package org.apache.nifi.processors.aws.v2;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.net.Proxy;
import java.net.URI;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.migration.PropertyConfiguration;
import org.apache.nifi.migration.ProxyServiceMigration;
import org.apache.nifi.processor.AbstractSessionFactoryProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.VerifiableProcessor;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService;
import org.apache.nifi.proxy.ProxyConfiguration;
import org.apache.nifi.proxy.ProxySpec;
import org.apache.nifi.ssl.SSLContextProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
import software.amazon.awssdk.core.SdkClient;
import software.amazon.awssdk.core.client.builder.SdkClientBuilder;
import software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
import software.amazon.awssdk.core.retry.RetryPolicy;
import software.amazon.awssdk.http.TlsKeyManagersProvider;
import software.amazon.awssdk.http.TlsTrustManagersProvider;
import software.amazon.awssdk.regions.Region;

/* loaded from: input_file:org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.class */
public abstract class AbstractAwsProcessor<T extends SdkClient> extends AbstractSessionFactoryProcessor implements VerifiableProcessor {
    private static final String CREDENTIALS_SERVICE_CLASSNAME = "org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService";
    private static final String OBSOLETE_ACCESS_KEY = "Access Key";
    private static final String OBSOLETE_SECRET_KEY = "Secret Key";
    private static final String OBSOLETE_CREDENTIALS_FILE = "Credentials File";
    private static final String OBSOLETE_PROXY_HOST = "Proxy Host";
    private static final String OBSOLETE_PROXY_PORT = "Proxy Host Port";
    private static final String OBSOLETE_PROXY_USERNAME = "proxy-user-name";
    private static final String OBSOLETE_PROXY_PASSWORD = "proxy-user-password";
    private static final String AUTH_SERVICE_ACCESS_KEY = "Access Key";
    private static final String AUTH_SERVICE_SECRET_KEY = "Secret Key";
    private static final String AUTH_SERVICE_CREDENTIALS_FILE = "Credentials File";
    private static final String AUTH_SERVICE_ANONYMOUS_CREDENTIALS = "anonymous-credentials";
    public static final Relationship REL_SUCCESS = new Relationship.Builder().name("success").description("FlowFiles are routed to success relationship").build();
    public static final Relationship REL_FAILURE = new Relationship.Builder().name("failure").description("FlowFiles are routed to failure relationship").build();
    private static final Set<Relationship> RELATIONSHIPS = Set.of(REL_SUCCESS, REL_FAILURE);
    public static final PropertyDescriptor REGION = new PropertyDescriptor.Builder().name("Region").required(true).allowableValues(RegionUtilV2.getAvailableRegions()).defaultValue(RegionUtilV2.createAllowableValue(Region.US_WEST_2).getValue()).build();
    public static final PropertyDescriptor TIMEOUT = new PropertyDescriptor.Builder().name("Communications Timeout").required(true).addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).defaultValue("30 secs").build();
    public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder().name("SSL Context Service").description("Specifies an optional SSL Context Service that, if provided, will be used to create connections").required(false).identifiesControllerService(SSLContextProvider.class).build();
    public static final PropertyDescriptor ENDPOINT_OVERRIDE = new PropertyDescriptor.Builder().name("Endpoint Override URL").description("Endpoint URL to use instead of the AWS default including scheme, host, port, and path. The AWS libraries select an endpoint URL based on the AWS region, but this property overrides the selected endpoint URL, allowing use with other S3-compatible endpoints.").expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT).required(false).addValidator(StandardValidators.URL_VALIDATOR).build();
    public static final PropertyDescriptor AWS_CREDENTIALS_PROVIDER_SERVICE = new PropertyDescriptor.Builder().name("AWS Credentials Provider service").displayName("AWS Credentials Provider Service").description("The Controller Service that is used to obtain AWS credentials provider").required(true).identifiesControllerService(AWSCredentialsProviderService.class).build();
    public static final PropertyDescriptor PROXY_CONFIGURATION_SERVICE = ProxyConfiguration.createProxyConfigPropertyDescriptor(new ProxySpec[]{ProxySpec.HTTP, ProxySpec.HTTP_AUTH});
    protected static final String DEFAULT_USER_AGENT = "NiFi";
    private final Cache<Region, T> clientCache = Caffeine.newBuilder().build();

    protected abstract <B extends AwsClientBuilder> void configureHttpClient(B b, ProcessContext processContext);

    public void onTrigger(ProcessContext processContext, ProcessSessionFactory processSessionFactory) throws ProcessException {
        ProcessSession createSession = processSessionFactory.createSession();
        try {
            onTrigger(processContext, createSession);
            createSession.commitAsync();
        } catch (Throwable th) {
            createSession.rollback(true);
            throw th;
        }
    }

    public abstract void onTrigger(ProcessContext processContext, ProcessSession processSession) throws ProcessException;

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public void migrateProperties(PropertyConfiguration propertyConfiguration) {
        migrateAuthenticationProperties(propertyConfiguration);
        ProxyServiceMigration.migrateProxyProperties(propertyConfiguration, PROXY_CONFIGURATION_SERVICE, OBSOLETE_PROXY_HOST, OBSOLETE_PROXY_PORT, OBSOLETE_PROXY_USERNAME, OBSOLETE_PROXY_PASSWORD);
    }

    private void migrateAuthenticationProperties(PropertyConfiguration propertyConfiguration) {
        if (!propertyConfiguration.isPropertySet(AWS_CREDENTIALS_PROVIDER_SERVICE)) {
            if (propertyConfiguration.isPropertySet("Access Key") && propertyConfiguration.isPropertySet("Secret Key")) {
                propertyConfiguration.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE.getName(), propertyConfiguration.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of("Access Key", (String) propertyConfiguration.getRawPropertyValue("Access Key").get(), "Secret Key", (String) propertyConfiguration.getRawPropertyValue("Secret Key").get())));
            } else if (propertyConfiguration.isPropertySet("Credentials File")) {
                propertyConfiguration.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, propertyConfiguration.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of("Credentials File", (String) propertyConfiguration.getRawPropertyValue("Credentials File").get())));
            } else {
                propertyConfiguration.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, propertyConfiguration.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(AUTH_SERVICE_ANONYMOUS_CREDENTIALS, "true")));
            }
        }
        propertyConfiguration.removeProperty("Access Key");
        propertyConfiguration.removeProperty("Secret Key");
        propertyConfiguration.removeProperty("Credentials File");
    }

    @OnScheduled
    public void onScheduled(ProcessContext processContext) {
        getClient(processContext);
    }

    @OnStopped
    public void onStopped() {
        this.clientCache.asMap().values().forEach((v0) -> {
            v0.close();
        });
        this.clientCache.invalidateAll();
        this.clientCache.cleanUp();
    }

    public List<ConfigVerificationResult> verify(ProcessContext processContext, ComponentLog componentLog, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        try {
            T createClient = createClient(processContext);
            try {
                arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).verificationStepName("Create Client").explanation("Successfully created AWS Client").build());
                if (createClient != null) {
                    createClient.close();
                }
            } finally {
            }
        } catch (Exception e) {
            componentLog.error("Failed to create AWS Client", e);
            arrayList.add(new ConfigVerificationResult.Builder().outcome(ConfigVerificationResult.Outcome.FAILED).verificationStepName("Create Client").explanation("Failed to crete AWS Client: " + e.getMessage()).build());
        }
        return arrayList;
    }

    protected T getClient(ProcessContext processContext, Region region) {
        return (T) this.clientCache.get(region, region2 -> {
            return createClient(processContext, region);
        });
    }

    protected T getClient(ProcessContext processContext) {
        return getClient(processContext, getRegion(processContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <C extends SdkClient, B extends AwsClientBuilder<B, C>> void configureClientBuilder(B b, Region region, ProcessContext processContext) {
        configureClientBuilder(b, region, processContext, ENDPOINT_OVERRIDE);
    }

    protected <C extends SdkClient, B extends AwsClientBuilder<B, C>> void configureClientBuilder(B b, Region region, ProcessContext processContext, PropertyDescriptor propertyDescriptor) {
        b.overrideConfiguration(builder -> {
            builder.putAdvancedOption(SdkAdvancedClientOption.USER_AGENT_PREFIX, DEFAULT_USER_AGENT);
        });
        b.overrideConfiguration(builder2 -> {
            builder2.retryPolicy(RetryPolicy.none());
        });
        configureHttpClient(b, processContext);
        if (region != null) {
            b.region(region);
        }
        configureEndpoint(processContext, b, propertyDescriptor);
        b.credentialsProvider(getCredentialsProvider(processContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSdkHttpClient(ProcessContext processContext, AwsHttpClientConfigurer awsHttpClientConfigurer) {
        SSLContextProvider asControllerService;
        TlsKeyManagersProvider tlsKeyManagersProvider;
        awsHttpClientConfigurer.configureBasicSettings(Duration.ofMillis(processContext.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()), processContext.getMaxConcurrentTasks());
        if (getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE) && (asControllerService = processContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextProvider.class)) != null) {
            TrustManager[] trustManagerArr = {asControllerService.createTrustManager()};
            TlsTrustManagersProvider tlsTrustManagersProvider = () -> {
                return trustManagerArr;
            };
            Optional createKeyManager = asControllerService.createKeyManager();
            if (createKeyManager.isPresent()) {
                KeyManager[] keyManagerArr = {(X509ExtendedKeyManager) createKeyManager.get()};
                tlsKeyManagersProvider = () -> {
                    return keyManagerArr;
                };
            } else {
                tlsKeyManagersProvider = null;
            }
            awsHttpClientConfigurer.configureTls(tlsTrustManagersProvider, tlsKeyManagersProvider);
        }
        ProxyConfiguration configuration = ProxyConfiguration.getConfiguration(processContext);
        if (Proxy.Type.HTTP.equals(configuration.getProxyType())) {
            awsHttpClientConfigurer.configureProxy(configuration);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Region getRegion(ProcessContext processContext) {
        Region region;
        if (getSupportedPropertyDescriptors().contains(REGION)) {
            String value = processContext.getProperty(REGION).getValue();
            region = value != null ? Region.of(value) : null;
        } else {
            region = null;
        }
        return region;
    }

    protected void configureEndpoint(ProcessContext processContext, SdkClientBuilder<?, ?> sdkClientBuilder, PropertyDescriptor propertyDescriptor) {
        if (propertyDescriptor == null || !getSupportedPropertyDescriptors().contains(propertyDescriptor)) {
            return;
        }
        String trimToEmpty = StringUtils.trimToEmpty(processContext.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue());
        if (trimToEmpty.isEmpty()) {
            return;
        }
        getLogger().info("Overriding endpoint with {}", new Object[]{trimToEmpty});
        sdkClientBuilder.endpointOverride(URI.create(trimToEmpty));
    }

    protected AwsCredentialsProvider getCredentialsProvider(ProcessContext processContext) {
        return processContext.getProperty(AWS_CREDENTIALS_PROVIDER_SERVICE).asControllerService(AWSCredentialsProviderService.class).getAwsCredentialsProvider();
    }

    protected T createClient(ProcessContext processContext) {
        return createClient(processContext, getRegion(processContext));
    }

    protected abstract T createClient(ProcessContext processContext, Region region);
}
