package org.apache.nifi.processors.gcp.storage;

import com.google.api.gax.retrying.RetrySettings;
import com.google.api.gax.rpc.FixedHeaderProvider;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.cloud.BaseServiceException;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;
import com.google.common.collect.ImmutableMap;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.VerifiableProcessor;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.gcp.AbstractGCPProcessor;
import org.apache.nifi.processors.gcp.ProxyAwareTransportFactory;
import org.apache.nifi.proxy.ProxyConfiguration;

/* loaded from: input_file:org/apache/nifi/processors/gcp/storage/AbstractGCSProcessor.class */
public abstract class AbstractGCSProcessor extends AbstractGCPProcessor<Storage, StorageOptions> implements VerifiableProcessor {
    public static final Relationship REL_SUCCESS = new Relationship.Builder().name("success").description("FlowFiles are routed to this relationship after a successful Google Cloud Storage operation.").build();
    public static final Relationship REL_FAILURE = new Relationship.Builder().name("failure").description("FlowFiles are routed to this relationship if the Google Cloud Storage operation fails.").build();
    public static final Set<Relationship> RELATIONSHIPS = Set.of(REL_SUCCESS, REL_FAILURE);
    public static final PropertyDescriptor STORAGE_API_URL = new PropertyDescriptor.Builder().name("storage-api-url").displayName("Storage API URL").description("Overrides the default storage URL. Configuring an alternative Storage API URL also overrides the HTTP Host header on requests as described in the Google documentation for Private Service Connections.").addValidator(StandardValidators.URL_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT).required(false).build();

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public List<ConfigVerificationResult> verify(ProcessContext processContext, ComponentLog componentLog, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(verifyCloudService(processContext, componentLog, map));
        Storage cloudService = getCloudService(processContext);
        if (cloudService != null) {
            try {
                String bucketName = getBucketName(processContext, map);
                List<String> requiredPermissions = getRequiredPermissions();
                if (cloudService.testIamPermissions(bucketName, requiredPermissions, new Storage.BucketSourceOption[0]).size() >= requiredPermissions.size()) {
                    arrayList.add(new ConfigVerificationResult.Builder().verificationStepName("Test IAM Permissions").outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).explanation(String.format("Verified Bucket [%s] exists and the configured user has the correct permissions.", bucketName)).build());
                } else {
                    arrayList.add(new ConfigVerificationResult.Builder().verificationStepName("Test IAM Permissions").outcome(ConfigVerificationResult.Outcome.FAILED).explanation(String.format("The configured user does not have the correct permissions on Bucket [%s].", bucketName)).build());
                }
            } catch (BaseServiceException e) {
                componentLog.error("The configured user appears to have the correct permissions, but the following error was encountered", e);
                arrayList.add(new ConfigVerificationResult.Builder().verificationStepName("Test IAM Permissions").outcome(ConfigVerificationResult.Outcome.FAILED).explanation(String.format("The configured user appears to have the correct permissions, but the following error was encountered: " + e.getMessage(), new Object[0])).build());
            }
        }
        return arrayList;
    }

    protected final Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        Collection<ValidationResult> customValidate = super.customValidate(validationContext);
        ProxyConfiguration.validateProxySpec(validationContext, customValidate, ProxyAwareTransportFactory.PROXY_SPECS);
        customValidate(validationContext, customValidate);
        return customValidate;
    }

    protected void customValidate(ValidationContext validationContext, Collection<ValidationResult> collection) {
    }

    protected abstract List<String> getRequiredPermissions();

    protected String getBucketName(ProcessContext processContext, Map<String, String> map) {
        return processContext.getProperty("gcs-bucket").evaluateAttributeExpressions(map).getValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.processors.gcp.AbstractGCPProcessor
    public StorageOptions getServiceOptions(ProcessContext processContext, GoogleCredentials googleCredentials) {
        String value = processContext.getProperty(PROJECT_ID).evaluateAttributeExpressions().getValue();
        String value2 = processContext.getProperty(STORAGE_API_URL).evaluateAttributeExpressions().getValue();
        StorageOptions.Builder retrySettings = StorageOptions.newBuilder().setCredentials(googleCredentials).setRetrySettings(RetrySettings.newBuilder().setMaxAttempts(processContext.getProperty(RETRY_COUNT).asInteger().intValue()).build());
        if (value != null && !value.isEmpty()) {
            retrySettings.setProjectId(value);
        }
        if (value2 != null && !value2.isEmpty()) {
            retrySettings.setHost(value2);
            retrySettings.setHeaderProvider(FixedHeaderProvider.create(ImmutableMap.of("Host", "www.googleapis.com")));
        }
        return retrySettings.setTransportOptions(getTransportOptions(processContext)).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTransitUri(String str, String str2, String str3) {
        URI create = URI.create(str);
        return String.format("%s://%s.%s/%s", create.getScheme(), str2, create.getHost(), str3);
    }
}
