package com.microsoft.azure.management.compute.implementation;

import com.microsoft.azure.SubResource;
import com.microsoft.azure.management.compute.DiskEncryptionSettings;
import com.microsoft.azure.management.compute.DiskVolumeEncryptionMonitor;
import com.microsoft.azure.management.compute.DiskVolumeType;
import com.microsoft.azure.management.compute.EncryptionStatus;
import com.microsoft.azure.management.compute.KeyVaultKeyReference;
import com.microsoft.azure.management.compute.KeyVaultSecretReference;
import com.microsoft.azure.management.compute.OperatingSystemTypes;
import com.microsoft.azure.management.compute.VirtualMachine;
import com.microsoft.azure.management.compute.VirtualMachineEncryptionConfiguration;
import com.microsoft.azure.management.compute.VirtualMachineExtension;
import com.microsoft.azure.management.compute.VirtualMachineExtensionInstanceView;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.UUID;
import rx.Observable;
import rx.functions.Func0;
import rx.functions.Func1;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/azure-mgmt-compute-1.5.1.jar:com/microsoft/azure/management/compute/implementation/VirtualMachineEncryptionHelper.class */
public class VirtualMachineEncryptionHelper {
    private final String encryptionExtensionPublisher = "Microsoft.Azure.Security";
    private final OperatingSystemTypes osType;
    private final VirtualMachine virtualMachine;
    private static final String ERROR_ENCRYPTION_EXTENSION_NOT_FOUND = "Expected encryption extension not found in the VM";
    private static final String ERROR_NON_SUCCESS_PROVISIONING_STATE = "Extension needed for disk encryption was not provisioned correctly, found ProvisioningState as '%s'";
    private static final String ERROR_EXPECTED_KEY_VAULT_URL_NOT_FOUND = "Could not found URL pointing to the secret for disk encryption";
    private static final String ERROR_EXPECTED_ENCRYPTION_EXTENSION_STATUS_NOT_FOUND = "Encryption extension with successful status not found in the VM";
    private static final String ERROR_ENCRYPTION_EXTENSION_STATUS_IS_EMPTY = "Encryption extension status is empty";
    private static final String ERROR_ON_LINUX_DECRYPTING_NON_DATA_DISK_IS_NOT_SUPPORTED = "Only data disk is supported to disable encryption on Linux VM";
    private static final String ERROR_ON_LINUX_DATA_DISK_DECRYPT_NOT_ALLOWED_IF_OS_DISK_IS_ENCRYPTED = "On Linux VM disabling data disk encryption is allowed only if OS disk is not encrypted";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/azure-mgmt-compute-1.5.1.jar:com/microsoft/azure/management/compute/implementation/VirtualMachineEncryptionHelper$DisableEncryptConfig.class */
    public class DisableEncryptConfig extends EnableDisableEncryptConfig {
        private final DiskVolumeType volumeType;

        DisableEncryptConfig(DiskVolumeType diskVolumeType) {
            super();
            this.volumeType = diskVolumeType;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public DiskEncryptionSettings storageProfileEncryptionSettings() {
            DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings();
            diskEncryptionSettings.withEnabled(false);
            return diskEncryptionSettings;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public HashMap<String, Object> extensionPublicSettings() {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("EncryptionOperation", "DisableEncryption");
            linkedHashMap.put("SequenceVersion", UUID.randomUUID());
            linkedHashMap.put("VolumeType", this.volumeType);
            return linkedHashMap;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public HashMap<String, Object> extensionProtectedSettings() {
            return new LinkedHashMap();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/azure-mgmt-compute-1.5.1.jar:com/microsoft/azure/management/compute/implementation/VirtualMachineEncryptionHelper$EnableDisableEncryptConfig.class */
    public abstract class EnableDisableEncryptConfig {
        private EnableDisableEncryptConfig() {
        }

        public abstract DiskEncryptionSettings storageProfileEncryptionSettings();

        public abstract HashMap<String, Object> extensionPublicSettings();

        public abstract HashMap<String, Object> extensionProtectedSettings();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/azure-mgmt-compute-1.5.1.jar:com/microsoft/azure/management/compute/implementation/VirtualMachineEncryptionHelper$EnableEncryptConfig.class */
    public class EnableEncryptConfig<T extends VirtualMachineEncryptionConfiguration<T>> extends EnableDisableEncryptConfig {
        private final VirtualMachineEncryptionConfiguration<T> settings;

        EnableEncryptConfig(VirtualMachineEncryptionConfiguration<T> virtualMachineEncryptionConfiguration) {
            super();
            this.settings = virtualMachineEncryptionConfiguration;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public DiskEncryptionSettings storageProfileEncryptionSettings() {
            KeyVaultKeyReference keyVaultKeyReference = null;
            if (this.settings.keyEncryptionKeyURL() != null) {
                keyVaultKeyReference = new KeyVaultKeyReference();
                keyVaultKeyReference.withKeyUrl(this.settings.keyEncryptionKeyURL());
                if (this.settings.keyEncryptionKeyVaultId() != null) {
                    keyVaultKeyReference.withSourceVault(new SubResource().withId(this.settings.keyEncryptionKeyVaultId()));
                }
            }
            DiskEncryptionSettings diskEncryptionSettings = new DiskEncryptionSettings();
            diskEncryptionSettings.withEnabled(true).withKeyEncryptionKey(keyVaultKeyReference).withDiskEncryptionKey(new KeyVaultSecretReference()).diskEncryptionKey().withSourceVault(new SubResource().withId(this.settings.keyVaultId()));
            return diskEncryptionSettings;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public HashMap<String, Object> extensionPublicSettings() {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("EncryptionOperation", "EnableEncryption");
            linkedHashMap.put("AADClientID", this.settings.aadClientId());
            linkedHashMap.put("KeyEncryptionAlgorithm", this.settings.volumeEncryptionKeyEncryptAlgorithm());
            linkedHashMap.put("KeyVaultURL", this.settings.keyVaultUrl());
            linkedHashMap.put("VolumeType", this.settings.volumeType().toString());
            linkedHashMap.put("SequenceVersion", UUID.randomUUID());
            if (this.settings.keyEncryptionKeyURL() != null) {
                linkedHashMap.put("KeyEncryptionKeyURL", this.settings.keyEncryptionKeyURL());
            }
            return linkedHashMap;
        }

        @Override // com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.EnableDisableEncryptConfig
        public HashMap<String, Object> extensionProtectedSettings() {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("AADClientSecret", this.settings.aadSecret());
            if (this.settings.osType() == OperatingSystemTypes.LINUX && this.settings.linuxPassPhrase() != null) {
                linkedHashMap.put("Passphrase", this.settings.linuxPassPhrase());
            }
            return linkedHashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VirtualMachineEncryptionHelper(VirtualMachine virtualMachine) {
        this.virtualMachine = virtualMachine;
        this.osType = this.virtualMachine.osType();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T extends VirtualMachineEncryptionConfiguration<T>> Observable<DiskVolumeEncryptionMonitor> enableEncryptionAsync(VirtualMachineEncryptionConfiguration<T> virtualMachineEncryptionConfiguration) {
        final EnableEncryptConfig enableEncryptConfig = new EnableEncryptConfig(virtualMachineEncryptionConfiguration);
        return updateEncryptionExtensionAsync(enableEncryptConfig).switchIfEmpty(installEncryptionExtensionAsync(enableEncryptConfig)).flatMap(new Func1<VirtualMachine, Observable<String>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.3
            @Override // rx.functions.Func1
            public Observable<String> call(VirtualMachine virtualMachine) {
                return VirtualMachineEncryptionHelper.this.retrieveEncryptionExtensionStatusStringAsync(VirtualMachineEncryptionHelper.ERROR_EXPECTED_KEY_VAULT_URL_NOT_FOUND);
            }
        }).flatMap(new Func1<String, Observable<VirtualMachine>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.2
            @Override // rx.functions.Func1
            public Observable<VirtualMachine> call(String str) {
                return VirtualMachineEncryptionHelper.this.updateVMStorageProfileAsync(enableEncryptConfig, str);
            }
        }).flatMap(new Func1<VirtualMachine, Observable<DiskVolumeEncryptionMonitor>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.1
            @Override // rx.functions.Func1
            public Observable<DiskVolumeEncryptionMonitor> call(VirtualMachine virtualMachine) {
                return VirtualMachineEncryptionHelper.this.getDiskVolumeEncryptDecryptStatusAsync(virtualMachine);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Observable<DiskVolumeEncryptionMonitor> disableEncryptionAsync(DiskVolumeType diskVolumeType) {
        final DisableEncryptConfig disableEncryptConfig = new DisableEncryptConfig(diskVolumeType);
        return validateBeforeDecryptAsync(diskVolumeType).flatMap(new Func1<Boolean, Observable<VirtualMachine>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.7
            @Override // rx.functions.Func1
            public Observable<VirtualMachine> call(Boolean bool) {
                return VirtualMachineEncryptionHelper.this.updateEncryptionExtensionAsync(disableEncryptConfig);
            }
        }).switchIfEmpty(installEncryptionExtensionAsync(disableEncryptConfig)).flatMap(new Func1<VirtualMachine, Observable<String>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.6
            @Override // rx.functions.Func1
            public Observable<String> call(VirtualMachine virtualMachine) {
                return VirtualMachineEncryptionHelper.this.retrieveEncryptionExtensionStatusStringAsync(VirtualMachineEncryptionHelper.ERROR_ENCRYPTION_EXTENSION_STATUS_IS_EMPTY);
            }
        }).flatMap(new Func1<String, Observable<VirtualMachine>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.5
            @Override // rx.functions.Func1
            public Observable<VirtualMachine> call(String str) {
                return VirtualMachineEncryptionHelper.this.updateVMStorageProfileAsync(disableEncryptConfig);
            }
        }).flatMap(new Func1<VirtualMachine, Observable<DiskVolumeEncryptionMonitor>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.4
            @Override // rx.functions.Func1
            public Observable<DiskVolumeEncryptionMonitor> call(VirtualMachine virtualMachine) {
                return VirtualMachineEncryptionHelper.this.getDiskVolumeEncryptDecryptStatusAsync(virtualMachine);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String encryptionExtensionType() {
        return this.osType == OperatingSystemTypes.LINUX ? "AzureDiskEncryptionForLinux" : "AzureDiskEncryption";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String encryptionExtensionVersion() {
        return this.osType == OperatingSystemTypes.LINUX ? "0.1" : "1.1";
    }

    private Observable<Boolean> validateBeforeDecryptAsync(DiskVolumeType diskVolumeType) {
        return this.osType == OperatingSystemTypes.LINUX ? diskVolumeType != DiskVolumeType.DATA ? toErrorObservable(ERROR_ON_LINUX_DECRYPTING_NON_DATA_DISK_IS_NOT_SUPPORTED) : getDiskVolumeEncryptDecryptStatusAsync(this.virtualMachine).flatMap(new Func1<DiskVolumeEncryptionMonitor, Observable<Boolean>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.8
            @Override // rx.functions.Func1
            public Observable<Boolean> call(DiskVolumeEncryptionMonitor diskVolumeEncryptionMonitor) {
                return diskVolumeEncryptionMonitor.osDiskStatus().equals(EncryptionStatus.ENCRYPTED) ? VirtualMachineEncryptionHelper.this.toErrorObservable(VirtualMachineEncryptionHelper.ERROR_ON_LINUX_DATA_DISK_DECRYPT_NOT_ALLOWED_IF_OS_DISK_IS_ENCRYPTED) : Observable.just(true);
            }
        }) : Observable.just(true);
    }

    private Observable<VirtualMachineExtension> getEncryptionExtensionInstalledInVMAsync() {
        return this.virtualMachine.listExtensionsAsync().firstOrDefault(null, new Func1<VirtualMachineExtension, Boolean>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.10
            @Override // rx.functions.Func1
            public Boolean call(VirtualMachineExtension virtualMachineExtension) {
                return Boolean.valueOf(virtualMachineExtension.publisherName().equalsIgnoreCase("Microsoft.Azure.Security") && virtualMachineExtension.typeName().equalsIgnoreCase(VirtualMachineEncryptionHelper.this.encryptionExtensionType()));
            }
        }).flatMap(new Func1<VirtualMachineExtension, Observable<VirtualMachineExtension>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.9
            @Override // rx.functions.Func1
            public Observable<VirtualMachineExtension> call(VirtualMachineExtension virtualMachineExtension) {
                return virtualMachineExtension == null ? Observable.empty() : Observable.just(virtualMachineExtension);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Observable<VirtualMachine> updateEncryptionExtensionAsync(final EnableDisableEncryptConfig enableDisableEncryptConfig) {
        return getEncryptionExtensionInstalledInVMAsync().flatMap(new Func1<VirtualMachineExtension, Observable<VirtualMachine>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.11
            @Override // rx.functions.Func1
            public Observable<VirtualMachine> call(VirtualMachineExtension virtualMachineExtension) {
                return VirtualMachineEncryptionHelper.this.virtualMachine.update2().updateExtension(virtualMachineExtension.name()).withPublicSettings(enableDisableEncryptConfig.extensionPublicSettings()).withProtectedSettings(enableDisableEncryptConfig.extensionProtectedSettings()).parent().applyAsync();
            }
        });
    }

    private Observable<VirtualMachine> installEncryptionExtensionAsync(final EnableDisableEncryptConfig enableDisableEncryptConfig) {
        return Observable.defer(new Func0<Observable<VirtualMachine>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.12
            @Override // rx.functions.Func0, java.util.concurrent.Callable
            public Observable<VirtualMachine> call() {
                return VirtualMachineEncryptionHelper.this.virtualMachine.update2().defineNewExtension(VirtualMachineEncryptionHelper.this.encryptionExtensionType()).withPublisher("Microsoft.Azure.Security").withType(VirtualMachineEncryptionHelper.this.encryptionExtensionType()).withVersion(VirtualMachineEncryptionHelper.this.encryptionExtensionVersion()).withPublicSettings(enableDisableEncryptConfig.extensionPublicSettings()).withProtectedSettings(enableDisableEncryptConfig.extensionProtectedSettings()).withMinorVersionAutoUpgrade().attach().applyAsync();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Observable<String> retrieveEncryptionExtensionStatusStringAsync(final String str) {
        return getEncryptionExtensionInstalledInVMAsync().switchIfEmpty(toErrorObservable(ERROR_ENCRYPTION_EXTENSION_NOT_FOUND)).flatMap(new Func1<VirtualMachineExtension, Observable<VirtualMachineExtensionInstanceView>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.14
            @Override // rx.functions.Func1
            public Observable<VirtualMachineExtensionInstanceView> call(VirtualMachineExtension virtualMachineExtension) {
                return !virtualMachineExtension.provisioningState().equalsIgnoreCase("Succeeded") ? this.toErrorObservable(String.format(VirtualMachineEncryptionHelper.ERROR_NON_SUCCESS_PROVISIONING_STATE, virtualMachineExtension.provisioningState())) : virtualMachineExtension.getInstanceViewAsync();
            }
        }).flatMap(new Func1<VirtualMachineExtensionInstanceView, Observable<String>>() { // from class: com.microsoft.azure.management.compute.implementation.VirtualMachineEncryptionHelper.13
            @Override // rx.functions.Func1
            public Observable<String> call(VirtualMachineExtensionInstanceView virtualMachineExtensionInstanceView) {
                if (virtualMachineExtensionInstanceView == null || virtualMachineExtensionInstanceView.statuses() == null || virtualMachineExtensionInstanceView.statuses().size() == 0) {
                    return this.toErrorObservable(VirtualMachineEncryptionHelper.ERROR_EXPECTED_ENCRYPTION_EXTENSION_STATUS_NOT_FOUND);
                }
                String message = virtualMachineExtensionInstanceView.statuses().get(0).message();
                return message == null ? this.toErrorObservable(str) : Observable.just(message);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Observable<VirtualMachine> updateVMStorageProfileAsync(EnableDisableEncryptConfig enableDisableEncryptConfig, String str) {
        DiskEncryptionSettings storageProfileEncryptionSettings = enableDisableEncryptConfig.storageProfileEncryptionSettings();
        storageProfileEncryptionSettings.diskEncryptionKey().withSecretUrl(str);
        return this.virtualMachine.update2().withOSDiskEncryptionSettings(storageProfileEncryptionSettings).applyAsync();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Observable<VirtualMachine> updateVMStorageProfileAsync(EnableDisableEncryptConfig enableDisableEncryptConfig) {
        return this.virtualMachine.update2().withOSDiskEncryptionSettings(enableDisableEncryptConfig.storageProfileEncryptionSettings()).applyAsync();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Observable<DiskVolumeEncryptionMonitor> getDiskVolumeEncryptDecryptStatusAsync(VirtualMachine virtualMachine) {
        return this.osType == OperatingSystemTypes.LINUX ? new LinuxDiskVolumeEncryptionMonitorImpl(virtualMachine.id(), virtualMachine.manager()).refreshAsync() : new WindowsVolumeEncryptionMonitorImpl(virtualMachine.id(), virtualMachine.manager()).refreshAsync();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <ResultT> Observable<ResultT> toErrorObservable(String str) {
        return Observable.error(new Exception(str));
    }
}
