package org.apache.nifi.properties;

import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.models.KeyOperation;
import com.azure.security.keyvault.keys.models.KeyVaultKey;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import org.apache.nifi.util.StringUtils;

/* loaded from: input_file:org/apache/nifi/properties/AzureKeyVaultKeySensitivePropertyProvider.class */
public class AzureKeyVaultKeySensitivePropertyProvider extends ClientBasedEncodedSensitivePropertyProvider<CryptographyClient> {
    protected static final String ENCRYPTION_ALGORITHM_PROPERTY = "azure.keyvault.encryption.algorithm";
    protected static final List<KeyOperation> REQUIRED_OPERATIONS = Arrays.asList(KeyOperation.DECRYPT, KeyOperation.ENCRYPT);
    private EncryptionAlgorithm encryptionAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AzureKeyVaultKeySensitivePropertyProvider(CryptographyClient cryptographyClient, Properties properties) {
        super(PropertyProtectionScheme.AZURE_KEYVAULT_KEY, cryptographyClient, properties);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.properties.ClientBasedEncodedSensitivePropertyProvider
    public void validate(CryptographyClient cryptographyClient) {
        if (cryptographyClient == null) {
            this.logger.debug("Azure Cryptography Client not configured");
            return;
        }
        try {
            KeyVaultKey key = cryptographyClient.getKey();
            String id = key.getId();
            if (!key.getProperties().isEnabled().booleanValue()) {
                throw new SensitivePropertyProtectionException(String.format("Azure Key Vault Key [%s] Disabled", id));
            }
            if (!key.getKeyOperations().containsAll(REQUIRED_OPERATIONS)) {
                throw new SensitivePropertyProtectionException(String.format("Azure Key Vault Key [%s] Missing Operations %s", id, REQUIRED_OPERATIONS));
            }
            this.logger.info("Azure Key Vault Key [{}] Validated", id);
            String property = getProperties().getProperty(ENCRYPTION_ALGORITHM_PROPERTY);
            if (StringUtils.isBlank(property)) {
                throw new SensitivePropertyProtectionException("Azure Key Vault Key Algorithm not configured");
            }
            this.encryptionAlgorithm = EncryptionAlgorithm.fromString(property);
        } catch (RuntimeException e) {
            throw new SensitivePropertyProtectionException("Azure Key Vault Key Validation Failed", e);
        }
    }

    @Override // org.apache.nifi.properties.EncodedSensitivePropertyProvider
    protected byte[] getEncrypted(byte[] bArr) {
        return getClient().encrypt(this.encryptionAlgorithm, bArr).getCipherText();
    }

    @Override // org.apache.nifi.properties.EncodedSensitivePropertyProvider
    protected byte[] getDecrypted(byte[] bArr) {
        return getClient().decrypt(this.encryptionAlgorithm, bArr).getPlainText();
    }
}
