package org.apache.nifi.processors.azure.storage;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.http.HttpAuthorization;
import com.azure.core.util.Context;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobContainerClient;
import com.azure.storage.blob.models.BlobErrorCode;
import com.azure.storage.blob.models.BlobProperties;
import com.azure.storage.blob.models.BlobRange;
import com.azure.storage.blob.models.BlobRequestConditions;
import com.azure.storage.blob.models.BlobStorageException;
import com.azure.storage.blob.options.BlobUploadFromUrlOptions;
import com.azure.storage.blob.options.BlockBlobCommitBlockListOptions;
import com.azure.storage.blob.options.BlockBlobStageBlockFromUrlOptions;
import com.azure.storage.blob.sas.BlobContainerSasPermission;
import com.azure.storage.blob.sas.BlobServiceSasSignatureValues;
import com.azure.storage.blob.specialized.BlockBlobClient;
import java.text.DecimalFormat;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.WritesAttribute;
import org.apache.nifi.annotation.behavior.WritesAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.SeeAlso;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.azure.AbstractAzureBlobProcessor_v12;
import org.apache.nifi.processors.azure.storage.utils.AzureStorageUtils;
import org.apache.nifi.processors.azure.storage.utils.BlobAttributes;
import org.apache.nifi.services.azure.storage.AzureStorageConflictResolutionStrategy;
import org.apache.nifi.services.azure.storage.AzureStorageCredentialsDetails_v12;
import org.apache.nifi.services.azure.storage.AzureStorageCredentialsService_v12;
import org.apache.nifi.services.azure.storage.AzureStorageCredentialsType;
import reactor.core.publisher.Mono;

@CapabilityDescription("Copies a blob in Azure Blob Storage from one account/container to another. The processor uses Azure Blob Storage client library v12.")
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@Tags({"azure", "microsoft", "cloud", "storage", "blob"})
@SeeAlso({ListAzureBlobStorage_v12.class, FetchAzureBlobStorage_v12.class, DeleteAzureBlobStorage_v12.class, PutAzureBlobStorage_v12.class})
@WritesAttributes({@WritesAttribute(attribute = BlobAttributes.ATTR_NAME_CONTAINER, description = BlobAttributes.ATTR_DESCRIPTION_CONTAINER), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_BLOBNAME, description = BlobAttributes.ATTR_DESCRIPTION_BLOBNAME), @WritesAttribute(attribute = "azure.primaryUri", description = BlobAttributes.ATTR_DESCRIPTION_PRIMARY_URI), @WritesAttribute(attribute = "azure.etag", description = BlobAttributes.ATTR_DESCRIPTION_ETAG), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_BLOBTYPE, description = BlobAttributes.ATTR_DESCRIPTION_BLOBTYPE), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_MIME_TYPE, description = BlobAttributes.ATTR_DESCRIPTION_MIME_TYPE), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_LANG, description = BlobAttributes.ATTR_DESCRIPTION_LANG), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_TIMESTAMP, description = BlobAttributes.ATTR_DESCRIPTION_TIMESTAMP), @WritesAttribute(attribute = "azure.length", description = BlobAttributes.ATTR_DESCRIPTION_LENGTH), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_ERROR_CODE, description = BlobAttributes.ATTR_DESCRIPTION_ERROR_CODE), @WritesAttribute(attribute = BlobAttributes.ATTR_NAME_IGNORED, description = BlobAttributes.ATTR_DESCRIPTION_IGNORED)})
/* loaded from: input_file:org/apache/nifi/processors/azure/storage/CopyAzureBlobStorage_v12.class */
public class CopyAzureBlobStorage_v12 extends AbstractAzureBlobProcessor_v12 {
    private static final int GENERATE_SAS_EXPIRY_HOURS = 24;
    public static final PropertyDescriptor SOURCE_STORAGE_CREDENTIALS_SERVICE = new PropertyDescriptor.Builder().name("Source Storage Credentials").displayName("Source Storage Credentials").description("Credentials Service used to obtain Azure Blob Storage Credentials to read Source Blob information").identifiesControllerService(AzureStorageCredentialsService_v12.class).required(true).build();
    public static final PropertyDescriptor SOURCE_CONTAINER_NAME = new PropertyDescriptor.Builder().name("Source Container Name").displayName("Source Container Name").description("Name of the Azure storage container that will be copied").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).required(true).build();
    public static final PropertyDescriptor SOURCE_BLOB_NAME = new PropertyDescriptor.Builder().name("Source Blob Name").displayName("Source Blob Name").description("Name of the Azure blob that will be copied").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).required(true).addValidator(StandardValidators.NON_BLANK_VALIDATOR).description("The full name of the source blob").build();
    public static final PropertyDescriptor DESTINATION_STORAGE_CREDENTIALS_SERVICE = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.BLOB_STORAGE_CREDENTIALS_SERVICE).displayName("Destination Storage Credentials").build();
    public static final PropertyDescriptor DESTINATION_CONTAINER_NAME = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.CONTAINER).displayName("Destination Container Name").description("Name of the Azure storage container destination defaults to the Source Container Name when not specified").required(false).build();
    public static final PropertyDescriptor DESTINATION_BLOB_NAME = new PropertyDescriptor.Builder().fromPropertyDescriptor(BLOB_NAME).displayName("Destination Blob Name").description("The full name of the destination blob defaults to the Source Blob Name when not specified").required(false).build();
    private static final List<PropertyDescriptor> PROPERTIES = List.of(SOURCE_STORAGE_CREDENTIALS_SERVICE, SOURCE_CONTAINER_NAME, SOURCE_BLOB_NAME, DESTINATION_STORAGE_CREDENTIALS_SERVICE, DESTINATION_CONTAINER_NAME, DESTINATION_BLOB_NAME, AzureStorageUtils.CONFLICT_RESOLUTION, AzureStorageUtils.CREATE_CONTAINER, AzureStorageUtils.PROXY_CONFIGURATION_SERVICE);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.nifi.processors.azure.storage.CopyAzureBlobStorage_v12$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/nifi/processors/azure/storage/CopyAzureBlobStorage_v12$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$nifi$services$azure$storage$AzureStorageCredentialsType = new int[AzureStorageCredentialsType.values().length];

        static {
            try {
                $SwitchMap$org$apache$nifi$services$azure$storage$AzureStorageCredentialsType[AzureStorageCredentialsType.ACCESS_TOKEN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$nifi$services$azure$storage$AzureStorageCredentialsType[AzureStorageCredentialsType.MANAGED_IDENTITY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$nifi$services$azure$storage$AzureStorageCredentialsType[AzureStorageCredentialsType.SERVICE_PRINCIPAL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) throws ProcessException {
        HttpAuthorization httpAuthorization;
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        String value = processContext.getProperty(SOURCE_CONTAINER_NAME).evaluateAttributeExpressions(flowFile).getValue();
        String value2 = processContext.getProperty(SOURCE_BLOB_NAME).evaluateAttributeExpressions(flowFile).getValue();
        String str = (String) Optional.ofNullable(processContext.getProperty(DESTINATION_CONTAINER_NAME).evaluateAttributeExpressions(flowFile).getValue()).orElse(value);
        String str2 = (String) Optional.ofNullable(processContext.getProperty(DESTINATION_BLOB_NAME).evaluateAttributeExpressions(flowFile).getValue()).orElse(value2);
        boolean booleanValue = processContext.getProperty(AzureStorageUtils.CREATE_CONTAINER).asBoolean().booleanValue();
        AzureStorageConflictResolutionStrategy asAllowableValue = processContext.getProperty(AzureStorageUtils.CONFLICT_RESOLUTION).asAllowableValue(AzureStorageConflictResolutionStrategy.class);
        long nanoTime = System.nanoTime();
        try {
            BlobContainerClient blobContainerClient = getStorageClient(processContext, DESTINATION_STORAGE_CREDENTIALS_SERVICE, flowFile).getBlobContainerClient(str);
            if (booleanValue && !blobContainerClient.exists()) {
                blobContainerClient.create();
            }
            BlobClient blobClient = blobContainerClient.getBlobClient(str2);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            applyStandardBlobAttributes(linkedHashMap, blobClient);
            boolean z = asAllowableValue == AzureStorageConflictResolutionStrategy.IGNORE_RESOLUTION;
            BlobRequestConditions blobRequestConditions = new BlobRequestConditions();
            try {
                if (asAllowableValue != AzureStorageConflictResolutionStrategy.REPLACE_RESOLUTION) {
                    blobRequestConditions.setIfNoneMatch("*");
                }
                AzureStorageCredentialsService_v12 copyFromCredentialsService = getCopyFromCredentialsService(processContext);
                BlobContainerClient blobContainerClient2 = getStorageClient(processContext, SOURCE_STORAGE_CREDENTIALS_SERVICE, flowFile).getBlobContainerClient(value);
                BlobClient blobClient2 = blobContainerClient2.getBlobClient(value2);
                AzureStorageCredentialsDetails_v12 credentialsDetails = copyFromCredentialsService.getCredentialsDetails(flowFile.getAttributes());
                String blobUrl = blobClient2.getBlobUrl();
                BlobProperties properties = blobClient2.getProperties();
                long blobSize = properties.getBlobSize();
                BlobRequestConditions blobRequestConditions2 = new BlobRequestConditions();
                blobRequestConditions2.setIfMatch(properties.getETag());
                String generateSas = credentialsDetails.getCredentialsType() == AzureStorageCredentialsType.ACCOUNT_KEY ? generateSas(blobContainerClient2) : credentialsDetails.getSasToken();
                if (generateSas == null) {
                    httpAuthorization = getHttpAuthorization(credentialsDetails);
                } else {
                    blobUrl = blobUrl + "?" + generateSas;
                    httpAuthorization = null;
                }
                copy(blobClient, httpAuthorization, blobUrl, blobSize, blobRequestConditions2, blobRequestConditions);
                applyBlobMetadata(linkedHashMap, blobClient);
                if (z) {
                    linkedHashMap.put(BlobAttributes.ATTR_NAME_IGNORED, Boolean.FALSE.toString());
                }
            } catch (BlobStorageException e) {
                BlobErrorCode errorCode = e.getErrorCode();
                flowFile = processSession.putAttribute(flowFile, BlobAttributes.ATTR_NAME_ERROR_CODE, e.getErrorCode().toString());
                if (errorCode != BlobErrorCode.BLOB_ALREADY_EXISTS || !z) {
                    throw e;
                }
                getLogger().info("Blob already exists: remote blob not modified. Transferring {} to success", new Object[]{flowFile});
                linkedHashMap.put(BlobAttributes.ATTR_NAME_IGNORED, Boolean.TRUE.toString());
            }
            FlowFile putAllAttributes = processSession.putAllAttributes(flowFile, linkedHashMap);
            processSession.transfer(putAllAttributes, REL_SUCCESS);
            processSession.getProvenanceReporter().send(putAllAttributes, linkedHashMap.get("azure.primaryUri"), TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime));
        } catch (Exception e2) {
            getLogger().error("Failed to create blob on Azure Blob Storage", e2);
            processSession.transfer(processSession.penalize(flowFile), REL_FAILURE);
        }
    }

    private void copy(BlobClient blobClient, HttpAuthorization httpAuthorization, String str, long j, BlobRequestConditions blobRequestConditions, BlobRequestConditions blobRequestConditions2) {
        BlockBlobClient blockBlobClient = blobClient.getBlockBlobClient();
        if (j < 5242880000L) {
            BlobUploadFromUrlOptions blobUploadFromUrlOptions = new BlobUploadFromUrlOptions(str);
            if (httpAuthorization != null) {
                blobUploadFromUrlOptions.setSourceAuthorization(httpAuthorization);
            }
            blobUploadFromUrlOptions.setSourceRequestConditions(blobRequestConditions);
            blobUploadFromUrlOptions.setDestinationRequestConditions(blobRequestConditions2);
            blockBlobClient.uploadFromUrlWithResponse(blobUploadFromUrlOptions, (Duration) null, Context.NONE);
            return;
        }
        DecimalFormat decimalFormat = new DecimalFormat("0000000");
        long j2 = 0;
        int i = 1;
        ArrayList arrayList = new ArrayList();
        while (true) {
            long min = Math.min(j - j2, 4194304000L);
            if (min == 0) {
                BlockBlobCommitBlockListOptions blockBlobCommitBlockListOptions = new BlockBlobCommitBlockListOptions(arrayList);
                blockBlobCommitBlockListOptions.setRequestConditions(blobRequestConditions2);
                int statusCode = blockBlobClient.commitBlockListWithResponse(blockBlobCommitBlockListOptions, (Duration) null, Context.NONE).getStatusCode();
                if (statusCode != 202) {
                    throw new ProcessException(String.format("Failed committing block list: HTTP %d", Integer.valueOf(statusCode)));
                }
                return;
            }
            String encodeToString = Base64.getEncoder().encodeToString(decimalFormat.format(i).getBytes());
            BlockBlobStageBlockFromUrlOptions blockBlobStageBlockFromUrlOptions = new BlockBlobStageBlockFromUrlOptions(encodeToString, str);
            blockBlobStageBlockFromUrlOptions.setSourceRange(new BlobRange(j2, Long.valueOf(min)));
            if (httpAuthorization != null) {
                blockBlobStageBlockFromUrlOptions.setSourceAuthorization(httpAuthorization);
            }
            blockBlobStageBlockFromUrlOptions.setSourceRequestConditions(blobRequestConditions);
            int statusCode2 = blockBlobClient.stageBlockFromUrlWithResponse(blockBlobStageBlockFromUrlOptions, (Duration) null, Context.NONE).getStatusCode();
            if (statusCode2 != 202) {
                throw new ProcessException(String.format("Failed staging one or more blocks: HTTP %d", Integer.valueOf(statusCode2)));
            }
            arrayList.add(encodeToString);
            j2 += min;
            i++;
        }
    }

    private static String generateSas(BlobContainerClient blobContainerClient) {
        return blobContainerClient.generateSas(new BlobServiceSasSignatureValues(OffsetDateTime.now(ZoneOffset.UTC).plusHours(24L), new BlobContainerSasPermission().setCreatePermission(true).setWritePermission(true).setAddPermission(true).setReadPermission(true)));
    }

    private static AzureStorageCredentialsService_v12 getCopyFromCredentialsService(ProcessContext processContext) {
        return processContext.getProperty(SOURCE_STORAGE_CREDENTIALS_SERVICE).asControllerService(AzureStorageCredentialsService_v12.class);
    }

    private static HttpAuthorization getHttpAuthorization(AzureStorageCredentialsDetails_v12 azureStorageCredentialsDetails_v12) {
        switch (AnonymousClass1.$SwitchMap$org$apache$nifi$services$azure$storage$AzureStorageCredentialsType[azureStorageCredentialsDetails_v12.getCredentialsType().ordinal()]) {
            case 1:
                return getHttpAuthorizationFromTokenCredential(tokenRequestContext -> {
                    return Mono.just(azureStorageCredentialsDetails_v12.getAccessToken());
                });
            case 2:
                return getHttpAuthorizationFromTokenCredential(new ManagedIdentityCredentialBuilder().clientId(azureStorageCredentialsDetails_v12.getManagedIdentityClientId()).build());
            case 3:
                return getHttpAuthorizationFromTokenCredential(new ClientSecretCredentialBuilder().clientId(azureStorageCredentialsDetails_v12.getServicePrincipalClientId()).clientSecret(azureStorageCredentialsDetails_v12.getServicePrincipalClientSecret()).tenantId(azureStorageCredentialsDetails_v12.getServicePrincipalTenantId()).build());
            default:
                return null;
        }
    }

    private static HttpAuthorization getHttpAuthorizationFromTokenCredential(TokenCredential tokenCredential) {
        TokenRequestContext tokenRequestContext = new TokenRequestContext();
        tokenRequestContext.setScopes(Collections.singletonList("https://storage.azure.com/.default"));
        AccessToken accessToken = (AccessToken) tokenCredential.getToken(tokenRequestContext).block();
        if (accessToken == null) {
            throw new IllegalStateException("Storage Access Token not retrieved");
        }
        return new HttpAuthorization("Bearer", accessToken.getToken());
    }
}
