package org.finra.herd.service.impl;

import com.amazonaws.auth.policy.actions.S3Actions;
import com.amazonaws.services.securitytoken.model.Credentials;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.finra.herd.core.HerdDateUtils;
import org.finra.herd.core.helper.ConfigurationHelper;
import org.finra.herd.dao.BusinessObjectDataDao;
import org.finra.herd.dao.StsDao;
import org.finra.herd.dao.helper.AwsHelper;
import org.finra.herd.model.AlreadyExistsException;
import org.finra.herd.model.annotation.NamespacePermission;
import org.finra.herd.model.api.xml.AwsCredential;
import org.finra.herd.model.api.xml.BusinessObjectDataKey;
import org.finra.herd.model.api.xml.BusinessObjectFormatKey;
import org.finra.herd.model.api.xml.NamespacePermissionEnum;
import org.finra.herd.model.api.xml.S3KeyPrefixInformation;
import org.finra.herd.model.api.xml.StorageUnitDownloadCredential;
import org.finra.herd.model.api.xml.StorageUnitUploadCredential;
import org.finra.herd.model.dto.ConfigurationValue;
import org.finra.herd.model.jpa.BusinessObjectDataEntity;
import org.finra.herd.model.jpa.BusinessObjectFormatEntity;
import org.finra.herd.model.jpa.StorageEntity;
import org.finra.herd.service.StorageUnitService;
import org.finra.herd.service.helper.AwsPolicyBuilder;
import org.finra.herd.service.helper.BusinessObjectDataHelper;
import org.finra.herd.service.helper.BusinessObjectFormatDaoHelper;
import org.finra.herd.service.helper.KmsActions;
import org.finra.herd.service.helper.S3KeyPrefixHelper;
import org.finra.herd.service.helper.StorageDaoHelper;
import org.finra.herd.service.helper.StorageHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

@Transactional("herdTransactionManager")
@Service
/* loaded from: input_file:org/finra/herd/service/impl/StorageUnitServiceImpl.class */
public class StorageUnitServiceImpl implements StorageUnitService {

    @Autowired
    private AwsHelper awsHelper;

    @Autowired
    private BusinessObjectDataDao businessObjectDataDao;

    @Autowired
    private BusinessObjectDataHelper businessObjectDataHelper;

    @Autowired
    private BusinessObjectFormatDaoHelper businessObjectFormatDaoHelper;

    @Autowired
    private ConfigurationHelper configurationHelper;

    @Autowired
    private S3KeyPrefixHelper s3KeyPrefixHelper;

    @Autowired
    private StorageDaoHelper storageDaoHelper;

    @Autowired
    private StorageHelper storageHelper;

    @Autowired
    private StsDao stsDao;

    @Override // org.finra.herd.service.StorageUnitService
    @NamespacePermission(fields = {"#businessObjectDataKey.namespace"}, permissions = {NamespacePermissionEnum.READ})
    @Transactional(propagation = Propagation.REQUIRES_NEW)
    public S3KeyPrefixInformation getS3KeyPrefix(BusinessObjectDataKey businessObjectDataKey, String str, String str2, Boolean bool) {
        return getS3KeyPrefixImpl(businessObjectDataKey, str, str2, bool);
    }

    @Override // org.finra.herd.service.StorageUnitService
    @NamespacePermission(fields = {"#businessObjectDataKey?.namespace"}, permissions = {NamespacePermissionEnum.WRITE})
    public StorageUnitUploadCredential getStorageUnitUploadCredential(BusinessObjectDataKey businessObjectDataKey, Boolean bool, String str) {
        StorageUnitUploadCredential storageUnitUploadCredential = new StorageUnitUploadCredential();
        storageUnitUploadCredential.setAwsCredential(getBusinessObjectDataS3Credential(businessObjectDataKey, bool, str, true));
        storageUnitUploadCredential.setAwsKmsKeyId(getStorageKmsKeyId(this.storageDaoHelper.getStorageEntity(str.trim())));
        return storageUnitUploadCredential;
    }

    @Override // org.finra.herd.service.StorageUnitService
    @NamespacePermission(fields = {"#businessObjectDataKey?.namespace"}, permissions = {NamespacePermissionEnum.READ})
    public StorageUnitDownloadCredential getStorageUnitDownloadCredential(BusinessObjectDataKey businessObjectDataKey, String str) {
        StorageUnitDownloadCredential storageUnitDownloadCredential = new StorageUnitDownloadCredential();
        storageUnitDownloadCredential.setAwsCredential(getBusinessObjectDataS3Credential(businessObjectDataKey, null, str, false));
        return storageUnitDownloadCredential;
    }

    protected S3KeyPrefixInformation getS3KeyPrefixImpl(BusinessObjectDataKey businessObjectDataKey, String str, String str2, Boolean bool) {
        this.businessObjectDataHelper.validateBusinessObjectDataKey(businessObjectDataKey, true, false);
        String str3 = str;
        if (str3 != null) {
            str3 = str3.trim();
        }
        String trim = StringUtils.isNotBlank(str2) ? str2.trim() : this.configurationHelper.getProperty(ConfigurationValue.S3_STORAGE_NAME_DEFAULT);
        BusinessObjectFormatEntity businessObjectFormatEntity = this.businessObjectFormatDaoHelper.getBusinessObjectFormatEntity(new BusinessObjectFormatKey(businessObjectDataKey.getNamespace(), businessObjectDataKey.getBusinessObjectDefinitionName(), businessObjectDataKey.getBusinessObjectFormatUsage(), businessObjectDataKey.getBusinessObjectFormatFileType(), businessObjectDataKey.getBusinessObjectFormatVersion()));
        if (StringUtils.isNotBlank(str3)) {
            Assert.isTrue(businessObjectFormatEntity.getPartitionKey().equalsIgnoreCase(str3), "Partition key \"" + str3 + "\" doesn't match configured business object format partition key \"" + businessObjectFormatEntity.getPartitionKey() + "\".");
        }
        StorageEntity storageEntity = this.storageDaoHelper.getStorageEntity(trim);
        if (businessObjectDataKey.getBusinessObjectDataVersion() == null) {
            BusinessObjectDataEntity businessObjectDataByAltKey = this.businessObjectDataDao.getBusinessObjectDataByAltKey(new BusinessObjectDataKey(businessObjectDataKey.getNamespace(), businessObjectDataKey.getBusinessObjectDefinitionName(), businessObjectDataKey.getBusinessObjectFormatUsage(), businessObjectDataKey.getBusinessObjectFormatFileType(), businessObjectDataKey.getBusinessObjectFormatVersion(), businessObjectDataKey.getPartitionValue(), businessObjectDataKey.getSubPartitionValues(), (Integer) null));
            if (businessObjectDataByAltKey != null && !bool.booleanValue()) {
                throw new AlreadyExistsException("Initial version of the business object data already exists.");
            }
            businessObjectDataKey.setBusinessObjectDataVersion(Integer.valueOf(businessObjectDataByAltKey == null ? 0 : businessObjectDataByAltKey.getVersion().intValue() + 1));
        }
        String buildS3KeyPrefix = this.s3KeyPrefixHelper.buildS3KeyPrefix(storageEntity, businessObjectFormatEntity, businessObjectDataKey);
        S3KeyPrefixInformation s3KeyPrefixInformation = new S3KeyPrefixInformation();
        s3KeyPrefixInformation.setS3KeyPrefix(buildS3KeyPrefix);
        return s3KeyPrefixInformation;
    }

    private AwsCredential getBusinessObjectDataS3Credential(BusinessObjectDataKey businessObjectDataKey, Boolean bool, String str, boolean z) {
        ConfigurationValue configurationValue;
        ConfigurationValue configurationValue2;
        ConfigurationValue configurationValue3;
        S3Actions[] s3ActionsArr;
        KmsActions[] kmsActionsArr;
        Assert.isTrue(StringUtils.isNotBlank(str), "storageName must be specified");
        Assert.isTrue((businessObjectDataKey.getBusinessObjectDataVersion() == null && bool == null) ? false : true, "One of businessObjectDataVersion or createNewVersion must be specified.");
        Assert.isTrue(businessObjectDataKey.getBusinessObjectDataVersion() == null || !Boolean.TRUE.equals(bool), "createNewVersion must be false or unspecified when businessObjectDataVersion is specified.");
        if (z) {
            configurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_UPLOAD_ROLE_ARN;
            configurationValue2 = ConfigurationValue.AWS_S3_DEFAULT_UPLOAD_SESSION_DURATION_SECS;
            configurationValue3 = ConfigurationValue.S3_ATTRIBUTE_NAME_UPLOAD_SESSION_DURATION_SECS;
            s3ActionsArr = new S3Actions[]{S3Actions.PutObject, S3Actions.DeleteObject};
            kmsActionsArr = new KmsActions[]{KmsActions.GENERATE_DATA_KEY, KmsActions.DECRYPT};
        } else {
            configurationValue = ConfigurationValue.S3_ATTRIBUTE_NAME_DOWNLOAD_ROLE_ARN;
            configurationValue2 = ConfigurationValue.AWS_S3_DEFAULT_DOWNLOAD_SESSION_DURATION_SECS;
            configurationValue3 = ConfigurationValue.S3_ATTRIBUTE_NAME_DOWNLOAD_SESSION_DURATION_SECS;
            s3ActionsArr = new S3Actions[]{S3Actions.GetObject};
            kmsActionsArr = new KmsActions[]{KmsActions.DECRYPT};
        }
        StorageEntity storageEntity = this.storageDaoHelper.getStorageEntity(str.trim());
        String storageAttributeValueByName = this.storageHelper.getStorageAttributeValueByName(this.configurationHelper.getProperty(configurationValue), storageEntity, true);
        Integer storageAttributeIntegerValueByName = this.storageHelper.getStorageAttributeIntegerValueByName(this.configurationHelper.getProperty(configurationValue3), storageEntity, (Integer) this.configurationHelper.getProperty(configurationValue2, Integer.class));
        String storageAttributeValueByName2 = this.storageHelper.getStorageAttributeValueByName(this.configurationHelper.getProperty(ConfigurationValue.S3_ATTRIBUTE_NAME_BUCKET_NAME), storageEntity, true);
        AwsPolicyBuilder withS3 = new AwsPolicyBuilder().withS3Prefix(storageAttributeValueByName2, getS3KeyPrefixImpl(businessObjectDataKey, null, str, bool).getS3KeyPrefix(), s3ActionsArr).withS3(storageAttributeValueByName2, null, S3Actions.ListObjects);
        String storageKmsKeyId = getStorageKmsKeyId(storageEntity);
        if (storageKmsKeyId != null) {
            withS3.withKms(storageKmsKeyId.trim(), kmsActionsArr);
        }
        Credentials temporarySecurityCredentials = this.stsDao.getTemporarySecurityCredentials(this.awsHelper.getAwsParamsDto(), UUID.randomUUID().toString(), storageAttributeValueByName, storageAttributeIntegerValueByName.intValue(), withS3.build());
        AwsCredential awsCredential = new AwsCredential();
        awsCredential.setAwsAccessKey(temporarySecurityCredentials.getAccessKeyId());
        awsCredential.setAwsSecretKey(temporarySecurityCredentials.getSecretAccessKey());
        awsCredential.setAwsSessionToken(temporarySecurityCredentials.getSessionToken());
        awsCredential.setAwsSessionExpirationTime(HerdDateUtils.getXMLGregorianCalendarValue(temporarySecurityCredentials.getExpiration()));
        return awsCredential;
    }

    private String getStorageKmsKeyId(StorageEntity storageEntity) {
        return this.storageHelper.getStorageAttributeValueByName(this.configurationHelper.getProperty(ConfigurationValue.S3_ATTRIBUTE_NAME_KMS_KEY_ID), storageEntity, false, true);
    }
}
