package com.atlassian.secrets.service;

import com.atlassian.secrets.api.SecretServiceException;
import com.atlassian.secrets.api.SecretServiceType;
import com.atlassian.secrets.service.aes.AESConfig;
import com.atlassian.secrets.service.aes.AESKeyGenerator;
import com.atlassian.secrets.service.config.BackendConfig;
import com.atlassian.secrets.service.config.SecretServiceConfig;
import com.atlassian.secrets.service.dao.Underlock;
import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.time.Duration;
import java.util.Collections;
import java.util.EnumSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/secrets/service/SecretConfigManager.class */
public class SecretConfigManager {
    private static final String DEFAULT_BACKEND_NAME = "defaultAES";
    private static final YAMLFactory yamlFactory = new YAMLFactory().disable(YAMLGenerator.Feature.WRITE_DOC_START_MARKER);
    private static final ObjectMapper objectMapper = new ObjectMapper(yamlFactory).enable(new JsonParser.Feature[]{JsonParser.Feature.STRICT_DUPLICATE_DETECTION});
    private static final boolean isPosixFilesystem = FileSystems.getDefault().supportedFileAttributeViews().contains("posix");
    private static final Logger log = LoggerFactory.getLogger(SecretConfigManager.class);

    private SecretConfigManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretServiceConfig readConfigFile(Path path) throws SecretServiceException {
        try {
            return (SecretServiceConfig) objectMapper.readValue(Files.readAllBytes(path), SecretServiceConfig.class);
        } catch (Exception e) {
            log.error("Problem when reading secret service configuration.");
            throw new SecretServiceException("Problem when reading secret service configuration.", e);
        } catch (JacksonException e2) {
            String originalMessage = e2.getOriginalMessage();
            if (originalMessage.toLowerCase().contains("duplicate field")) {
                String format = String.format("%s is invalid: %s", path.getFileName(), originalMessage);
                log.error(format);
                throw new SecretServiceException(format);
            }
            String format2 = String.format("Secret service configuration file is invalid, review the %s file.", path.getFileName());
            log.error(format2);
            throw new SecretServiceException(format2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Path maybeGenerateDefaultConfigFile(SecretServiceParams secretServiceParams) throws SecretServiceException {
        try {
            Path secretsConfigFile = secretServiceParams.getSecretsConfigFile();
            Path generateDefaultKey = new AESKeyGenerator().generateDefaultKey(secretServiceParams.getKeyDirectory());
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            Underlock.forFile(secretsConfigFile, Duration.ofSeconds(30L)).edit((bufferedReader, writer) -> {
                if (bufferedReader != null) {
                    log.debug("Existing config {} file already exists", secretsConfigFile.toString());
                    return;
                }
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                linkedHashMap.put(DEFAULT_BACKEND_NAME, generateAESBasedBackendConfig(generateDefaultKey));
                writer.write(objectMapper.writeValueAsString(new SecretServiceConfig(DEFAULT_BACKEND_NAME, Collections.unmodifiableMap(linkedHashMap))));
                atomicBoolean.set(true);
            }, false);
            if (atomicBoolean.get()) {
                applyReadOnlyPermissionsTo(isPosixFilesystem, secretsConfigFile, generateDefaultKey);
            }
            return secretsConfigFile;
        } catch (Exception e) {
            log.error("Problem when generating a default secret service configuration.");
            throw new SecretServiceException("Problem when generating a default secret service configuration.", e);
        }
    }

    static BackendConfig generateAESBasedBackendConfig(Path path) {
        return new BackendConfig(SecretServiceType.AES.toString(), (Map) objectMapper.convertValue(new AESConfig(path), new TypeReference<Map<String, Object>>() { // from class: com.atlassian.secrets.service.SecretConfigManager.1
        }));
    }

    static void applyReadOnlyPermissionsTo(boolean z, Path... pathArr) {
        if (z) {
            for (Path path : pathArr) {
                try {
                    Files.setPosixFilePermissions(path, EnumSet.of(PosixFilePermission.OWNER_READ));
                } catch (Exception e) {
                    throw new SecretServiceException(String.format("Error applying read only permissions to file [%s]", path), e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T> T mapToServiceConfig(Map<String, Object> map, Class<T> cls) {
        return (T) objectMapper.convertValue(map, cls);
    }
}
