package org.apache.nifi.services.azure.storage;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.BiConsumer;
import java.util.function.Function;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.azure.storage.utils.AzureStorageUtils;
import org.apache.nifi.services.azure.storage.ADLSCredentialsDetails;

@CapabilityDescription("Defines credentials for ADLS processors.")
@Tags({"azure", "microsoft", "cloud", "storage", "adls", "credentials"})
/* loaded from: input_file:org/apache/nifi/services/azure/storage/ADLSCredentialsControllerService.class */
public class ADLSCredentialsControllerService extends AbstractControllerService implements ADLSCredentialsService {
    public static final PropertyDescriptor ACCOUNT_NAME = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.ACCOUNT_NAME).description("The storage account name. There are certain risks in allowing the account name to be stored as a flowfile attribute. While it does provide for a more flexible flow by allowing the account name to be fetched dynamically from a flowfile attribute, care must be taken to restrict access to the event provenance data (e.g., by strictly controlling the policies governing provenance for this processor). In addition, the provenance repositories may be put on encrypted disk partitions.").required(true).build();
    public static final PropertyDescriptor ENDPOINT_SUFFIX = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.ENDPOINT_SUFFIX).displayName("Endpoint Suffix").description("Storage accounts in public Azure always use a common FQDN suffix. Override this endpoint suffix with a different suffix in certain circumstances (like Azure Stack or non-public Azure regions).").required(true).defaultValue("dfs.core.windows.net").expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor USE_MANAGED_IDENTITY = new PropertyDescriptor.Builder().name("storage-use-managed-identity").displayName("Use Azure Managed Identity").description("Choose whether or not to use the managed identity of Azure VM/VMSS ").required(false).defaultValue("false").allowableValues(new String[]{"true", "false"}).addValidator(StandardValidators.BOOLEAN_VALIDATOR).build();
    public static final PropertyDescriptor SERVICE_PRINCIPAL_TENANT_ID = new PropertyDescriptor.Builder().name("service-principal-tenant-id").displayName("Service Principal Tenant ID").description("Tenant ID of the Azure Active Directory hosting the Service Principal. The property is required when Service Principal authentication is used.").sensitive(true).required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.NONE).build();
    public static final PropertyDescriptor SERVICE_PRINCIPAL_CLIENT_ID = new PropertyDescriptor.Builder().name("service-principal-client-id").displayName("Service Principal Client ID").description("Client ID (or Application ID) of the Client/Application having the Service Principal. The property is required when Service Principal authentication is used.").sensitive(true).required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.NONE).build();
    public static final PropertyDescriptor SERVICE_PRINCIPAL_CLIENT_SECRET = new PropertyDescriptor.Builder().name("service-principal-client-secret").displayName("Service Principal Client Secret").description("Password of the Client/Application. The property is required when Service Principal authentication is used.").sensitive(true).required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.NONE).build();
    private static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(ACCOUNT_NAME, ENDPOINT_SUFFIX, AzureStorageUtils.ACCOUNT_KEY, AzureStorageUtils.PROP_SAS_TOKEN, USE_MANAGED_IDENTITY, SERVICE_PRINCIPAL_TENANT_ID, SERVICE_PRINCIPAL_CLIENT_ID, SERVICE_PRINCIPAL_CLIENT_SECRET));
    private ConfigurationContext context;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        boolean isNotBlank = StringUtils.isNotBlank(validationContext.getProperty(AzureStorageUtils.ACCOUNT_KEY).getValue());
        boolean isNotBlank2 = StringUtils.isNotBlank(validationContext.getProperty(AzureStorageUtils.PROP_SAS_TOKEN).getValue());
        boolean booleanValue = validationContext.getProperty(USE_MANAGED_IDENTITY).asBoolean().booleanValue();
        boolean isNotBlank3 = StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_TENANT_ID).getValue());
        boolean isNotBlank4 = StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_CLIENT_ID).getValue());
        boolean isNotBlank5 = StringUtils.isNotBlank(validationContext.getProperty(SERVICE_PRINCIPAL_CLIENT_SECRET).getValue());
        boolean z = isNotBlank3 || isNotBlank4 || isNotBlank5;
        if (!onlyOneSet(Boolean.valueOf(isNotBlank), Boolean.valueOf(isNotBlank2), Boolean.valueOf(booleanValue), Boolean.valueOf(z))) {
            arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName()).valid(false).explanation("one and only one authentication method of [Account Key, SAS Token, Managed Identity, Service Principal] should be used").build());
        } else if (z) {
            if (!isNotBlank3) {
                arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName()).valid(false).explanation(String.format("'%s' must be set when Service Principal authentication is being configured", SERVICE_PRINCIPAL_TENANT_ID.getDisplayName())).build());
            }
            if (!isNotBlank4) {
                arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName()).valid(false).explanation(String.format("'%s' must be set when Service Principal authentication is being configured", SERVICE_PRINCIPAL_CLIENT_ID.getDisplayName())).build());
            }
            if (!isNotBlank5) {
                arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName()).valid(false).explanation(String.format("'%s' must be set when Service Principal authentication is being configured", SERVICE_PRINCIPAL_CLIENT_SECRET.getDisplayName())).build());
            }
        }
        return arrayList;
    }

    private boolean onlyOneSet(Boolean... boolArr) {
        return Arrays.stream(boolArr).filter(bool -> {
            return bool.booleanValue();
        }).count() == 1;
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) {
        this.context = configurationContext;
    }

    public ADLSCredentialsDetails getCredentialsDetails(Map<String, String> map) {
        ADLSCredentialsDetails.Builder newBuilder = ADLSCredentialsDetails.Builder.newBuilder();
        setValue(newBuilder, ACCOUNT_NAME, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setAccountName(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.ACCOUNT_KEY, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setAccountKey(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.PROP_SAS_TOKEN, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setSasToken(v1);
        }, map);
        setValue(newBuilder, ENDPOINT_SUFFIX, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setEndpointSuffix(v1);
        }, map);
        setValue(newBuilder, USE_MANAGED_IDENTITY, (v0) -> {
            return v0.asBoolean();
        }, (v0, v1) -> {
            v0.setUseManagedIdentity(v1);
        }, map);
        setValue(newBuilder, SERVICE_PRINCIPAL_TENANT_ID, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalTenantId(v1);
        }, map);
        setValue(newBuilder, SERVICE_PRINCIPAL_CLIENT_ID, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalClientId(v1);
        }, map);
        setValue(newBuilder, SERVICE_PRINCIPAL_CLIENT_SECRET, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalClientSecret(v1);
        }, map);
        return newBuilder.build();
    }

    private <T> void setValue(ADLSCredentialsDetails.Builder builder, PropertyDescriptor propertyDescriptor, Function<PropertyValue, T> function, BiConsumer<ADLSCredentialsDetails.Builder, T> biConsumer, Map<String, String> map) {
        PropertyValue property = this.context.getProperty(propertyDescriptor);
        if (property.isSet()) {
            if (propertyDescriptor.isExpressionLanguageSupported()) {
                property = propertyDescriptor.getExpressionLanguageScope() == ExpressionLanguageScope.FLOWFILE_ATTRIBUTES ? property.evaluateAttributeExpressions(map) : property.evaluateAttributeExpressions();
            }
            biConsumer.accept(builder, function.apply(property));
        }
    }
}
