package org.apache.nifi.processors.aws.s3;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.S3ClientOptions;
import com.amazonaws.services.s3.model.AccessControlList;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.CannedAccessControlList;
import com.amazonaws.services.s3.model.CanonicalGrantee;
import com.amazonaws.services.s3.model.EmailAddressGrantee;
import com.amazonaws.services.s3.model.Grantee;
import com.amazonaws.services.s3.model.Owner;
import com.amazonaws.services.s3.model.Permission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.DescribedValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.AbstractAWSCredentialsProviderProcessor;
import org.apache.nifi.processors.aws.AbstractAWSProcessor;
import org.apache.nifi.processors.aws.AwsClientDetails;
import org.apache.nifi.processors.aws.AwsPropertyDescriptors;
import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil;
import org.apache.nifi.processors.aws.signer.AwsSignerType;

/* loaded from: input_file:org/apache/nifi/processors/aws/s3/AbstractS3Processor.class */
public abstract class AbstractS3Processor extends AbstractAWSCredentialsProviderProcessor<AmazonS3Client> {
    public static final String S3_REGION_ATTRIBUTE = "s3.region";
    public static final PropertyDescriptor FULL_CONTROL_USER_LIST = new PropertyDescriptor.Builder().name("FullControl User List").description("A comma-separated list of Amazon User ID's or E-mail addresses that specifies who should have Full Control for an object").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.full.users}").build();
    public static final PropertyDescriptor READ_USER_LIST = new PropertyDescriptor.Builder().name("Read Permission User List").description("A comma-separated list of Amazon User ID's or E-mail addresses that specifies who should have Read Access for an object").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.read.users}").build();
    public static final PropertyDescriptor WRITE_USER_LIST = new PropertyDescriptor.Builder().name("Write Permission User List").description("A comma-separated list of Amazon User ID's or E-mail addresses that specifies who should have Write Access for an object").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.write.users}").build();
    public static final PropertyDescriptor READ_ACL_LIST = new PropertyDescriptor.Builder().name("Read ACL User List").description("A comma-separated list of Amazon User ID's or E-mail addresses that specifies who should have permissions to read the Access Control List for an object").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.readacl.users}").build();
    public static final PropertyDescriptor WRITE_ACL_LIST = new PropertyDescriptor.Builder().name("Write ACL User List").description("A comma-separated list of Amazon User ID's or E-mail addresses that specifies who should have permissions to change the Access Control List for an object").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.writeacl.users}").build();
    public static final PropertyDescriptor CANNED_ACL = new PropertyDescriptor.Builder().name("canned-acl").displayName("Canned ACL").description("Amazon Canned ACL for an object, one of: BucketOwnerFullControl, BucketOwnerRead, LogDeliveryWrite, AuthenticatedRead, PublicReadWrite, PublicRead, Private; will be ignored if any other ACL/permission/owner property is specified").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.permissions.cannedacl}").build();
    public static final PropertyDescriptor OWNER = new PropertyDescriptor.Builder().name("Owner").description("The Amazon ID to use for the object's owner").required(false).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue("${s3.owner}").build();
    public static final PropertyDescriptor BUCKET = new PropertyDescriptor.Builder().name("Bucket").description("The S3 Bucket to interact with").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor KEY = new PropertyDescriptor.Builder().name("Object Key").description("The S3 Object Key to use. This is analogous to a filename for traditional file systems.").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).defaultValue("${filename}").build();
    public static final PropertyDescriptor SIGNER_OVERRIDE = new PropertyDescriptor.Builder().name("Signer Override").description("The AWS S3 library uses Signature Version 4 by default but this property allows you to specify the Version 2 signer to support older S3-compatible services or even to plug in your own custom signer implementation.").required(false).allowableValues(EnumSet.of(AwsSignerType.DEFAULT_SIGNER, AwsSignerType.AWS_S3_V4_SIGNER, AwsSignerType.AWS_S3_V2_SIGNER, AwsSignerType.CUSTOM_SIGNER)).defaultValue(AwsSignerType.DEFAULT_SIGNER.getValue()).build();
    public static final PropertyDescriptor S3_CUSTOM_SIGNER_CLASS_NAME = new PropertyDescriptor.Builder().fromPropertyDescriptor(AwsPropertyDescriptors.CUSTOM_SIGNER_CLASS_NAME).dependsOn(SIGNER_OVERRIDE, AwsSignerType.CUSTOM_SIGNER, new DescribedValue[0]).build();
    public static final PropertyDescriptor S3_CUSTOM_SIGNER_MODULE_LOCATION = new PropertyDescriptor.Builder().fromPropertyDescriptor(AwsPropertyDescriptors.CUSTOM_SIGNER_MODULE_LOCATION).dependsOn(SIGNER_OVERRIDE, AwsSignerType.CUSTOM_SIGNER, new DescribedValue[0]).build();
    static final AllowableValue ATTRIBUTE_DEFINED_REGION = new AllowableValue("attribute-defined-region", "Use 's3.region' Attribute", "Uses 's3.region' FlowFile attribute as region.");
    public static final PropertyDescriptor S3_REGION = new PropertyDescriptor.Builder().fromPropertyDescriptor(AbstractAWSProcessor.REGION).allowableValues(getAvailableS3Regions()).build();
    public static final PropertyDescriptor ENCRYPTION_SERVICE = new PropertyDescriptor.Builder().name("encryption-service").displayName("Encryption Service").description("Specifies the Encryption Service Controller used to configure requests. PutS3Object: For backward compatibility, this value is ignored when 'Server Side Encryption' is set. FetchS3Object: Only needs to be configured in case of Server-side Customer Key, Client-side KMS and Client-side Customer Key encryptions.").required(false).identifiesControllerService(AmazonS3EncryptionService.class).build();
    public static final PropertyDescriptor USE_CHUNKED_ENCODING = new PropertyDescriptor.Builder().name("use-chunked-encoding").displayName("Use Chunked Encoding").description("Enables / disables chunked encoding for upload requests. Set it to false only if your endpoint does not support chunked uploading.").allowableValues(new String[]{"true", "false"}).defaultValue("true").build();
    public static final PropertyDescriptor USE_PATH_STYLE_ACCESS = new PropertyDescriptor.Builder().name("use-path-style-access").displayName("Use Path Style Access").description("Path-style access can be enforced by setting this property to true. Set it to true if your endpoint does not support virtual-hosted-style requests, only path-style requests.").allowableValues(new String[]{"true", "false"}).defaultValue("false").build();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.processors.aws.AbstractAWSCredentialsProviderProcessor
    /* renamed from: createClient, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public AmazonS3Client mo7createClient(ProcessContext processContext, AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration) {
        getLogger().info("Creating client with credentials provider");
        initializeSignerOverride(processContext, clientConfiguration);
        AmazonS3EncryptionService asControllerService = processContext.getProperty(ENCRYPTION_SERVICE).asControllerService(AmazonS3EncryptionService.class);
        AmazonS3Client amazonS3Client = null;
        if (asControllerService != null) {
            amazonS3Client = asControllerService.createEncryptionClient(aWSCredentialsProvider, clientConfiguration);
        }
        if (amazonS3Client == null) {
            amazonS3Client = new AmazonS3Client(aWSCredentialsProvider, clientConfiguration);
        }
        configureClientOptions(processContext, amazonS3Client);
        return amazonS3Client;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.processors.aws.AbstractAWSProcessor
    @Deprecated
    /* renamed from: createClient, reason: merged with bridge method [inline-methods] */
    public AmazonS3Client mo5createClient(ProcessContext processContext, AWSCredentials aWSCredentials, ClientConfiguration clientConfiguration) {
        getLogger().info("Creating client with AWS credentials");
        return mo7createClient(processContext, (AWSCredentialsProvider) new AWSStaticCredentialsProvider(aWSCredentials), clientConfiguration);
    }

    @Override // org.apache.nifi.processors.aws.AbstractAWSCredentialsProviderProcessor
    public List<ConfigVerificationResult> verify(ProcessContext processContext, ComponentLog componentLog, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        try {
            createClient(processContext, map);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).verificationStepName("Create S3 Client").explanation("Successfully created S3 Client").build());
        } catch (Exception e) {
            componentLog.error("Failed to create S3 Client", e);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.FAILED).verificationStepName("Create S3 Client").explanation("Failed to crete S3 Client: " + e.getMessage()).build());
        }
        return arrayList;
    }

    protected AmazonS3Client getS3Client(ProcessContext processContext, Map<String, String> map) {
        return (AmazonS3Client) getClient(processContext, getAwsClientDetails(processContext, map));
    }

    protected AmazonS3Client createClient(ProcessContext processContext, Map<String, String> map) {
        return createClient(processContext, getAwsClientDetails(processContext, map));
    }

    @Override // org.apache.nifi.processors.aws.AbstractAWSProcessor
    @OnScheduled
    public void onScheduled(ProcessContext processContext) {
        if (isAttributeDefinedRegion(processContext)) {
            return;
        }
        getClient(processContext);
    }

    private void configureClientOptions(ProcessContext processContext, AmazonS3Client amazonS3Client) {
        S3ClientOptions.Builder builder = S3ClientOptions.builder();
        Boolean asBoolean = processContext.getProperty(USE_CHUNKED_ENCODING).asBoolean();
        if (asBoolean != null && !asBoolean.booleanValue()) {
            builder.disableChunkedEncoding();
        }
        Boolean asBoolean2 = processContext.getProperty(USE_PATH_STYLE_ACCESS).asBoolean();
        if (asBoolean2 != null && asBoolean2.booleanValue()) {
            builder.setPathStyleAccess(true);
        }
        if (!StringUtils.trimToEmpty(processContext.getProperty(ENDPOINT_OVERRIDE).evaluateAttributeExpressions().getValue()).isEmpty()) {
            builder.setPathStyleAccess(true);
        }
        amazonS3Client.setS3ClientOptions(builder.build());
    }

    private void initializeSignerOverride(ProcessContext processContext, ClientConfiguration clientConfiguration) {
        String value = processContext.getProperty(SIGNER_OVERRIDE).getValue();
        AwsSignerType forValue = AwsSignerType.forValue(value);
        if (forValue == AwsSignerType.CUSTOM_SIGNER) {
            clientConfiguration.setSignerOverride(AwsCustomSignerUtil.registerCustomSigner(processContext.getProperty(S3_CUSTOM_SIGNER_CLASS_NAME).evaluateAttributeExpressions().getValue()));
        } else if (forValue != AwsSignerType.DEFAULT_SIGNER) {
            clientConfiguration.setSignerOverride(value);
        }
    }

    @Override // org.apache.nifi.processors.aws.AbstractAWSProcessor
    protected boolean isCustomSignerConfigured(ProcessContext processContext) {
        return AwsSignerType.forValue(processContext.getProperty(SIGNER_OVERRIDE).getValue()) == AwsSignerType.CUSTOM_SIGNER;
    }

    protected Grantee createGrantee(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        return str.contains("@") ? new EmailAddressGrantee(str) : new CanonicalGrantee(str);
    }

    protected final List<Grantee> createGrantees(String str) {
        if (StringUtils.isEmpty(str)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            Grantee createGrantee = createGrantee(str2.trim());
            if (createGrantee != null) {
                arrayList.add(createGrantee);
            }
        }
        return arrayList;
    }

    protected final AccessControlList createACL(ProcessContext processContext, FlowFile flowFile) {
        String value = processContext.getProperty(OWNER).evaluateAttributeExpressions(flowFile).getValue();
        if (!StringUtils.isEmpty(value)) {
            Owner owner = new Owner();
            owner.setId(value);
            r7 = 0 == 0 ? new AccessControlList() : null;
            r7.setOwner(owner);
        }
        for (Grantee grantee : createGrantees(processContext.getProperty(FULL_CONTROL_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
            if (r7 == null) {
                r7 = new AccessControlList();
            }
            r7.grantPermission(grantee, Permission.FullControl);
        }
        for (Grantee grantee2 : createGrantees(processContext.getProperty(READ_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
            if (r7 == null) {
                r7 = new AccessControlList();
            }
            r7.grantPermission(grantee2, Permission.Read);
        }
        for (Grantee grantee3 : createGrantees(processContext.getProperty(WRITE_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
            if (r7 == null) {
                r7 = new AccessControlList();
            }
            r7.grantPermission(grantee3, Permission.Write);
        }
        for (Grantee grantee4 : createGrantees(processContext.getProperty(READ_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
            if (r7 == null) {
                r7 = new AccessControlList();
            }
            r7.grantPermission(grantee4, Permission.ReadAcp);
        }
        for (Grantee grantee5 : createGrantees(processContext.getProperty(WRITE_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
            if (r7 == null) {
                r7 = new AccessControlList();
            }
            r7.grantPermission(grantee5, Permission.WriteAcp);
        }
        return r7;
    }

    protected FlowFile extractExceptionDetails(Exception exc, ProcessSession processSession, FlowFile flowFile) {
        FlowFile putAttribute = processSession.putAttribute(flowFile, "s3.exception", exc.getClass().getName());
        if (exc instanceof AmazonS3Exception) {
            putAttribute = putAttribute(processSession, putAttribute, "s3.additionalDetails", ((AmazonS3Exception) exc).getAdditionalDetails());
        }
        if (exc instanceof AmazonServiceException) {
            AmazonServiceException amazonServiceException = (AmazonServiceException) exc;
            putAttribute = putAttribute(processSession, putAttribute(processSession, putAttribute(processSession, putAttribute, "s3.statusCode", Integer.valueOf(amazonServiceException.getStatusCode())), "s3.errorCode", amazonServiceException.getErrorCode()), "s3.errorMessage", amazonServiceException.getErrorMessage());
        }
        return putAttribute;
    }

    private FlowFile putAttribute(ProcessSession processSession, FlowFile flowFile, String str, Object obj) {
        return obj == null ? flowFile : processSession.putAttribute(flowFile, str, obj.toString());
    }

    protected final CannedAccessControlList createCannedACL(ProcessContext processContext, FlowFile flowFile) {
        CannedAccessControlList cannedAccessControlList = null;
        String value = processContext.getProperty(CANNED_ACL).evaluateAttributeExpressions(flowFile).getValue();
        if (!StringUtils.isEmpty(value)) {
            cannedAccessControlList = CannedAccessControlList.valueOf(value);
        }
        return cannedAccessControlList;
    }

    private Region parseRegionValue(String str) {
        if (str == null) {
            throw new ProcessException(String.format("[%s] was selected as region source but [%s] attribute does not exist", ATTRIBUTE_DEFINED_REGION, S3_REGION_ATTRIBUTE));
        }
        try {
            return Region.getRegion(Regions.fromName(str));
        } catch (Exception e) {
            throw new ProcessException(String.format("The [%s] attribute contains an invalid region value [%s]", S3_REGION_ATTRIBUTE, str), e);
        }
    }

    private Region resolveRegion(ProcessContext processContext, Map<String, String> map) {
        String value = processContext.getProperty(S3_REGION).getValue();
        if (ATTRIBUTE_DEFINED_REGION.getValue().equals(value)) {
            value = map.get(S3_REGION_ATTRIBUTE);
        }
        return parseRegionValue(value);
    }

    private boolean isAttributeDefinedRegion(ProcessContext processContext) {
        return ATTRIBUTE_DEFINED_REGION.getValue().equals(processContext.getProperty(S3_REGION).getValue());
    }

    private static AllowableValue[] getAvailableS3Regions() {
        return (AllowableValue[]) ArrayUtils.addAll(getAvailableRegions(), new AllowableValue[]{ATTRIBUTE_DEFINED_REGION});
    }

    private AwsClientDetails getAwsClientDetails(ProcessContext processContext, Map<String, String> map) {
        return new AwsClientDetails(resolveRegion(processContext, map));
    }
}
