package org.apache.nifi.aws.schemaregistry;

import java.io.IOException;
import java.net.Proxy;
import java.net.URI;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.aws.schemaregistry.client.CachingSchemaRegistryClient;
import org.apache.nifi.aws.schemaregistry.client.GlueSchemaRegistryClient;
import org.apache.nifi.aws.schemaregistry.client.SchemaRegistryClient;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService;
import org.apache.nifi.proxy.ProxyConfiguration;
import org.apache.nifi.proxy.ProxySpec;
import org.apache.nifi.schema.access.SchemaField;
import org.apache.nifi.schema.access.SchemaNotFoundException;
import org.apache.nifi.schemaregistry.services.SchemaRegistry;
import org.apache.nifi.serialization.record.RecordSchema;
import org.apache.nifi.serialization.record.SchemaIdentifier;
import org.apache.nifi.ssl.SSLContextProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.glue.GlueClient;

@CapabilityDescription("Provides a Schema Registry that interacts with the AWS Glue Schema Registry so that those Schemas that are stored in the Glue Schema Registry can be used in NiFi. When a Schema is looked up by name by this registry, it will find a Schema in the Glue Schema Registry with their names.")
@Tags({"schema", "registry", "aws", "avro", "glue"})
/* loaded from: input_file:org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.class */
public class AmazonGlueSchemaRegistry extends AbstractControllerService implements SchemaRegistry {
    private static final Set<SchemaField> schemaFields = EnumSet.of(SchemaField.SCHEMA_NAME, SchemaField.SCHEMA_TEXT, SchemaField.SCHEMA_TEXT_FORMAT, SchemaField.SCHEMA_IDENTIFIER, SchemaField.SCHEMA_VERSION);
    static final PropertyDescriptor SCHEMA_REGISTRY_NAME = new PropertyDescriptor.Builder().name("schema-registry-name").displayName("Schema Registry Name").description("The name of the Schema Registry").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).required(true).build();
    public static final PropertyDescriptor REGION = new PropertyDescriptor.Builder().name("region").displayName("Region").description("The region of the cloud resources").required(true).allowableValues(getAvailableRegions()).defaultValue(createAllowableValue(Region.US_WEST_2).getValue()).build();
    static final PropertyDescriptor CACHE_SIZE = new PropertyDescriptor.Builder().name("cache-size").displayName("Cache Size").description("Specifies how many Schemas should be cached from the Schema Registry").addValidator(StandardValidators.NON_NEGATIVE_INTEGER_VALIDATOR).defaultValue("1000").required(true).build();
    static final PropertyDescriptor CACHE_EXPIRATION = new PropertyDescriptor.Builder().name("cache-expiration").displayName("Cache Expiration").description("Specifies how long a Schema that is cached should remain in the cache. Once this time period elapses, a cached version of a schema will no longer be used, and the service will have to communicate with the Schema Registry again in order to obtain the schema.").addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).defaultValue("1 hour").required(true).build();
    static final PropertyDescriptor COMMUNICATIONS_TIMEOUT = new PropertyDescriptor.Builder().name("communications-timeout").displayName("Communications Timeout").description("Specifies how long to wait to receive data from the Schema Registry before considering the communications a failure").addValidator(StandardValidators.TIME_PERIOD_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.NONE).defaultValue("30 secs").required(true).build();
    public static final PropertyDescriptor AWS_CREDENTIALS_PROVIDER_SERVICE = new PropertyDescriptor.Builder().name("aws-credentials-provider-service").displayName("AWS Credentials Provider Service").description("The Controller Service that is used to obtain AWS credentials provider").required(false).identifiesControllerService(AWSCredentialsProviderService.class).build();
    public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder().name("ssl-context-service").displayName("SSL Context Service").description("Specifies an optional SSL Context Service that, if provided, will be used to create connections").required(false).identifiesControllerService(SSLContextProvider.class).build();
    private static final ProxySpec[] PROXY_SPECS = {ProxySpec.HTTP_AUTH};
    private static final PropertyDescriptor PROXY_CONFIGURATION_SERVICE = ProxyConfiguration.createProxyConfigPropertyDescriptor(PROXY_SPECS);
    private static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS = List.of(SCHEMA_REGISTRY_NAME, REGION, COMMUNICATIONS_TIMEOUT, CACHE_SIZE, CACHE_EXPIRATION, AWS_CREDENTIALS_PROVIDER_SERVICE, PROXY_CONFIGURATION_SERVICE, SSL_CONTEXT_SERVICE);
    private volatile SchemaRegistryClient client;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTY_DESCRIPTORS;
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) {
        AwsCredentialsProvider awsCredentialsProvider = configurationContext.getProperty(AWS_CREDENTIALS_PROVIDER_SERVICE).asControllerService(AWSCredentialsProviderService.class).getAwsCredentialsProvider();
        String value = configurationContext.getProperty(SCHEMA_REGISTRY_NAME).getValue();
        String value2 = configurationContext.getProperty(REGION).getValue();
        this.client = new CachingSchemaRegistryClient(new GlueSchemaRegistryClient((GlueClient) GlueClient.builder().credentialsProvider(awsCredentialsProvider).httpClient(createSdkHttpClient(configurationContext)).region(Region.of(value2)).build(), value), configurationContext.getProperty(CACHE_SIZE).asInteger().intValue(), configurationContext.getProperty(CACHE_EXPIRATION).asTimePeriod(TimeUnit.NANOSECONDS).longValue());
    }

    public RecordSchema retrieveSchema(SchemaIdentifier schemaIdentifier) throws IOException, SchemaNotFoundException {
        String str = (String) schemaIdentifier.getName().orElseThrow(() -> {
            return new SchemaNotFoundException("Cannot retrieve schema because Schema Name is not present");
        });
        return schemaIdentifier.getVersion().isPresent() ? this.client.getSchema(str, r0.getAsInt()) : this.client.getSchema(str);
    }

    public Set<SchemaField> getSuppliedSchemaFields() {
        return schemaFields;
    }

    private static AllowableValue createAllowableValue(Region region) {
        return new AllowableValue(region.id(), region.metadata() != null ? region.metadata().description() : region.id(), "AWS Region Code : " + region.id());
    }

    private static AllowableValue[] getAvailableRegions() {
        ArrayList arrayList = new ArrayList();
        Iterator it = Region.regions().iterator();
        while (it.hasNext()) {
            arrayList.add(createAllowableValue((Region) it.next()));
        }
        arrayList.sort(Comparator.comparing((v0) -> {
            return v0.getDisplayName();
        }));
        return (AllowableValue[]) arrayList.toArray(new AllowableValue[0]);
    }

    private SdkHttpClient createSdkHttpClient(ConfigurationContext configurationContext) {
        SSLContextProvider asControllerService;
        ApacheHttpClient.Builder builder = ApacheHttpClient.builder();
        int intValue = configurationContext.getProperty(COMMUNICATIONS_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
        builder.connectionTimeout(Duration.ofMillis(intValue));
        builder.socketTimeout(Duration.ofMillis(intValue));
        if (getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE) && (asControllerService = configurationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextProvider.class)) != null) {
            TrustManager[] trustManagerArr = {asControllerService.createTrustManager()};
            builder.tlsTrustManagersProvider(() -> {
                return trustManagerArr;
            });
            Optional createKeyManager = asControllerService.createKeyManager();
            if (createKeyManager.isPresent()) {
                KeyManager[] keyManagerArr = {(X509ExtendedKeyManager) createKeyManager.get()};
                builder.tlsKeyManagersProvider(() -> {
                    return keyManagerArr;
                });
            }
        }
        ProxyConfiguration configuration = ProxyConfiguration.getConfiguration(configurationContext);
        if (Proxy.Type.HTTP.equals(configuration.getProxyType())) {
            ProxyConfiguration.Builder endpoint = software.amazon.awssdk.http.apache.ProxyConfiguration.builder().endpoint(URI.create(String.format("http://%s:%s", configuration.getProxyServerHost(), configuration.getProxyServerPort())));
            if (configuration.hasCredential()) {
                endpoint.username(configuration.getProxyUserName());
                endpoint.password(configuration.getProxyUserPassword());
            }
            builder.proxyConfiguration((software.amazon.awssdk.http.apache.ProxyConfiguration) endpoint.build());
        }
        return builder.build();
    }
}
