package org.apache.nifi.processors.aws.credentials.provider.service;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.PropertiesFileCredentialsProvider;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.internal.StaticCredentialsProvider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.AbstractAWSProcessor;
import org.apache.nifi.reporting.InitializationException;

@CapabilityDescription("Defines credentials for Amazon Web Services processors.")
@Tags({"aws", "credentials", "provider"})
/* loaded from: input_file:org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.class */
public class AWSCredentialsProviderControllerService extends AbstractControllerService implements AWSCredentialsProviderService {
    public static final PropertyDescriptor ASSUME_ROLE_ARN = new PropertyDescriptor.Builder().name("Assume Role ARN").expressionLanguageSupported(false).required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).description("The AWS Role ARN for cross account access. This is used in conjunction with role name and session timeout").build();
    public static final PropertyDescriptor ASSUME_ROLE_NAME = new PropertyDescriptor.Builder().name("Assume Role Session Name").expressionLanguageSupported(false).required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).description("The aws role name for cross account access. This is used in conjunction with role arn and session time out").build();
    public static final PropertyDescriptor MAX_SESSION_TIME = new PropertyDescriptor.Builder().name("Session Time").description("Session time for role based session (between 900 and 3600 seconds). This is used in conjunction with role arn and name").defaultValue("3600").required(false).addValidator(StandardValidators.POSITIVE_INTEGER_VALIDATOR).sensitive(false).build();
    private static final List<PropertyDescriptor> properties;
    private volatile AWSCredentialsProvider credentialsProvider;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return properties;
    }

    @Override // org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService
    public AWSCredentialsProvider getCredentialsProvider() throws ProcessException {
        return this.credentialsProvider;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        boolean isSet = validationContext.getProperty(AbstractAWSProcessor.ACCESS_KEY).isSet();
        boolean isSet2 = validationContext.getProperty(AbstractAWSProcessor.SECRET_KEY).isSet();
        boolean isSet3 = validationContext.getProperty(ASSUME_ROLE_ARN).isSet();
        boolean isSet4 = validationContext.getProperty(ASSUME_ROLE_NAME).isSet();
        Integer asInteger = validationContext.getProperty(MAX_SESSION_TIME).asInteger();
        boolean isSet5 = validationContext.getProperty(AbstractAWSProcessor.CREDENTIALS_FILE).isSet();
        ArrayList arrayList = new ArrayList();
        if ((isSet && !isSet2) || (isSet2 && !isSet)) {
            arrayList.add(new ValidationResult.Builder().input("Access Key").valid(false).explanation("If setting Secret Key or Access Key, must set both").build());
        }
        if ((isSet2 || isSet) && isSet5) {
            arrayList.add(new ValidationResult.Builder().input("Access Key").valid(false).explanation("Cannot set both Credentials File and Secret Key/Access Key").build());
        }
        if (isSet3 ^ isSet4) {
            arrayList.add(new ValidationResult.Builder().input("Assume Role Arn and Name").valid(false).explanation("Assume role requires both arn and name to be set").build());
        }
        if (asInteger.intValue() < 900 || asInteger.intValue() > 3600) {
            arrayList.add(new ValidationResult.Builder().valid(false).input(asInteger + "").subject(MAX_SESSION_TIME.getDisplayName() + " can have value only between 900 and 3600 seconds").build());
        }
        return arrayList;
    }

    @OnEnabled
    public void onConfigured(ConfigurationContext configurationContext) throws InitializationException {
        String value = configurationContext.getProperty(AbstractAWSProcessor.ACCESS_KEY).evaluateAttributeExpressions().getValue();
        String value2 = configurationContext.getProperty(AbstractAWSProcessor.SECRET_KEY).evaluateAttributeExpressions().getValue();
        String value3 = configurationContext.getProperty(ASSUME_ROLE_ARN).getValue();
        Integer asInteger = configurationContext.getProperty(MAX_SESSION_TIME).asInteger();
        String value4 = configurationContext.getProperty(ASSUME_ROLE_NAME).getValue();
        String value5 = configurationContext.getProperty(AbstractAWSProcessor.CREDENTIALS_FILE).getValue();
        if (value5 != null) {
            try {
                getLogger().debug("Creating properties file credentials provider");
                this.credentialsProvider = new PropertiesFileCredentialsProvider(value5);
            } catch (Exception e) {
                throw new ProcessException("Could not read Credentials File", e);
            }
        }
        if (this.credentialsProvider == null && value != null && value2 != null) {
            getLogger().debug("Creating static credentials provider");
            this.credentialsProvider = new StaticCredentialsProvider(new BasicAWSCredentials(value, value2));
        }
        if (this.credentialsProvider == null) {
            getLogger().debug("Creating default credentials provider");
            this.credentialsProvider = new DefaultAWSCredentialsProviderChain();
        }
        if (this.credentialsProvider == null || value3 == null || value4 == null) {
            return;
        }
        getLogger().debug("Creating sts assume role session credentials provider");
        this.credentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(value3, value4).withLongLivedCredentialsProvider(this.credentialsProvider).withRoleSessionDurationSeconds(asInteger.intValue()).build();
    }

    public String toString() {
        return "AWSCredentialsProviderService[id=" + getIdentifier() + "]";
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(AbstractAWSProcessor.ACCESS_KEY);
        arrayList.add(AbstractAWSProcessor.SECRET_KEY);
        arrayList.add(AbstractAWSProcessor.CREDENTIALS_FILE);
        arrayList.add(ASSUME_ROLE_ARN);
        arrayList.add(ASSUME_ROLE_NAME);
        arrayList.add(MAX_SESSION_TIME);
        properties = Collections.unmodifiableList(arrayList);
    }
}
