package org.projectnessie.catalog.service.config;

import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.projectnessie.catalog.files.config.AdlsFileSystemOptions;
import org.projectnessie.catalog.files.config.AdlsOptions;
import org.projectnessie.catalog.files.config.GcsBucketOptions;
import org.projectnessie.catalog.files.config.GcsOptions;
import org.projectnessie.catalog.files.config.S3BucketOptions;
import org.projectnessie.catalog.files.config.S3Config;
import org.projectnessie.catalog.files.config.S3Options;
import org.projectnessie.catalog.files.config.SecretStore;
import org.projectnessie.catalog.secrets.BasicCredentials;
import org.projectnessie.catalog.secrets.KeySecret;
import org.projectnessie.catalog.secrets.SecretType;
import org.projectnessie.catalog.secrets.SecretsProvider;
import org.projectnessie.catalog.secrets.TokenSecret;
import org.projectnessie.catalog.service.config.ImmutableSecretValidationFailure;
import org.projectnessie.catalog.service.config.ImmutableSecretsValidation;
import org.projectnessie.nessie.immutables.NessieImmutable;

@NessieImmutable
/* loaded from: input_file:org/projectnessie/catalog/service/config/SecretsValidation.class */
public abstract class SecretsValidation {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.projectnessie.catalog.service.config.SecretsValidation$1, reason: invalid class name */
    /* loaded from: input_file:org/projectnessie/catalog/service/config/SecretsValidation$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$projectnessie$catalog$secrets$SecretType = new int[SecretType.values().length];

        static {
            try {
                $SwitchMap$org$projectnessie$catalog$secrets$SecretType[SecretType.BASIC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$secrets$SecretType[SecretType.KEY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$secrets$SecretType[SecretType.EXPIRING_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/projectnessie/catalog/service/config/SecretsValidation$FailureCategory.class */
    public enum FailureCategory {
        NOT_FOUND,
        TECHNICAL_ERROR
    }

    @NessieImmutable
    /* loaded from: input_file:org/projectnessie/catalog/service/config/SecretsValidation$SecretValidationFailure.class */
    public interface SecretValidationFailure {
        /* renamed from: propertyPath */
        List<String> mo5propertyPath();

        URI uri();

        FailureCategory failureCategory();

        Optional<Throwable> failure();

        String message();

        static ImmutableSecretValidationFailure.Builder builder() {
            return ImmutableSecretValidationFailure.builder();
        }
    }

    public abstract SecretsProvider secretsProvider();

    public static ImmutableSecretsValidation.Builder builder() {
        return ImmutableSecretsValidation.builder();
    }

    public Collection<SecretValidationFailure> validateLakehouseConfig(LakehouseConfig lakehouseConfig) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(validateS3Options(lakehouseConfig.s3()));
        arrayList.addAll(validateGcsOptions(lakehouseConfig.gcs()));
        arrayList.addAll(validateAdlsOptions(lakehouseConfig.adls()));
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateSmallryeConfigs(SmallryeConfigs smallryeConfigs) {
        return validateS3Config(smallryeConfigs.s3config());
    }

    public Collection<SecretValidationFailure> validateS3Options(S3Options s3Options) {
        ArrayList arrayList = new ArrayList();
        Optional map = s3Options.defaultOptions().map(s3BucketOptions -> {
            return validateS3Bucket(s3BucketOptions, "<default>");
        });
        Objects.requireNonNull(arrayList);
        map.ifPresent(arrayList::addAll);
        s3Options.buckets().forEach((str, s3NamedBucketOptions) -> {
            arrayList.addAll(validateS3Bucket(s3NamedBucketOptions, (String) s3NamedBucketOptions.name().orElse(str)));
        });
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateS3Config(S3Config s3Config) {
        ArrayList arrayList = new ArrayList();
        Optional map = s3Config.keyStore().map(secretStore -> {
            return validateS3SecretStore(secretStore, "keyStore");
        });
        Objects.requireNonNull(arrayList);
        map.ifPresent(arrayList::addAll);
        Optional map2 = s3Config.trustStore().map(secretStore2 -> {
            return validateS3SecretStore(secretStore2, "trustStore");
        });
        Objects.requireNonNull(arrayList);
        map2.ifPresent(arrayList::addAll);
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateS3SecretStore(SecretStore secretStore, String str) {
        ArrayList arrayList = new ArrayList();
        Optional<SecretValidationFailure> validateSecret = validateSecret(secretStore.password(), SecretType.KEY, List.of("s3", str));
        Objects.requireNonNull(arrayList);
        validateSecret.ifPresent((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateGcsOptions(GcsOptions gcsOptions) {
        ArrayList arrayList = new ArrayList();
        Optional map = gcsOptions.defaultOptions().map(gcsBucketOptions -> {
            return validateGcsBucket(gcsBucketOptions, "<default>");
        });
        Objects.requireNonNull(arrayList);
        map.ifPresent(arrayList::addAll);
        gcsOptions.buckets().forEach((str, gcsNamedBucketOptions) -> {
            arrayList.addAll(validateGcsBucket(gcsNamedBucketOptions, (String) gcsNamedBucketOptions.name().orElse(str)));
        });
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateAdlsOptions(AdlsOptions adlsOptions) {
        ArrayList arrayList = new ArrayList();
        Optional map = adlsOptions.defaultOptions().map(adlsFileSystemOptions -> {
            return validateAdlsFileSystem(adlsFileSystemOptions, "<default>");
        });
        Objects.requireNonNull(arrayList);
        map.ifPresent(arrayList::addAll);
        adlsOptions.fileSystems().forEach((str, adlsNamedFileSystemOptions) -> {
            arrayList.addAll(validateAdlsFileSystem(adlsNamedFileSystemOptions, (String) adlsNamedFileSystemOptions.name().orElse(str)));
        });
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateS3Bucket(S3BucketOptions s3BucketOptions, String str) {
        ArrayList arrayList = new ArrayList();
        Optional<SecretValidationFailure> validateSecret = validateSecret(s3BucketOptions.accessKey(), SecretType.BASIC, List.of("s3", str, "accessKey"));
        Objects.requireNonNull(arrayList);
        validateSecret.ifPresent((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    public Collection<SecretValidationFailure> validateGcsBucket(GcsBucketOptions gcsBucketOptions, String str) {
        ArrayList arrayList = new ArrayList();
        Optional<SecretValidationFailure> validateSecret = validateSecret(gcsBucketOptions.authCredentialsJson(), SecretType.KEY, List.of("gcs", str, "authCredentialsJson"));
        Objects.requireNonNull(arrayList);
        validateSecret.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional<SecretValidationFailure> validateSecret2 = validateSecret(gcsBucketOptions.oauth2Token(), SecretType.EXPIRING_TOKEN, List.of("gcs", str, "oauth2Token"));
        Objects.requireNonNull(arrayList);
        validateSecret2.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional<SecretValidationFailure> validateSecret3 = validateSecret(gcsBucketOptions.decryptionKey(), SecretType.KEY, List.of("gcs", str, "decryptionKey"));
        Objects.requireNonNull(arrayList);
        validateSecret3.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional<SecretValidationFailure> validateSecret4 = validateSecret(gcsBucketOptions.encryptionKey(), SecretType.KEY, List.of("gcs", str, "encryptionKey"));
        Objects.requireNonNull(arrayList);
        validateSecret4.ifPresent((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    private Collection<SecretValidationFailure> validateAdlsFileSystem(AdlsFileSystemOptions adlsFileSystemOptions, String str) {
        ArrayList arrayList = new ArrayList();
        Optional<SecretValidationFailure> validateSecret = validateSecret(adlsFileSystemOptions.account(), SecretType.BASIC, List.of("adls", str, "account"));
        Objects.requireNonNull(arrayList);
        validateSecret.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional<SecretValidationFailure> validateSecret2 = validateSecret(adlsFileSystemOptions.sasToken(), SecretType.KEY, List.of("adls", str, "sasToken"));
        Objects.requireNonNull(arrayList);
        validateSecret2.ifPresent((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    private Optional<SecretValidationFailure> validateSecret(Optional<URI> optional, SecretType secretType, List<String> list) {
        Class cls;
        if (optional.isEmpty()) {
            return Optional.empty();
        }
        switch (AnonymousClass1.$SwitchMap$org$projectnessie$catalog$secrets$SecretType[secretType.ordinal()]) {
            case 1:
                cls = BasicCredentials.class;
                break;
            case 2:
                cls = KeySecret.class;
                break;
            case 3:
                cls = TokenSecret.class;
                break;
            default:
                throw new IllegalArgumentException("Invalid secret type: " + String.valueOf(secretType));
        }
        try {
            return secretsProvider().getSecret(optional.get(), secretType, cls).isPresent() ? Optional.empty() : Optional.of(ImmutableSecretValidationFailure.of(list, optional.get(), FailureCategory.NOT_FOUND, (Optional<Throwable>) Optional.empty(), "secret does not exist"));
        } catch (Exception e) {
            return Optional.of(ImmutableSecretValidationFailure.of(list, optional.get(), FailureCategory.TECHNICAL_ERROR, (Optional<Throwable>) Optional.of(e), e.toString()));
        }
    }
}
