package io.hops.hopsworks.common.featurestore.storageconnectors.s3;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Strings;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.dao.user.security.secrets.SecretsFacade;
import io.hops.hopsworks.common.featurestore.storageconnectors.FeaturestoreStorageConnectorDTO;
import io.hops.hopsworks.common.security.secrets.SecretsController;
import io.hops.hopsworks.common.util.Settings;
import io.hops.hopsworks.exceptions.FeaturestoreException;
import io.hops.hopsworks.exceptions.ProjectException;
import io.hops.hopsworks.exceptions.ServiceException;
import io.hops.hopsworks.exceptions.UserException;
import io.hops.hopsworks.persistence.entity.featurestore.Featurestore;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.s3.FeaturestoreS3Connector;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.s3.FeaturestoreS3ConnectorAccessAndSecretKey;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.s3.FeaturestoreS3ConnectorEncryptionAlgorithm;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.persistence.entity.user.security.secrets.Secret;
import io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId;
import io.hops.hopsworks.persistence.entity.user.security.secrets.VisibilityType;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import org.json.JSONObject;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/featurestore/storageconnectors/s3/FeaturestoreS3ConnectorController.class */
public class FeaturestoreS3ConnectorController {

    @EJB
    private FeaturestoreS3ConnectorFacade featurestoreS3ConnectorFacade;

    @EJB
    private Settings settings;

    @EJB
    private SecretsController secretsController;

    @EJB
    private SecretsFacade secretsFacade;

    @EJB
    private UserFacade userFacade;

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public FeaturestoreS3ConnectorDTO createFeaturestoreS3Connector(Users users, Featurestore featurestore, FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO) throws FeaturestoreException, UserException {
        FeaturestoreS3ConnectorEncryptionAlgorithm encryptionAlgorithm = getEncryptionAlgorithm(featurestoreS3ConnectorDTO.getServerEncryptionAlgorithm());
        verifyUserInput(featurestore, featurestoreS3ConnectorDTO);
        FeaturestoreS3Connector featurestoreS3Connector = new FeaturestoreS3Connector();
        featurestoreS3Connector.setDescription(featurestoreS3ConnectorDTO.getDescription());
        featurestoreS3Connector.setName(featurestoreS3ConnectorDTO.getName());
        featurestoreS3Connector.setBucket(featurestoreS3ConnectorDTO.getBucket());
        featurestoreS3Connector.setFeaturestore(featurestore);
        featurestoreS3Connector.setServerEncryptionAlgorithm(encryptionAlgorithm);
        featurestoreS3Connector.setServerEncryptionKey(featurestoreS3ConnectorDTO.getServerEncryptionKey());
        if (!this.settings.isIAMRoleConfigured()) {
            String createS3AccessAndSecretKeysSecret = createS3AccessAndSecretKeysSecret(featurestoreS3ConnectorDTO.getAccessKey(), featurestoreS3ConnectorDTO.getSecretKey());
            this.secretsController.add(users, createSecretName(featurestore.getId(), featurestoreS3ConnectorDTO.getName()), createS3AccessAndSecretKeysSecret, VisibilityType.PROJECT, featurestore.getProject().getId());
        }
        this.featurestoreS3ConnectorFacade.persist(featurestoreS3Connector);
        FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO2 = new FeaturestoreS3ConnectorDTO(featurestoreS3Connector);
        featurestoreS3ConnectorDTO2.setAccessKey(featurestoreS3ConnectorDTO.getAccessKey());
        featurestoreS3ConnectorDTO2.setSecretKey(featurestoreS3ConnectorDTO.getSecretKey());
        return featurestoreS3ConnectorDTO2;
    }

    private String createSecretName(Integer num, String str) {
        return str.replaceAll(" ", "_").toLowerCase() + "_" + num;
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public FeaturestoreS3ConnectorDTO updateFeaturestoreS3Connector(Users users, Featurestore featurestore, FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO, Integer num) throws FeaturestoreException, UserException {
        FeaturestoreS3Connector verifyS3ConnectorId = verifyS3ConnectorId(num, featurestore);
        String name = verifyS3ConnectorId.getName();
        verifyS3ConnectorName(featurestoreS3ConnectorDTO.getName(), featurestore, true);
        verifyS3ConnectorId.setName(featurestoreS3ConnectorDTO.getName());
        verifyS3ConnectorDescription(featurestoreS3ConnectorDTO.getDescription());
        verifyS3ConnectorId.setDescription(featurestoreS3ConnectorDTO.getDescription());
        verifyS3ConnectorBucket(featurestoreS3ConnectorDTO.getBucket());
        verifyS3ConnectorId.setBucket(featurestoreS3ConnectorDTO.getBucket());
        if (featurestoreS3ConnectorDTO.getServerEncryptionAlgorithm() != null) {
            FeaturestoreS3ConnectorEncryptionAlgorithm encryptionAlgorithm = getEncryptionAlgorithm(featurestoreS3ConnectorDTO.getServerEncryptionAlgorithm());
            verifyS3ConnectorId.setServerEncryptionAlgorithm(encryptionAlgorithm);
            if (encryptionAlgorithm.isRequiresKey()) {
                verifyS3ConnectorServerEncryptionKey(featurestoreS3ConnectorDTO.getServerEncryptionKey());
                verifyS3ConnectorId.setServerEncryptionKey(featurestoreS3ConnectorDTO.getServerEncryptionKey());
            } else {
                verifyS3ConnectorId.setServerEncryptionKey((String) null);
            }
        } else {
            if (!Strings.isNullOrEmpty(featurestoreS3ConnectorDTO.getServerEncryptionKey())) {
                throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SERVER_ENCRYPTION_ALGORITHM, Level.FINE, ", encryption algorithm not provided");
            }
            verifyS3ConnectorId.setServerEncryptionAlgorithm((FeaturestoreS3ConnectorEncryptionAlgorithm) null);
            verifyS3ConnectorId.setServerEncryptionKey((String) null);
        }
        if (featurestore != null) {
            verifyS3ConnectorId.setFeaturestore(featurestore);
        }
        String createSecretName = createSecretName(featurestore.getId(), name);
        String createSecretName2 = createSecretName(featurestore.getId(), verifyS3ConnectorId.getName());
        Optional<Secret> findByName = this.secretsFacade.findByName(createSecretName);
        if (this.settings.isIAMRoleConfigured()) {
            verifySecretAndAccessKeysForIamRole(featurestoreS3ConnectorDTO);
        } else {
            verifyS3ConnectorAccessKey(featurestoreS3ConnectorDTO.getAccessKey());
            verifyS3ConnectorSecretKey(featurestoreS3ConnectorDTO.getSecretKey());
            Secret validateAndCreateSecret = this.secretsController.validateAndCreateSecret(new SecretId(users.getUid(), createSecretName2), users, createS3AccessAndSecretKeysSecret(featurestoreS3ConnectorDTO.getAccessKey(), featurestoreS3ConnectorDTO.getSecretKey()), VisibilityType.PROJECT, featurestore.getProject().getId());
            if (findByName.isPresent() && !createSecretName2.equals(createSecretName)) {
                this.secretsFacade.deleteSecret(findByName.get().getId());
                this.secretsFacade.persist(validateAndCreateSecret);
            } else if (findByName.isPresent()) {
                findByName.get().setSecret(validateAndCreateSecret.getSecret());
                this.secretsFacade.update(findByName.get());
            } else {
                this.secretsFacade.persist(validateAndCreateSecret);
            }
        }
        FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO2 = new FeaturestoreS3ConnectorDTO(this.featurestoreS3ConnectorFacade.updateS3Connector(verifyS3ConnectorId));
        featurestoreS3ConnectorDTO2.setAccessKey(featurestoreS3ConnectorDTO.getSecretKey());
        featurestoreS3ConnectorDTO2.setSecretKey(featurestoreS3ConnectorDTO.getAccessKey());
        return featurestoreS3ConnectorDTO2;
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public FeaturestoreS3ConnectorDTO removeFeaturestoreS3Connector(Users users, Integer num) {
        FeaturestoreS3Connector find = this.featurestoreS3ConnectorFacade.find(num);
        FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO = new FeaturestoreS3ConnectorDTO(find);
        if (!this.settings.isIAMRoleConfigured()) {
            try {
                setAccessAndSecretKeysInDTO(featurestoreS3ConnectorDTO, getS3AccessAndSecretKeySecretForConnector(users, featurestoreS3ConnectorDTO));
            } catch (FeaturestoreException e) {
            }
            this.secretsFacade.findByName(createSecretName(find.getFeaturestore().getId(), find.getName())).ifPresent(secret -> {
                this.secretsFacade.deleteSecret(secret.getId());
            });
        }
        this.featurestoreS3ConnectorFacade.remove(find);
        return featurestoreS3ConnectorDTO;
    }

    private FeaturestoreS3Connector verifyS3ConnectorId(Integer num, Featurestore featurestore) throws FeaturestoreException {
        return this.featurestoreS3ConnectorFacade.findByIdAndFeaturestore(num, featurestore).orElseThrow(() -> {
            return new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.S3_CONNECTOR_NOT_FOUND, Level.FINE, "S3 connector id: " + num);
        });
    }

    private void verifyFeaturestore(Featurestore featurestore) {
        if (featurestore == null) {
            throw new IllegalArgumentException("Featurestore was not found");
        }
    }

    private void verifyS3ConnectorName(String str, Featurestore featurestore, Boolean bool) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_NAME, Level.FINE, ", the storage connector name cannot be empty");
        }
        if (str.length() > 1000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_NAME, Level.FINE, ", the name should be less than 1000 characters.");
        }
        if (!bool.booleanValue() && featurestore.getFeaturestoreS3ConnectorConnections().stream().anyMatch(featurestoreS3Connector -> {
            return featurestoreS3Connector.getName().equalsIgnoreCase(str);
        })) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_NAME, Level.FINE, ", the storage connector name should be unique, there already exists a S3 connector with the same name ");
        }
    }

    private void verifyS3ConnectorDescription(String str) throws FeaturestoreException {
        if (str.length() > 1000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_DESCRIPTION, Level.FINE, ", the description should be less than: 1000");
        }
    }

    private void verifyS3ConnectorBucket(String str) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str) || str.length() > 5000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_BUCKET, Level.FINE, ", the S3 bucket string should not be empty and not exceed: 5000 characters");
        }
    }

    private void verifyS3ConnectorAccessKey(String str) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_ACCESS_KEY, Level.FINE, "The S3 access key cannot be empty and must be less than 1000");
        }
        if (str.length() > 1000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_ACCESS_KEY, Level.FINE, ", the S3 access key should not exceed: 1000 characters");
        }
    }

    private void verifyS3ConnectorSecretKey(String str) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SECRET_KEY, Level.FINE, "The S3 secret key cannot be empty and must be less than 1000");
        }
        if (str.length() > 1000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SECRET_KEY, Level.FINE, ", the S3 secret key should not exceed: 1000 characters");
        }
    }

    private void verifyS3ConnectorServerEncryptionKey(String str) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SERVER_ENCRYPTION_KEY, Level.FINE, "S3 server encryption key cannot be empty");
        }
        if (str.length() > 1000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SERVER_ENCRYPTION_KEY, Level.FINE, ", the S3 server encryption key should not exceed: 1000 characters");
        }
    }

    private void verifyUserInput(Featurestore featurestore, FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO) throws FeaturestoreException {
        if (featurestoreS3ConnectorDTO == null) {
            throw new IllegalArgumentException("Null input data");
        }
        verifyFeaturestore(featurestore);
        verifyS3ConnectorName(featurestoreS3ConnectorDTO.getName(), featurestore, false);
        verifyS3ConnectorDescription(featurestoreS3ConnectorDTO.getDescription());
        verifyS3ConnectorBucket(featurestoreS3ConnectorDTO.getBucket());
        if (this.settings.isIAMRoleConfigured()) {
            verifySecretAndAccessKeysForIamRole(featurestoreS3ConnectorDTO);
        } else {
            verifyS3ConnectorAccessKey(featurestoreS3ConnectorDTO.getAccessKey());
            verifyS3ConnectorSecretKey(featurestoreS3ConnectorDTO.getSecretKey());
        }
        FeaturestoreS3ConnectorEncryptionAlgorithm encryptionAlgorithm = getEncryptionAlgorithm(featurestoreS3ConnectorDTO.getServerEncryptionAlgorithm());
        if (encryptionAlgorithm == null) {
            if (!Strings.isNullOrEmpty(featurestoreS3ConnectorDTO.getServerEncryptionKey())) {
                throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SERVER_ENCRYPTION_ALGORITHM, Level.FINE, ", encryption algorithm not provided");
            }
        } else if (encryptionAlgorithm.isRequiresKey()) {
            verifyS3ConnectorServerEncryptionKey(featurestoreS3ConnectorDTO.getServerEncryptionKey());
        } else {
            featurestoreS3ConnectorDTO.setServerEncryptionKey(null);
        }
    }

    private void verifySecretAndAccessKeysForIamRole(FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO) throws FeaturestoreException {
        if (!Strings.isNullOrEmpty(featurestoreS3ConnectorDTO.getAccessKey()) || !Strings.isNullOrEmpty(featurestoreS3ConnectorDTO.getSecretKey())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.S3_KEYS_FORBIDDEN, Level.FINE, "S3 Access Keys are not allowed");
        }
    }

    private FeaturestoreS3ConnectorEncryptionAlgorithm getEncryptionAlgorithm(String str) throws FeaturestoreException {
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        try {
            return FeaturestoreS3ConnectorEncryptionAlgorithm.fromValue(str);
        } catch (IllegalArgumentException e) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_S3_CONNECTOR_SERVER_ENCRYPTION_ALGORITHM, Level.FINE, ", " + e.getMessage());
        }
    }

    public String createS3AccessAndSecretKeysSecret(String str, String str2) {
        return new JSONObject(new FeaturestoreS3ConnectorAccessAndSecretKey(str, str2)).toString();
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public List<FeaturestoreStorageConnectorDTO> getS3ConnectorsForFeaturestore(Users users, Featurestore featurestore) throws FeaturestoreException {
        ArrayList arrayList = new ArrayList();
        Iterator<FeaturestoreS3Connector> it = this.featurestoreS3ConnectorFacade.findByFeaturestore(featurestore).iterator();
        while (it.hasNext()) {
            FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO = new FeaturestoreS3ConnectorDTO(it.next());
            if (!this.settings.isIAMRoleConfigured()) {
                setAccessAndSecretKeysInDTO(featurestoreS3ConnectorDTO, getS3AccessAndSecretKeySecretForConnector(users, featurestoreS3ConnectorDTO));
            }
            arrayList.add(featurestoreS3ConnectorDTO);
        }
        return arrayList;
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public FeaturestoreS3ConnectorDTO getS3ConnectorWithIdAndFeaturestore(Users users, Featurestore featurestore, Integer num) throws FeaturestoreException {
        FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO = new FeaturestoreS3ConnectorDTO(verifyS3ConnectorId(num, featurestore));
        if (!this.settings.isIAMRoleConfigured()) {
            setAccessAndSecretKeysInDTO(featurestoreS3ConnectorDTO, getS3AccessAndSecretKeySecretForConnector(users, featurestoreS3ConnectorDTO));
        }
        return featurestoreS3ConnectorDTO;
    }

    private FeaturestoreS3ConnectorAccessAndSecretKey getS3AccessAndSecretKeySecretForConnector(Users users, FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO) throws FeaturestoreException {
        String createSecretName = createSecretName(featurestoreS3ConnectorDTO.getFeaturestoreId(), featurestoreS3ConnectorDTO.getName());
        try {
            return (FeaturestoreS3ConnectorAccessAndSecretKey) new ObjectMapper().readValue(this.secretsController.getShared(users, this.userFacade.find(this.secretsFacade.findByName(createSecretName).orElseThrow(() -> {
                return new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ERROR_GETTING_S3_CONNECTOR_ACCESS_AND_SECRET_KEY_FROM_SECRET, Level.FINE, "Could not find the secret name for connector " + featurestoreS3ConnectorDTO.getName());
            }).getId().getUid()).getUsername(), createSecretName).getPlaintext(), FeaturestoreS3ConnectorAccessAndSecretKey.class);
        } catch (UserException | ProjectException | ServiceException | IOException e) {
            return new FeaturestoreS3ConnectorAccessAndSecretKey();
        }
    }

    private void setAccessAndSecretKeysInDTO(FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO, FeaturestoreS3ConnectorAccessAndSecretKey featurestoreS3ConnectorAccessAndSecretKey) {
        featurestoreS3ConnectorDTO.setAccessKey(featurestoreS3ConnectorAccessAndSecretKey.getAccessKey());
        featurestoreS3ConnectorDTO.setSecretKey(featurestoreS3ConnectorAccessAndSecretKey.getSecretKey());
    }
}
