package io.hops.hopsworks.common.featurestore.storageconnectors.adls;

import com.google.common.base.Strings;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.featurestore.OptionDTO;
import io.hops.hopsworks.common.security.secrets.SecretsController;
import io.hops.hopsworks.exceptions.FeaturestoreException;
import io.hops.hopsworks.exceptions.ProjectException;
import io.hops.hopsworks.exceptions.ServiceException;
import io.hops.hopsworks.exceptions.UserException;
import io.hops.hopsworks.persistence.entity.featurestore.Featurestore;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.FeaturestoreConnector;
import io.hops.hopsworks.persistence.entity.featurestore.storageconnector.adls.FeaturestoreADLSConnector;
import io.hops.hopsworks.persistence.entity.project.Project;
import io.hops.hopsworks.persistence.entity.user.Users;
import io.hops.hopsworks.persistence.entity.user.security.secrets.Secret;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.transaction.Transactional;

@TransactionAttribute(TransactionAttributeType.NEVER)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/featurestore/storageconnectors/adls/FeaturestoreADLSConnectorController.class */
public class FeaturestoreADLSConnectorController {

    @EJB
    private SecretsController secretsController;

    @EJB
    private UserFacade userFacade;

    public FeaturestoreADLSConnector createADLConnector(Users users, Project project, Featurestore featurestore, FeaturestoreADLSConnectorDTO featurestoreADLSConnectorDTO) throws FeaturestoreException, ProjectException, UserException {
        verifyConnectorDTO(featurestoreADLSConnectorDTO);
        Secret createSecretForProject = this.secretsController.createSecretForProject(users, createSecretName(featurestore.getId(), featurestoreADLSConnectorDTO.getName()), featurestoreADLSConnectorDTO.getServiceCredential(), project.getId());
        FeaturestoreADLSConnector featurestoreADLSConnector = new FeaturestoreADLSConnector();
        featurestoreADLSConnector.setGeneration(featurestoreADLSConnectorDTO.getGeneration().intValue());
        featurestoreADLSConnector.setDirectoryId(featurestoreADLSConnectorDTO.getDirectoryId());
        featurestoreADLSConnector.setApplicationId(featurestoreADLSConnectorDTO.getApplicationId());
        featurestoreADLSConnector.setServiceCredentialSecret(createSecretForProject);
        featurestoreADLSConnector.setAccountName(featurestoreADLSConnectorDTO.getAccountName());
        featurestoreADLSConnector.setContainerName(featurestoreADLSConnectorDTO.getContainerName());
        return featurestoreADLSConnector;
    }

    private String createSecretName(Integer num, String str) {
        return "adls_" + str.replaceAll(" ", "_").toLowerCase() + "_" + num;
    }

    public FeaturestoreADLSConnectorDTO getADLConnectorDTO(Users users, FeaturestoreConnector featurestoreConnector) {
        FeaturestoreADLSConnectorDTO featurestoreADLSConnectorDTO = new FeaturestoreADLSConnectorDTO(featurestoreConnector);
        String serviceCredential = getServiceCredential(users, featurestoreConnector.getAdlsConnector());
        featurestoreADLSConnectorDTO.setServiceCredential(serviceCredential);
        FeaturestoreADLSConnector adlsConnector = featurestoreConnector.getAdlsConnector();
        if (adlsConnector.getGeneration() == 1) {
            featurestoreADLSConnectorDTO.setSparkOptions(getSparkOptionsGen1(adlsConnector, serviceCredential));
        } else if (adlsConnector.getGeneration() == 2) {
            featurestoreADLSConnectorDTO.setSparkOptions(getSparkOptionsGen2(adlsConnector, serviceCredential));
        }
        return featurestoreADLSConnectorDTO;
    }

    private String getServiceCredential(Users users, FeaturestoreADLSConnector featurestoreADLSConnector) {
        Secret serviceCredentialSecret = featurestoreADLSConnector.getServiceCredentialSecret();
        if (serviceCredentialSecret == null) {
            return null;
        }
        try {
            return this.secretsController.getShared(users, this.userFacade.find(serviceCredentialSecret.getId().getUid()), serviceCredentialSecret.getId().getName()).getPlaintext();
        } catch (UserException | ServiceException | ProjectException e) {
            return null;
        }
    }

    private List<OptionDTO> getSparkOptionsGen2(FeaturestoreADLSConnector featurestoreADLSConnector, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new OptionDTO("fs.azure.account.auth.type." + featurestoreADLSConnector.getAccountName() + ".dfs.core.windows.net", "OAuth"));
        arrayList.add(new OptionDTO("fs.azure.account.oauth.provider.type." + featurestoreADLSConnector.getAccountName() + ".dfs.core.windows.net", "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider"));
        arrayList.add(new OptionDTO("fs.azure.account.oauth2.client.id." + featurestoreADLSConnector.getAccountName() + ".dfs.core.windows.net", featurestoreADLSConnector.getApplicationId()));
        arrayList.add(new OptionDTO("fs.azure.account.oauth2.client.secret." + featurestoreADLSConnector.getAccountName() + ".dfs.core.windows.net", str));
        arrayList.add(new OptionDTO("fs.azure.account.oauth2.client.endpoint." + featurestoreADLSConnector.getAccountName() + ".dfs.core.windows.net", "https://login.microsoftonline.com/" + featurestoreADLSConnector.getDirectoryId() + "/oauth2/token"));
        return arrayList;
    }

    private List<OptionDTO> getSparkOptionsGen1(FeaturestoreADLSConnector featurestoreADLSConnector, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new OptionDTO("fs.adl.oauth2.access.token.provider.type", "ClientCredential"));
        arrayList.add(new OptionDTO("fs.adl.account." + featurestoreADLSConnector.getAccountName() + ".oauth2.client.id", featurestoreADLSConnector.getApplicationId()));
        arrayList.add(new OptionDTO("fs.adl.account." + featurestoreADLSConnector.getAccountName() + ".oauth2.credential", str));
        arrayList.add(new OptionDTO("fs.adl.account." + featurestoreADLSConnector.getAccountName() + ".oauth2.refresh.url", "https://login.microsoftonline.com/" + featurestoreADLSConnector.getDirectoryId() + "/oauth2/token"));
        return arrayList;
    }

    @TransactionAttribute(TransactionAttributeType.REQUIRED)
    @Transactional(rollbackOn = {FeaturestoreException.class})
    public FeaturestoreADLSConnector updateAdlConnector(Users users, FeaturestoreADLSConnectorDTO featurestoreADLSConnectorDTO, FeaturestoreADLSConnector featurestoreADLSConnector) throws FeaturestoreException, ProjectException, UserException {
        verifyConnectorDTO(featurestoreADLSConnectorDTO);
        this.secretsController.checkCanAccessSecret(featurestoreADLSConnector.getServiceCredentialSecret(), users);
        featurestoreADLSConnector.setGeneration(featurestoreADLSConnectorDTO.getGeneration().intValue());
        featurestoreADLSConnector.setDirectoryId(featurestoreADLSConnectorDTO.getDirectoryId());
        featurestoreADLSConnector.setApplicationId(featurestoreADLSConnectorDTO.getApplicationId());
        featurestoreADLSConnector.setAccountName(featurestoreADLSConnectorDTO.getAccountName());
        featurestoreADLSConnector.setContainerName(featurestoreADLSConnectorDTO.getContainerName());
        Secret serviceCredentialSecret = featurestoreADLSConnector.getServiceCredentialSecret();
        try {
            serviceCredentialSecret.setSecret(this.secretsController.encryptSecret(featurestoreADLSConnectorDTO.getServiceCredential()));
            return featurestoreADLSConnector;
        } catch (IOException | GeneralSecurityException e) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + serviceCredentialSecret.getId().getName(), e);
        }
    }

    private void verifyConnectorDTO(FeaturestoreADLSConnectorDTO featurestoreADLSConnectorDTO) throws FeaturestoreException {
        if (featurestoreADLSConnectorDTO.getGeneration() == null) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Generation is empty");
        }
        int intValue = featurestoreADLSConnectorDTO.getGeneration() != null ? featurestoreADLSConnectorDTO.getGeneration().intValue() : 2;
        if (intValue != 1 && intValue != 2) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "Invalid ADLS generation - Only generation 1 and 2 supported");
        }
        if (Strings.isNullOrEmpty(featurestoreADLSConnectorDTO.getDirectoryId())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "DirectoryId is empty");
        }
        if (Strings.isNullOrEmpty(featurestoreADLSConnectorDTO.getApplicationId())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "ApplicationId is empty");
        }
        if (Strings.isNullOrEmpty(featurestoreADLSConnectorDTO.getServiceCredential())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "ServiceCredentials is empty");
        }
        if (Strings.isNullOrEmpty(featurestoreADLSConnectorDTO.getAccountName())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "AccountName is empty");
        }
        if (intValue == 2 && Strings.isNullOrEmpty(featurestoreADLSConnectorDTO.getContainerName())) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.ILLEGAL_STORAGE_CONNECTOR_ARG, Level.FINE, "ContainerName is empty");
        }
    }
}
