package org.projectnessie.catalog.files.adls;

import com.azure.core.credential.TokenCredential;
import com.azure.core.http.HttpClient;
import com.azure.core.util.Configuration;
import com.azure.core.util.ConfigurationBuilder;
import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.storage.common.StorageSharedKeyCredential;
import com.azure.storage.common.policy.RequestRetryOptions;
import com.azure.storage.common.policy.RetryPolicyType;
import com.azure.storage.file.datalake.DataLakeFileClient;
import com.azure.storage.file.datalake.DataLakeFileSystemClient;
import com.azure.storage.file.datalake.DataLakeFileSystemClientBuilder;
import com.azure.storage.file.datalake.DataLakeServiceClientBuilder;
import com.azure.storage.file.datalake.models.UserDelegationKey;
import com.azure.storage.file.datalake.sas.DataLakeServiceSasSignatureValues;
import com.azure.storage.file.datalake.sas.PathSasPermission;
import com.google.common.base.Preconditions;
import java.time.Duration;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import org.projectnessie.catalog.files.api.StorageLocations;
import org.projectnessie.catalog.files.config.AdlsConfig;
import org.projectnessie.catalog.files.config.AdlsFileSystemOptions;
import org.projectnessie.catalog.files.config.AdlsNamedFileSystemOptions;
import org.projectnessie.catalog.files.config.AdlsOptions;
import org.projectnessie.catalog.secrets.BasicCredentials;
import org.projectnessie.catalog.secrets.KeySecret;
import org.projectnessie.catalog.secrets.SecretType;
import org.projectnessie.catalog.secrets.SecretsProvider;
import org.projectnessie.storage.uri.StorageUri;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/projectnessie/catalog/files/adls/AdlsClientSupplier.class */
public final class AdlsClientSupplier {
    private static final Logger LOGGER = LoggerFactory.getLogger(AdlsClientSupplier.class);
    private final HttpClient httpClient;
    private final AdlsConfig adlsConfig;
    private final AdlsOptions adlsOptions;
    private final SecretsProvider secretsProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.projectnessie.catalog.files.adls.AdlsClientSupplier$1, reason: invalid class name */
    /* loaded from: input_file:org/projectnessie/catalog/files/adls/AdlsClientSupplier$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType;
        static final /* synthetic */ int[] $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AdlsRetryStrategy = new int[AdlsFileSystemOptions.AdlsRetryStrategy.values().length];

        static {
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AdlsRetryStrategy[AdlsFileSystemOptions.AdlsRetryStrategy.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AdlsRetryStrategy[AdlsFileSystemOptions.AdlsRetryStrategy.EXPONENTIAL_BACKOFF.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AdlsRetryStrategy[AdlsFileSystemOptions.AdlsRetryStrategy.FIXED_DELAY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType = new int[AdlsFileSystemOptions.AzureAuthType.values().length];
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType[AdlsFileSystemOptions.AzureAuthType.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType[AdlsFileSystemOptions.AzureAuthType.STORAGE_SHARED_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType[AdlsFileSystemOptions.AzureAuthType.SAS_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType[AdlsFileSystemOptions.AzureAuthType.APPLICATION_DEFAULT.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/projectnessie/catalog/files/adls/AdlsClientSupplier$DefaultAzureCredentialsLazy.class */
    public static final class DefaultAzureCredentialsLazy {
        static final DefaultAzureCredential DEFAULT_AZURE_CREDENTIAL = new DefaultAzureCredentialBuilder().build();

        private DefaultAzureCredentialsLazy() {
        }
    }

    public AdlsClientSupplier(HttpClient httpClient, AdlsConfig adlsConfig, AdlsOptions adlsOptions, SecretsProvider secretsProvider) {
        this.httpClient = httpClient;
        this.adlsConfig = adlsConfig;
        this.adlsOptions = adlsOptions;
        this.secretsProvider = secretsProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AdlsOptions adlsOptions() {
        return this.adlsOptions;
    }

    public DataLakeFileClient fileClientForLocation(StorageUri storageUri) {
        DataLakeFileSystemClient fileSystemClient = fileSystemClient(storageUri);
        String requiredPath = storageUri.requiredPath();
        if (requiredPath.startsWith("/")) {
            requiredPath = requiredPath.substring(1);
        }
        return fileSystemClient.getFileClient(requiredPath);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DataLakeFileSystemClient fileSystemClient(StorageUri storageUri) {
        Configuration buildClientConfiguration = buildClientConfiguration();
        AdlsNamedFileSystemOptions resolveOptionsForUri = this.adlsOptions.resolveOptionsForUri(storageUri);
        return buildFileSystemClient(storageUri, resolveOptionsForUri, buildClientConfiguration, endpointForLocation(storageUri, resolveOptionsForUri));
    }

    public Optional<String> generateUserDelegationSas(StorageLocations storageLocations, AdlsNamedFileSystemOptions adlsNamedFileSystemOptions) {
        if (!((Boolean) adlsNamedFileSystemOptions.effectiveUserDelegation().enable().orElse(false)).booleanValue()) {
            return Optional.empty();
        }
        if (adlsNamedFileSystemOptions.authType().orElse(AdlsFileSystemOptions.AzureAuthType.NONE) == AdlsFileSystemOptions.AzureAuthType.NONE) {
            LOGGER.warn("User delegation enabled for {}, but auth-type is NONE", storageLocations.warehouseLocation());
        }
        Configuration buildClientConfiguration = buildClientConfiguration();
        String endpointForLocation = endpointForLocation(storageLocations.warehouseLocation(), adlsNamedFileSystemOptions);
        DataLakeFileSystemClient buildFileSystemClient = buildFileSystemClient(storageLocations.warehouseLocation(), adlsNamedFileSystemOptions, buildClientConfiguration, endpointForLocation);
        DataLakeServiceClientBuilder configuration = new DataLakeServiceClientBuilder().endpoint(endpointForLocation).httpClient(this.httpClient).configuration(buildClientConfiguration);
        Objects.requireNonNull(configuration);
        Consumer<StorageSharedKeyCredential> consumer = configuration::credential;
        Objects.requireNonNull(configuration);
        Consumer<String> consumer2 = configuration::sasToken;
        Objects.requireNonNull(configuration);
        Preconditions.checkState(applyCredentials(adlsNamedFileSystemOptions, consumer, consumer2, configuration::credential));
        Duration duration = (Duration) adlsNamedFileSystemOptions.effectiveUserDelegation().keyExpiry().orElse(AdlsFileSystemOptions.DELEGATION_KEY_DEFAULT_EXPIRY);
        Duration duration2 = (Duration) adlsNamedFileSystemOptions.effectiveUserDelegation().sasExpiry().orElse(AdlsFileSystemOptions.DELEGATION_SAS_DEFAULT_EXPIRY);
        Instant now = Instant.now();
        OffsetDateTime atOffset = now.truncatedTo(ChronoUnit.SECONDS).atOffset(ZoneOffset.UTC);
        OffsetDateTime atOffset2 = now.plus((TemporalAmount) duration).atOffset(ZoneOffset.UTC);
        OffsetDateTime atOffset3 = now.plus((TemporalAmount) duration2).atOffset(ZoneOffset.UTC);
        UserDelegationKey userDelegationKey = configuration.buildClient().getUserDelegationKey(atOffset, atOffset2);
        PathSasPermission pathSasPermission = new PathSasPermission();
        pathSasPermission.setListPermission(true);
        pathSasPermission.setReadPermission(true);
        if (!storageLocations.writeableLocations().isEmpty()) {
            pathSasPermission.setAddPermission(true);
            pathSasPermission.setWritePermission(true);
            pathSasPermission.setDeletePermission(true);
        }
        return Optional.of(buildFileSystemClient.generateUserDelegationSas(new DataLakeServiceSasSignatureValues(atOffset3, pathSasPermission), userDelegationKey));
    }

    private DataLakeFileSystemClient buildFileSystemClient(StorageUri storageUri, AdlsNamedFileSystemOptions adlsNamedFileSystemOptions, Configuration configuration, String str) {
        DataLakeFileSystemClientBuilder endpoint = new DataLakeFileSystemClientBuilder().httpClient(this.httpClient).configuration(configuration).endpoint(str);
        Optional<RequestRetryOptions> buildRequestRetryOptions = buildRequestRetryOptions(adlsNamedFileSystemOptions);
        Objects.requireNonNull(endpoint);
        buildRequestRetryOptions.ifPresent(endpoint::retryOptions);
        Optional<String> container = AdlsLocation.adlsLocation(storageUri).container();
        Objects.requireNonNull(endpoint);
        container.ifPresent(endpoint::fileSystemName);
        Objects.requireNonNull(endpoint);
        Consumer<StorageSharedKeyCredential> consumer = endpoint::credential;
        Objects.requireNonNull(endpoint);
        Consumer<String> consumer2 = endpoint::sasToken;
        Objects.requireNonNull(endpoint);
        if (!applyCredentials(adlsNamedFileSystemOptions, consumer, consumer2, endpoint::credential)) {
            endpoint.setAnonymousAccess();
        }
        return endpoint.buildClient();
    }

    private static String endpointForLocation(StorageUri storageUri, AdlsFileSystemOptions adlsFileSystemOptions) {
        return (String) adlsFileSystemOptions.endpoint().orElseThrow(() -> {
            return new IllegalArgumentException(String.format("Mandatory ADLS endpoint is not configured for storage account %s.", storageUri.requiredAuthority()));
        });
    }

    private Configuration buildClientConfiguration() {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        Map configuration = this.adlsConfig.configuration();
        Objects.requireNonNull(configurationBuilder);
        configuration.forEach(configurationBuilder::putProperty);
        return configurationBuilder.build();
    }

    private boolean applyCredentials(AdlsFileSystemOptions adlsFileSystemOptions, Consumer<StorageSharedKeyCredential> consumer, Consumer<String> consumer2, Consumer<TokenCredential> consumer3) {
        AdlsFileSystemOptions.AzureAuthType azureAuthType = (AdlsFileSystemOptions.AzureAuthType) adlsFileSystemOptions.authType().orElse(AdlsFileSystemOptions.AzureAuthType.NONE);
        switch (AnonymousClass1.$SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AzureAuthType[azureAuthType.ordinal()]) {
            case 1:
                return false;
            case 2:
                BasicCredentials basicCredentials = (BasicCredentials) adlsFileSystemOptions.account().map(uri -> {
                    return this.secretsProvider.getSecret(uri, SecretType.BASIC, BasicCredentials.class);
                }).filter((v0) -> {
                    return v0.isPresent();
                }).map((v0) -> {
                    return v0.get();
                }).orElseThrow(() -> {
                    return new IllegalStateException("storage shared key missing");
                });
                consumer.accept(new StorageSharedKeyCredential(basicCredentials.name(), basicCredentials.secret()));
                return true;
            case 3:
                consumer2.accept(((KeySecret) adlsFileSystemOptions.sasToken().map(uri2 -> {
                    return this.secretsProvider.getSecret(uri2, SecretType.KEY, KeySecret.class);
                }).filter((v0) -> {
                    return v0.isPresent();
                }).map((v0) -> {
                    return v0.get();
                }).orElseThrow(() -> {
                    return new IllegalStateException("SAS token missing");
                })).key());
                return true;
            case 4:
                consumer3.accept(DefaultAzureCredentialsLazy.DEFAULT_AZURE_CREDENTIAL);
                return true;
            default:
                throw new IllegalArgumentException("Unsupported auth type " + String.valueOf(azureAuthType));
        }
    }

    static Optional<RequestRetryOptions> buildRequestRetryOptions(AdlsFileSystemOptions adlsFileSystemOptions) {
        return adlsFileSystemOptions.retryPolicy().flatMap(adlsRetryStrategy -> {
            switch (AnonymousClass1.$SwitchMap$org$projectnessie$catalog$files$config$AdlsFileSystemOptions$AdlsRetryStrategy[adlsRetryStrategy.ordinal()]) {
                case 1:
                    return Optional.empty();
                case 2:
                    return Optional.of(new RequestRetryOptions(RetryPolicyType.EXPONENTIAL, (Integer) adlsFileSystemOptions.maxRetries().orElse(null), (Duration) adlsFileSystemOptions.tryTimeout().orElse(null), (Duration) adlsFileSystemOptions.retryDelay().orElse(null), (Duration) adlsFileSystemOptions.maxRetryDelay().orElse(null), (String) null));
                case 3:
                    return Optional.of(new RequestRetryOptions(RetryPolicyType.FIXED, (Integer) adlsFileSystemOptions.maxRetries().orElse(null), (Duration) adlsFileSystemOptions.tryTimeout().orElse(null), (Duration) adlsFileSystemOptions.retryDelay().orElse(null), (Duration) adlsFileSystemOptions.maxRetryDelay().orElse(null), (String) null));
                default:
                    throw new IllegalArgumentException("Invalid retry strategy: " + String.valueOf(adlsRetryStrategy));
            }
        });
    }
}
