package io.airlift.configuration.secrets;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.base.Verify;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Streams;
import io.airlift.configuration.ConfigurationFactory;
import io.airlift.configuration.ConfigurationUtils;
import io.airlift.configuration.TomlConfiguration;
import io.airlift.configuration.secrets.env.EnvironmentVariableSecretsPlugin;
import io.airlift.log.Logger;
import io.airlift.spi.secrets.SecretProvider;
import io.airlift.spi.secrets.SecretProviderFactory;
import io.airlift.spi.secrets.SecretsPlugin;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import java.util.regex.Pattern;

/* loaded from: input_file:io/airlift/configuration/secrets/SecretsPluginManager.class */
public final class SecretsPluginManager {
    private static final String SECRETS_PROVIDER_NAME_PROPERTY = "secrets-provider.name";
    private final Map<String, SecretProviderFactory> secretsProviderFactories = new ConcurrentHashMap();
    private final AtomicReference<Map<String, SecretProvider>> secretsProviders = new AtomicReference<>(ImmutableMap.of());
    private final File installedSecretPluginsDir;
    private final TomlConfiguration tomlConfiguration;
    private static final ImmutableList<String> SPI_PACKAGES = ImmutableList.builder().add("io.airlift.spi.secrets").build();
    private static final Logger log = Logger.get(SecretsPluginManager.class);
    private static final Pattern SECRETS_PROVIDER_NAME_PATTERN = Pattern.compile("[a-z][a-z0-9_-]*");

    public SecretsPluginManager(TomlConfiguration tomlConfiguration) {
        this.tomlConfiguration = (TomlConfiguration) Objects.requireNonNull(tomlConfiguration, "tomlConfiguration is null");
        this.installedSecretPluginsDir = ((SecretsPluginConfig) new ConfigurationFactory(tomlConfiguration.getParentConfiguration()).build(SecretsPluginConfig.class)).getSecretsPluginsDir();
    }

    public void installPlugins() {
        installSecretsPlugin(new EnvironmentVariableSecretsPlugin());
        listFiles(this.installedSecretPluginsDir).stream().filter((v0) -> {
            return v0.isDirectory();
        }).forEach(file -> {
            loadConfigurationResolvers(file.getAbsolutePath(), () -> {
                return createClassLoader(file.getName(), buildClassPath(file));
            });
        });
    }

    @VisibleForTesting
    void installSecretsPlugin(SecretsPlugin secretsPlugin) {
        secretsPlugin.getSecretProviderFactories().forEach(this::addSecretProviderFactory);
    }

    private void addSecretProviderFactory(SecretProviderFactory secretProviderFactory) {
        Verify.verify(SECRETS_PROVIDER_NAME_PATTERN.matcher(secretProviderFactory.getName()).matches(), "Secret provider name '%s' doesn't match pattern '%s'", secretProviderFactory.getName(), SECRETS_PROVIDER_NAME_PATTERN);
        this.secretsProviderFactories.put(secretProviderFactory.getName(), secretProviderFactory);
    }

    public void load() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (String str : this.tomlConfiguration.getNamespaces()) {
            Map<String, String> replaceEnvironmentVariables = ConfigurationUtils.replaceEnvironmentVariables(new HashMap(this.tomlConfiguration.getNamespaceConfiguration(str)));
            String remove = replaceEnvironmentVariables.remove(SECRETS_PROVIDER_NAME_PROPERTY);
            Preconditions.checkState(!Strings.isNullOrEmpty(remove), "Configuration resolver configuration '%s' does not contain '%s'", str, SECRETS_PROVIDER_NAME_PROPERTY);
            builder.put(str, loadConfigProvider(remove, replaceEnvironmentVariables));
        }
        this.secretsProviders.set(builder.buildOrThrow());
    }

    public SecretsResolver getSecretsResolver() {
        return new SecretsResolver(this.secretsProviders.get());
    }

    private void loadConfigurationResolvers(String str, Supplier<SecretsPluginClassLoader> supplier) {
        log.info("-- Loading plugin %s --", new Object[]{str});
        SecretsPluginClassLoader secretsPluginClassLoader = supplier.get();
        log.debug("Classpath for plugin:");
        for (URL url : secretsPluginClassLoader.getURLs()) {
            log.debug("    %s", new Object[]{url.getPath()});
        }
        ThreadContextClassLoader threadContextClassLoader = new ThreadContextClassLoader(secretsPluginClassLoader);
        try {
            loadConfigurationPlugin(secretsPluginClassLoader);
            threadContextClassLoader.close();
            log.info("-- Finished loading plugin %s --", new Object[]{str});
        } catch (Throwable th) {
            try {
                threadContextClassLoader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void loadConfigurationPlugin(SecretsPluginClassLoader secretsPluginClassLoader) {
        ImmutableList<SecretsPlugin> copyOf = ImmutableList.copyOf(ServiceLoader.load(SecretsPlugin.class, secretsPluginClassLoader));
        Preconditions.checkState(!copyOf.isEmpty(), "No service providers of type %s in the classpath: %s", SecretsPlugin.class.getName(), Arrays.asList(secretsPluginClassLoader.getURLs()));
        for (SecretsPlugin secretsPlugin : copyOf) {
            log.info("Installing %s", new Object[]{secretsPlugin.getClass().getName()});
            installSecretsPlugin(secretsPlugin);
        }
    }

    private SecretProvider loadConfigProvider(String str, Map<String, String> map) {
        log.info("-- Loading secret provider --");
        SecretProviderFactory secretProviderFactory = this.secretsProviderFactories.get(str);
        Preconditions.checkState(secretProviderFactory != null, "Secret provider '%s' is not registered", str);
        ThreadContextClassLoader threadContextClassLoader = new ThreadContextClassLoader(secretProviderFactory.getClass().getClassLoader());
        try {
            SecretProvider createSecretProvider = secretProviderFactory.createSecretProvider(ImmutableMap.copyOf(map));
            threadContextClassLoader.close();
            log.info("-- Loaded secret provider %s --", new Object[]{str});
            return createSecretProvider;
        } catch (Throwable th) {
            try {
                threadContextClassLoader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static List<URL> buildClassPath(File file) {
        return (List) listFiles(file).stream().map(SecretsPluginManager::fileToUrl).collect(ImmutableList.toImmutableList());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretsPluginClassLoader createClassLoader(String str, List<URL> list) {
        return new SecretsPluginClassLoader(str, list, SecretsPluginManager.class.getClassLoader(), SPI_PACKAGES);
    }

    private static List<File> listFiles(File file) {
        try {
            DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(file.toPath());
            try {
                List<File> list = (List) Streams.stream(newDirectoryStream).map((v0) -> {
                    return v0.toFile();
                }).sorted().collect(ImmutableList.toImmutableList());
                if (newDirectoryStream != null) {
                    newDirectoryStream.close();
                }
                return list;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static URL fileToUrl(File file) {
        try {
            return file.toURI().toURL();
        } catch (MalformedURLException e) {
            throw new UncheckedIOException(e);
        }
    }
}
