package io.hops.hopsworks.common.featurestore.storageconnectors.redshift;

import com.google.common.base.Strings;
import io.hops.hopsworks.common.dao.kafka.KafkaConst;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.dao.user.security.secrets.SecretsFacade;
import io.hops.hopsworks.common.security.secrets.SecretsController;
import io.hops.hopsworks.common.util.Settings;
import io.hops.hopsworks.exceptions.FeaturestoreException;
import io.hops.hopsworks.exceptions.ProjectException;
import io.hops.hopsworks.exceptions.ServiceException;
import io.hops.hopsworks.exceptions.UserException;
import io.hops.hopsworks.persistence.entity.featurestore.Featurestore;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.FeaturestoreConnector;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.redshift.FeatureStoreRedshiftConnector;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.persistence.entity.user.security.secrets.Secret;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.transaction.Transactional;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/featurestore/storageconnectors/redshift/FeaturestoreRedshiftConnectorController.class */
public class FeaturestoreRedshiftConnectorController {
    private static final Logger LOGGER = Logger.getLogger(FeaturestoreRedshiftConnectorController.class.getName());

    @EJB
    private SecretsController secretsController;

    @EJB
    private SecretsFacade secretsFacade;

    @EJB
    private Settings settings;

    @EJB
    private UserFacade userFacade;

    public FeaturestoreRedshiftConnectorDTO getRedshiftConnectorDTO(Users users, FeaturestoreConnector featurestoreConnector) {
        FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO = new FeaturestoreRedshiftConnectorDTO(featurestoreConnector);
        featurestoreRedshiftConnectorDTO.setDatabasePassword(getDatabasePassword(featurestoreConnector.getRedshiftConnector(), users));
        return featurestoreRedshiftConnectorDTO;
    }

    public FeatureStoreRedshiftConnector createFeaturestoreRedshiftConnector(Users users, Featurestore featurestore, FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO) throws FeaturestoreException, UserException, ProjectException {
        verifyCreateDTO(featurestoreRedshiftConnectorDTO);
        FeatureStoreRedshiftConnector featureStoreRedshiftConnector = new FeatureStoreRedshiftConnector();
        setConnector(featureStoreRedshiftConnector, featurestoreRedshiftConnectorDTO);
        setPassword(users, featurestoreRedshiftConnectorDTO, featurestore, featureStoreRedshiftConnector);
        return featureStoreRedshiftConnector;
    }

    private void setConnector(FeatureStoreRedshiftConnector featureStoreRedshiftConnector, FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO) {
        featureStoreRedshiftConnector.setClusterIdentifier(getValueOrNull(featurestoreRedshiftConnectorDTO.getClusterIdentifier()));
        featureStoreRedshiftConnector.setDatabaseDriver(getValueOrNull(featurestoreRedshiftConnectorDTO.getDatabaseDriver()));
        featureStoreRedshiftConnector.setDatabaseEndpoint(getValueOrNull(featurestoreRedshiftConnectorDTO.getDatabaseEndpoint()));
        featureStoreRedshiftConnector.setDatabaseName(getValueOrNull(featurestoreRedshiftConnectorDTO.getDatabaseName()));
        featureStoreRedshiftConnector.setDatabasePort(featurestoreRedshiftConnectorDTO.getDatabasePort().intValue());
        featureStoreRedshiftConnector.setTableName(getValueOrNull(featurestoreRedshiftConnectorDTO.getTableName()));
        featureStoreRedshiftConnector.setDatabaseUserName(getValueOrNull(featurestoreRedshiftConnectorDTO.getDatabaseUserName()));
        featureStoreRedshiftConnector.setIamRole(getValueOrNull(featurestoreRedshiftConnectorDTO.getIamRole()));
        featureStoreRedshiftConnector.setAutoCreate(featurestoreRedshiftConnectorDTO.getAutoCreate());
        featureStoreRedshiftConnector.setDatabaseGroup(getValueOrNull(featurestoreRedshiftConnectorDTO.getDatabaseGroup()));
        featureStoreRedshiftConnector.setArguments(getValueOrNull(featurestoreRedshiftConnectorDTO.getArguments()));
    }

    private boolean isNullOrWhitespace(String str) {
        return Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str.trim());
    }

    private String getValueOrNull(String str) {
        if (isNullOrWhitespace(str)) {
            return null;
        }
        return str.trim();
    }

    private void setPassword(Users users, FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO, Featurestore featurestore, FeatureStoreRedshiftConnector featureStoreRedshiftConnector) throws UserException, ProjectException {
        if (Strings.isNullOrEmpty(featurestoreRedshiftConnectorDTO.getDatabasePassword())) {
            return;
        }
        featureStoreRedshiftConnector.setSecret(this.secretsController.createSecretForProject(users, createSecretName(featurestore, featurestoreRedshiftConnectorDTO.getName()), featurestoreRedshiftConnectorDTO.getDatabasePassword(), featurestore.getProject().getId()));
    }

    private String createSecretName(Featurestore featurestore, String str) {
        return "redshift_" + str.replaceAll(" ", "_").toLowerCase() + "_" + featurestore.getId();
    }

    private void verifyCreateDTO(FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO) throws FeaturestoreException {
        if (featurestoreRedshiftConnectorDTO == null) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Null input data");
        }
        if (isNullOrWhitespace(featurestoreRedshiftConnectorDTO.getClusterIdentifier())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Cluster identifier can not be empty.");
        }
        if (isNullOrWhitespace(featurestoreRedshiftConnectorDTO.getDatabaseDriver())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database driver can not be empty.");
        }
        if (isNullOrWhitespace(featurestoreRedshiftConnectorDTO.getDatabaseEndpoint())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database endpoint can not be empty.");
        }
        if (isNullOrWhitespace(featurestoreRedshiftConnectorDTO.getDatabaseName())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database name can not be empty.");
        }
        if (featurestoreRedshiftConnectorDTO.getDatabasePort() == null || featurestoreRedshiftConnectorDTO.getDatabasePort().intValue() < 1150 || featurestoreRedshiftConnectorDTO.getDatabasePort().intValue() > 65535) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database port should be between 1150 and 65535.");
        }
        if (isNullOrWhitespace(featurestoreRedshiftConnectorDTO.getDatabaseUserName())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database username can not be empty.");
        }
        if (!Strings.isNullOrEmpty(featurestoreRedshiftConnectorDTO.getArguments()) && featurestoreRedshiftConnectorDTO.getArguments().length() > 2000) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Redshift connection arguments should not exceed: 2000 characters");
        }
        verifyPassword(featurestoreRedshiftConnectorDTO);
    }

    private void verifyPassword(FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO) throws FeaturestoreException {
        verifyPassword(featurestoreRedshiftConnectorDTO.getIamRole(), featurestoreRedshiftConnectorDTO.getDatabasePassword());
    }

    private void verifyPassword(String str, String str2) throws FeaturestoreException {
        boolean z = !this.settings.isIAMRoleConfigured() && Strings.isNullOrEmpty(str);
        if (z && Strings.isNullOrEmpty(str2)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database password not set.");
        }
        if (!z && !Strings.isNullOrEmpty(str2)) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database password is not allowed.");
        }
    }

    private void verifyPassword(String str, Secret secret) throws FeaturestoreException {
        boolean z = !this.settings.isIAMRoleConfigured() && Strings.isNullOrEmpty(str);
        if (z && secret == null) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database password not set.");
        }
        if (!z && secret != null) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database password is not allowed.");
        }
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    @Transactional(rollbackOn = {FeaturestoreException.class})
    public FeatureStoreRedshiftConnector updateFeaturestoreRedshiftConnector(Users users, Featurestore featurestore, FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO, FeatureStoreRedshiftConnector featureStoreRedshiftConnector) throws FeaturestoreException, UserException, ProjectException {
        verifyCreateDTO(featurestoreRedshiftConnectorDTO);
        setConnector(featureStoreRedshiftConnector, featurestoreRedshiftConnectorDTO);
        Secret secret = null;
        if (shouldUpdate(getDatabasePassword(featureStoreRedshiftConnector, users), featurestoreRedshiftConnectorDTO.getDatabasePassword())) {
            secret = updatePassword(users, featurestoreRedshiftConnectorDTO, featurestore, featureStoreRedshiftConnector);
        }
        verifyPassword(featureStoreRedshiftConnector.getIamRole(), featureStoreRedshiftConnector.getSecret());
        if (featureStoreRedshiftConnector.getSecret() == null && secret != null) {
            this.secretsFacade.deleteSecret(secret.getId());
        }
        return featureStoreRedshiftConnector;
    }

    private Secret updatePassword(Users users, FeaturestoreRedshiftConnectorDTO featurestoreRedshiftConnectorDTO, Featurestore featurestore, FeatureStoreRedshiftConnector featureStoreRedshiftConnector) throws UserException, ProjectException {
        Secret secret = featureStoreRedshiftConnector.getSecret();
        if (secret != null) {
            this.secretsController.checkCanAccessSecret(secret, users);
        }
        if (secret == null && !Strings.isNullOrEmpty(featurestoreRedshiftConnectorDTO.getDatabasePassword())) {
            setPassword(users, featurestoreRedshiftConnectorDTO, featurestore, featureStoreRedshiftConnector);
        } else if (Strings.isNullOrEmpty(featurestoreRedshiftConnectorDTO.getDatabasePassword())) {
            featureStoreRedshiftConnector.setSecret((Secret) null);
        } else {
            try {
                secret.setSecret(this.secretsController.encryptSecret(featurestoreRedshiftConnectorDTO.getDatabasePassword()));
            } catch (IOException | GeneralSecurityException e) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + secret.getId().getName(), e);
            }
        }
        return secret;
    }

    private boolean shouldUpdate(String str, String str2) {
        return (str == null && str2 != null) || !(str == null || str.equals(str2));
    }

    private String getDatabasePassword(FeatureStoreRedshiftConnector featureStoreRedshiftConnector, Users users) {
        if (featureStoreRedshiftConnector.getSecret() == null) {
            return null;
        }
        try {
            return this.secretsController.getShared(users, this.userFacade.find(featureStoreRedshiftConnector.getSecret().getId().getUid()), featureStoreRedshiftConnector.getSecret().getId().getName()).getPlaintext();
        } catch (UserException | ServiceException | ProjectException e) {
            return KafkaConst.KAFKA_ENDPOINT_IDENTIFICATION_ALGORITHM;
        }
    }
}
