package org.sonatype.nexus.crypto.secrets.internal;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.sonatype.goodies.common.ComponentSupport;
import org.sonatype.nexus.crypto.secrets.EncryptionKeyValidator;
import org.sonatype.nexus.crypto.secrets.internal.EncryptionKeyList;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/crypto/secrets/internal/EncryptionKeySourceImpl.class */
public class EncryptionKeySourceImpl extends ComponentSupport implements EncryptionKeySource, EncryptionKeyValidator {
    private final ObjectMapper objectMapper;
    private final String secretsFilePath;
    private EncryptionKeyList configuredKeys;
    private boolean pristine = true;
    private Optional<EncryptionKeyList.SecretEncryptionKey> activeKey = Optional.empty();

    @Inject
    public EncryptionKeySourceImpl(@Nullable @Named("${nexus.secrets.file}") String str, ObjectMapper objectMapper) {
        this.objectMapper = (ObjectMapper) Preconditions.checkNotNull(objectMapper);
        this.secretsFilePath = str;
        checkFilePath();
    }

    private void checkFilePath() {
        if (this.secretsFilePath == null || new File(this.secretsFilePath).exists()) {
            return;
        }
        this.log.warn("The configured secrets file does not exist");
    }

    private void readFile() {
        if (this.secretsFilePath == null) {
            this.log.debug("no path configured for custom secrets");
            return;
        }
        File file = new File(this.secretsFilePath);
        if (!file.exists()) {
            this.log.debug("configured secrets file path is missing");
            return;
        }
        this.log.debug("reading secrets file from path : {}", this.secretsFilePath);
        try {
            this.configuredKeys = (EncryptionKeyList) this.objectMapper.readValue(file, EncryptionKeyList.class);
            String active = this.configuredKeys.getActive();
            if (this.pristine) {
                this.activeKey = this.configuredKeys.getKeys().stream().filter(secretEncryptionKey -> {
                    return secretEncryptionKey.getId().equals(active);
                }).findFirst();
                if (!this.activeKey.isPresent() && active != null) {
                    this.log.error("unable to find encryption key with id '{}'", active);
                }
            }
            this.pristine = false;
        } catch (IOException e) {
            throw new UncheckedIOException(String.format("Unable to read secret encryption keys from '%s'. Cause: %s", this.secretsFilePath, e.getMessage()), e);
        }
    }

    private Optional<EncryptionKeyList.SecretEncryptionKey> findKey(String str) {
        return Optional.ofNullable(this.configuredKeys).flatMap(encryptionKeyList -> {
            return encryptionKeyList.getKeys().stream().filter(secretEncryptionKey -> {
                return str.equals(secretEncryptionKey.getId());
            }).findFirst();
        });
    }

    @Override // org.sonatype.nexus.crypto.secrets.internal.EncryptionKeySource
    public Optional<EncryptionKeyList.SecretEncryptionKey> getActiveKey() {
        if (this.pristine) {
            readFile();
        }
        return this.activeKey;
    }

    @Override // org.sonatype.nexus.crypto.secrets.internal.EncryptionKeySource
    public Optional<EncryptionKeyList.SecretEncryptionKey> getKey(String str) {
        Preconditions.checkNotNull(str);
        if (!findKey(str).isPresent()) {
            readFile();
        }
        return findKey(str);
    }

    @Override // org.sonatype.nexus.crypto.secrets.EncryptionKeyValidator
    public boolean isValidKey(String str) {
        return getKey(str).isPresent();
    }

    @Override // org.sonatype.nexus.crypto.secrets.EncryptionKeyValidator
    public Optional<String> getActiveKeyId() {
        return getActiveKey().map((v0) -> {
            return v0.getId();
        });
    }

    @Override // org.sonatype.nexus.crypto.secrets.internal.EncryptionKeySource
    public void setActiveKey(String str) {
        Preconditions.checkNotNull(str);
        Optional<EncryptionKeyList.SecretEncryptionKey> findKey = findKey(str);
        if (findKey.isPresent()) {
            this.activeKey = findKey;
        } else {
            readFile();
            this.activeKey = findKey(str);
        }
    }
}
