package io.hops.hopsworks.common.featurestore.storageconnectors.snowflake;

import com.google.common.base.Strings;
import io.hops.hopsworks.common.dao.kafka.KafkaConst;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.featurestore.OptionDTO;
import io.hops.hopsworks.common.security.secrets.SecretsController;
import io.hops.hopsworks.exceptions.FeaturestoreException;
import io.hops.hopsworks.exceptions.ProjectException;
import io.hops.hopsworks.exceptions.ServiceException;
import io.hops.hopsworks.exceptions.UserException;
import io.hops.hopsworks.persistence.entity.featurestore.Featurestore;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.FeaturestoreConnector;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.snowflake.FeaturestoreSnowflakeConnector;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.persistence.entity.user.security.secrets.Secret;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.transaction.Transactional;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/featurestore/storageconnectors/snowflake/FeaturestoreSnowflakeConnectorController.class */
public class FeaturestoreSnowflakeConnectorController {
    private static final Logger LOGGER = Logger.getLogger(FeaturestoreSnowflakeConnectorController.class.getName());

    @EJB
    private SecretsController secretsController;

    @EJB
    private UserFacade userFacade;

    public FeaturestoreSnowflakeConnectorDTO getConnector(Users users, FeaturestoreConnector featurestoreConnector) {
        FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO = new FeaturestoreSnowflakeConnectorDTO(featurestoreConnector);
        featurestoreSnowflakeConnectorDTO.setSfOptions(toOptions(featurestoreConnector.getSnowflakeConnector().getArguments()));
        featurestoreSnowflakeConnectorDTO.setPassword(getSecret(users, featurestoreConnector.getSnowflakeConnector().getPwdSecret()));
        featurestoreSnowflakeConnectorDTO.setToken(getSecret(users, featurestoreConnector.getSnowflakeConnector().getTokenSecret()));
        return featurestoreSnowflakeConnectorDTO;
    }

    public FeaturestoreSnowflakeConnector createConnector(Users users, Featurestore featurestore, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO) throws FeaturestoreException, UserException, ProjectException {
        verifyConnectorDTO(featurestoreSnowflakeConnectorDTO);
        Secret createSecret = createSecret(users, featurestore, featurestoreSnowflakeConnectorDTO);
        FeaturestoreSnowflakeConnector featurestoreSnowflakeConnector = new FeaturestoreSnowflakeConnector();
        setConnector(featurestoreSnowflakeConnector, createSecret, featurestoreSnowflakeConnectorDTO);
        return featurestoreSnowflakeConnector;
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    @Transactional(rollbackOn = {FeaturestoreException.class})
    public FeaturestoreSnowflakeConnector updateConnector(Users users, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO, FeaturestoreSnowflakeConnector featurestoreSnowflakeConnector) throws FeaturestoreException, UserException, ProjectException {
        verifyConnectorDTO(featurestoreSnowflakeConnectorDTO);
        setConnector(featurestoreSnowflakeConnector, updateSecret(users, featurestoreSnowflakeConnectorDTO, featurestoreSnowflakeConnector), featurestoreSnowflakeConnectorDTO);
        return featurestoreSnowflakeConnector;
    }

    private void setConnector(FeaturestoreSnowflakeConnector featurestoreSnowflakeConnector, Secret secret, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO) {
        featurestoreSnowflakeConnector.setUrl(getValueOrNull(featurestoreSnowflakeConnectorDTO.getUrl()));
        featurestoreSnowflakeConnector.setDatabaseUser(getValueOrNull(featurestoreSnowflakeConnectorDTO.getUser()));
        featurestoreSnowflakeConnector.setDatabaseName(getValueOrNull(featurestoreSnowflakeConnectorDTO.getDatabase()));
        featurestoreSnowflakeConnector.setDatabaseSchema(getValueOrNull(featurestoreSnowflakeConnectorDTO.getSchema()));
        featurestoreSnowflakeConnector.setTableName(getValueOrNull(featurestoreSnowflakeConnectorDTO.getTable()));
        featurestoreSnowflakeConnector.setRole(getValueOrNull(featurestoreSnowflakeConnectorDTO.getRole()));
        featurestoreSnowflakeConnector.setWarehouse(getValueOrNull(featurestoreSnowflakeConnectorDTO.getWarehouse()));
        featurestoreSnowflakeConnector.setArguments(fromOptions(featurestoreSnowflakeConnectorDTO.getSfOptions()));
        featurestoreSnowflakeConnector.setApplication(featurestoreSnowflakeConnectorDTO.getApplication());
        if (Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword())) {
            featurestoreSnowflakeConnector.setTokenSecret(secret);
            featurestoreSnowflakeConnector.setPwdSecret((Secret) null);
        } else {
            featurestoreSnowflakeConnector.setPwdSecret(secret);
            featurestoreSnowflakeConnector.setTokenSecret((Secret) null);
        }
    }

    private boolean isNullOrWhitespace(String str) {
        return Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str.trim());
    }

    private String getValueOrNull(String str) {
        if (isNullOrWhitespace(str)) {
            return null;
        }
        return str.trim();
    }

    private List<OptionDTO> toOptions(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        return (List) Arrays.stream(str.split(";")).map(str2 -> {
            return str2.split("=");
        }).map(strArr -> {
            return new OptionDTO(strArr[0], strArr[1]);
        }).collect(Collectors.toList());
    }

    private String fromOptions(List<OptionDTO> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (OptionDTO optionDTO : list) {
            sb.append(sb.length() > 0 ? ";" : KafkaConst.KAFKA_ENDPOINT_IDENTIFICATION_ALGORITHM).append(optionDTO.getName()).append("=").append(optionDTO.getValue());
        }
        return sb.toString();
    }

    private Secret getSecret(FeaturestoreSnowflakeConnector featurestoreSnowflakeConnector) {
        return featurestoreSnowflakeConnector.getPwdSecret() != null ? featurestoreSnowflakeConnector.getPwdSecret() : featurestoreSnowflakeConnector.getTokenSecret();
    }

    private String getSecret(Users users, Secret secret) {
        if (secret == null) {
            return null;
        }
        try {
            return this.secretsController.getShared(users, this.userFacade.find(secret.getId().getUid()), secret.getId().getName()).getPlaintext();
        } catch (UserException | ServiceException | ProjectException e) {
            return null;
        }
    }

    private String createSecretName(Integer num, String str) {
        return "snowflake_" + str.replaceAll(" ", "_").toLowerCase() + "_" + num;
    }

    private Secret createSecret(Users users, Featurestore featurestore, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO) throws ProjectException, UserException {
        String createSecretName = createSecretName(featurestore.getId(), featurestoreSnowflakeConnectorDTO.getName());
        return !Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword()) ? this.secretsController.createSecretForProject(users, createSecretName, featurestoreSnowflakeConnectorDTO.getPassword(), featurestore.getProject().getId()) : this.secretsController.createSecretForProject(users, createSecretName, featurestoreSnowflakeConnectorDTO.getToken(), featurestore.getProject().getId());
    }

    private Secret updateSecret(Users users, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO, FeaturestoreSnowflakeConnector featurestoreSnowflakeConnector) throws UserException, ProjectException {
        Secret secret = getSecret(featurestoreSnowflakeConnector);
        this.secretsController.checkCanAccessSecret(secret, users);
        try {
            secret.setSecret(this.secretsController.encryptSecret(!Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword()) ? featurestoreSnowflakeConnectorDTO.getPassword() : featurestoreSnowflakeConnectorDTO.getToken()));
            return secret;
        } catch (IOException | GeneralSecurityException e) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + secret.getId().getName(), e);
        }
    }

    private void verifyConnectorDTO(FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO) throws FeaturestoreException {
        if (featurestoreSnowflakeConnectorDTO == null) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Null input data");
        }
        if (isNullOrWhitespace(featurestoreSnowflakeConnectorDTO.getUrl())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Url can not be empty");
        }
        if (isNullOrWhitespace(featurestoreSnowflakeConnectorDTO.getUser())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "User can not be empty");
        }
        if (isNullOrWhitespace(featurestoreSnowflakeConnectorDTO.getSchema())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Schema can not be empty");
        }
        if (isNullOrWhitespace(featurestoreSnowflakeConnectorDTO.getDatabase())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Database can not be empty");
        }
        if (Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword()) && Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getToken())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Password or OAuth token must be set");
        }
        if (!Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword()) && !Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getToken())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Only one authentication method is allowed");
        }
    }
}
