceFirst("get", BotTokenCache.EMPTY_STRING);
            if (objectFromMethod != null && objectFromMethod.getClass().getPackageName().startsWith("org.openmetadata")) {
                decryptPasswordFields(objectFromMethod);
            } else {
                if (objectFromMethod == null || method.getAnnotation(PasswordField.class) == null) {
                    return;
                }
                String str = (String) objectFromMethod;
                setValueInMethod(obj, Fernet.isTokenized(str) ? this.fernet.decrypt(str) : str, getToSetMethod(obj, objectFromMethod, replaceFirst));
            }
        });
    }

    protected abstract String storeValue(String str, String str2, String str3);

    private void setValueInMethod(Object obj, String str, Method method) {
        try {
            method.invoke(obj, str);
        } catch (IllegalAccessException | InvocationTargetException e) {
            throw new SecretsManagerException(e.getMessage());
        }
    }

    private Method getToSetMethod(Object obj, Object obj2, String str) {
        try {
            return obj.getClass().getMethod("set" + str, obj2.getClass());
        } catch (NoSuchMethodException e) {
            throw new SecretsManagerException(e.getMessage());
        }
    }

    private Object getObjectFromMethod(Method method, Object obj) {
        try {
            return method.invoke(obj, new Object[0]);
        } catch (IllegalAccessException | InvocationTargetException e) {
            throw new SecretsManagerException(e.getMessage());
        }
    }

    private boolean isGetMethodOfObject(Method method) {
        return (!method.getName().startsWith("get") || method.getReturnType().equals(Void.TYPE) || method.getReturnType().isPrimitive()) ? false : true;
    }

    protected String getSecretSeparator() {
        return "/";
    }

    protected boolean startsWithSeparator() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String buildSecretId(boolean z, String... strArr) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(startsWithSeparator() ? getSecretSeparator() : BotTokenCache.EMPTY_STRING);
            sb.append(this.clusterPrefix);
        } else {
            sb.append("%s");
        }
        Arrays.stream(strArr).skip(z ? 0L : 1L).forEach(str -> {
            if (Objects.isNull(str)) {
                throw new SecretsManagerException("Cannot build a secret id with null values.");
            }
            sb.append(getSecretSeparator());
            sb.append("%s");
        });
        return String.format(sb.toString(), strArr).toLowerCase();
    }

    protected Class<?> createConnectionConfigClass(String str, String str2) throws ClassNotFoundException {
        return Class.forName("org.openmetadata.schema.services.connections." + str2 + "." + str + "Connection");
    }

    protected String extractConnectionPackageName(ServiceType serviceType) {
        return serviceType.value().toLowerCase(Locale.ROOT);
    }

    @VisibleForTesting
    void setFernet(Fernet fernet) {
        this.fernet = fernet;
    }

    public String getClusterPrefix() {
        return this.clusterPrefix;
    }

    public SecretsManagerProvider getSecretsManagerProvider() {
        return this.secretsManagerProvider;
    }
}
