package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.service.aes.AESConfig;
import com.atlassian.secrets.service.aes.AESSecretService;
import com.atlassian.secrets.service.config.BackendConfig;
import com.atlassian.secrets.service.config.SecretServiceConfig;
import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/secrets/service/SecretConfigManager.class */
public class SecretConfigManager {
    public static final String SECRETS_CONFIG_FILE_NAME = "secrets-config.yaml";
    private static final String SECRET_KEY_DIR = "keys";
    private static final String DEFAULT_BACKEND_NAME = "defaultAES";
    private static final String INLINE_AES_BACKEND_NAME = "inlineAES";
    private static final ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory().disable(YAMLGenerator.Feature.WRITE_DOC_START_MARKER));
    private static final boolean isPosixFilesystem = FileSystems.getDefault().supportedFileAttributeViews().contains("posix");
    private static final Logger log = LoggerFactory.getLogger(SecretConfigManager.class);

    private SecretConfigManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretServiceConfig readConfigFile(Path path) throws SecretServiceException {
        try {
            return (SecretServiceConfig) objectMapper.readValue(Files.readAllBytes(path), SecretServiceConfig.class);
        } catch (Exception e) {
            log.error("Problem when reading secret service configuration.");
            throw new SecretServiceException("Problem when reading secret service configuration.", e);
        } catch (JacksonException e2) {
            String format = String.format("Secret service configuration file is invalid, review the %s file.", SECRETS_CONFIG_FILE_NAME);
            log.error(format);
            throw new SecretServiceException(format);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Path generateDefaultConfigFile(Path path, String[] strArr) throws SecretServiceException {
        try {
            Path resolve = path.resolve(SECRETS_CONFIG_FILE_NAME);
            Path resolve2 = path.resolve(SECRET_KEY_DIR);
            String generateDefaultKey = AESSecretService.generateDefaultKey(resolve2);
            BackendConfig backendConfig = new BackendConfig(SecretServiceType.PERSISTENT_AES.toString(), (Map) objectMapper.convertValue(new AESConfig(generateDefaultKey), new TypeReference<Map<String, Object>>() { // from class: com.atlassian.secrets.service.SecretConfigManager.1
            }));
            String generateDefaultKey2 = AESSecretService.generateDefaultKey(resolve2);
            BackendConfig backendConfig2 = new BackendConfig(SecretServiceType.AES.toString(), (Map) objectMapper.convertValue(new AESConfig(generateDefaultKey2), new TypeReference<Map<String, Object>>() { // from class: com.atlassian.secrets.service.SecretConfigManager.2
            }));
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(DEFAULT_BACKEND_NAME, backendConfig);
            linkedHashMap.put(INLINE_AES_BACKEND_NAME, backendConfig2);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            for (String str : strArr) {
                linkedHashMap2.put(str, INLINE_AES_BACKEND_NAME);
            }
            objectMapper.writeValue(resolve.toFile(), new SecretServiceConfig(DEFAULT_BACKEND_NAME, Collections.unmodifiableMap(linkedHashMap), Collections.unmodifiableMap(linkedHashMap2)));
            applyReadOnlyPermissionsTo(isPosixFilesystem, resolve, Paths.get(generateDefaultKey, new String[0]), Paths.get(generateDefaultKey2, new String[0]));
            return resolve;
        } catch (Exception e) {
            log.error("Problem when generating a default secret service configuration.");
            throw new SecretServiceException("Problem when generating a default secret service configuration.", e);
        }
    }

    static void applyReadOnlyPermissionsTo(boolean z, Path... pathArr) {
        if (z) {
            for (Path path : pathArr) {
                HashSet hashSet = new HashSet();
                hashSet.add(PosixFilePermission.OWNER_READ);
                try {
                    Files.setPosixFilePermissions(path, hashSet);
                } catch (Exception e) {
                    throw new SecretServiceException(String.format("Error applying read only permissions to file [%s]", path), e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T> T mapToServiceConfig(Map<String, Object> map, Class<T> cls) throws SecretServiceException {
        try {
            return (T) objectMapper.convertValue(map, cls);
        } catch (Exception e) {
            String format = String.format("Backend properties in secret service configuration file is invalid, review the %s file.", SECRETS_CONFIG_FILE_NAME);
            log.error(format);
            throw new SecretServiceException(format);
        }
    }
}
