package org.apache.nifi.services.azure.storage;

import java.util.List;
import java.util.Map;
import java.util.function.BiConsumer;
import java.util.function.Function;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.DescribedValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.migration.PropertyConfiguration;
import org.apache.nifi.processors.azure.AzureServiceEndpoints;
import org.apache.nifi.processors.azure.storage.utils.AzureStorageUtils;
import org.apache.nifi.services.azure.storage.ADLSCredentialsDetails;

@CapabilityDescription("Defines credentials for ADLS processors.")
@Tags({"azure", "microsoft", "cloud", "storage", "adls", "credentials"})
/* loaded from: input_file:org/apache/nifi/services/azure/storage/ADLSCredentialsControllerService.class */
public class ADLSCredentialsControllerService extends AbstractControllerService implements ADLSCredentialsService {
    public static final PropertyDescriptor ACCOUNT_NAME = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.ACCOUNT_NAME).description("The storage account name. There are certain risks in allowing the account name to be stored as a FlowFile attribute. While it does provide for a more flexible flow by allowing the account name to be fetched dynamically from a FlowFile attribute, care must be taken to restrict access to the event provenance data (e.g., by strictly controlling the policies governing provenance for this processor). In addition, the provenance repositories may be put on encrypted disk partitions.").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).build();
    public static final PropertyDescriptor ACCOUNT_KEY = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.ACCOUNT_KEY).description("The storage account key. This is an admin-like password providing access to every container in this account. It is recommended one uses Shared Access Signature (SAS) token, Managed Identity or Service Principal instead for fine-grained control with policies. There are certain risks in allowing the account key to be stored as a FlowFile attribute. While it does provide for a more flexible flow by allowing the account key to be fetched dynamically from a FlowFile attribute, care must be taken to restrict access to the event provenance data (e.g., by strictly controlling the policies governing provenance for this processor). In addition, the provenance repositories may be put on encrypted disk partitions.").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).build();
    public static final PropertyDescriptor SAS_TOKEN = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.SAS_TOKEN).description("Shared Access Signature token (the leading '?' may be included) There are certain risks in allowing the SAS token to be stored as a FlowFile attribute. While it does provide for a more flexible flow by allowing the SAS token to be fetched dynamically from a FlowFile attribute, care must be taken to restrict access to the event provenance data (e.g., by strictly controlling the policies governing provenance for this processor). In addition, the provenance repositories may be put on encrypted disk partitions.").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).build();
    public static final PropertyDescriptor ENDPOINT_SUFFIX = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.ENDPOINT_SUFFIX).defaultValue(AzureServiceEndpoints.DEFAULT_ADLS_ENDPOINT_SUFFIX).expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT).build();
    public static final PropertyDescriptor PROXY_CONFIGURATION_SERVICE = new PropertyDescriptor.Builder().fromPropertyDescriptor(AzureStorageUtils.PROXY_CONFIGURATION_SERVICE).dependsOn(AzureStorageUtils.CREDENTIALS_TYPE, AzureStorageCredentialsType.SERVICE_PRINCIPAL, new DescribedValue[]{AzureStorageCredentialsType.MANAGED_IDENTITY}).build();
    private static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS = List.of(ACCOUNT_NAME, ENDPOINT_SUFFIX, AzureStorageUtils.CREDENTIALS_TYPE, ACCOUNT_KEY, SAS_TOKEN, AzureStorageUtils.MANAGED_IDENTITY_CLIENT_ID, AzureStorageUtils.SERVICE_PRINCIPAL_TENANT_ID, AzureStorageUtils.SERVICE_PRINCIPAL_CLIENT_ID, AzureStorageUtils.SERVICE_PRINCIPAL_CLIENT_SECRET, PROXY_CONFIGURATION_SERVICE);
    private ConfigurationContext context;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTY_DESCRIPTORS;
    }

    public void migrateProperties(PropertyConfiguration propertyConfiguration) {
        if (propertyConfiguration.hasProperty(AzureStorageUtils.CREDENTIALS_TYPE)) {
            return;
        }
        if (propertyConfiguration.isPropertySet(ACCOUNT_KEY)) {
            propertyConfiguration.setProperty(AzureStorageUtils.CREDENTIALS_TYPE, AzureStorageCredentialsType.ACCOUNT_KEY.getValue());
        } else if (propertyConfiguration.isPropertySet(SAS_TOKEN)) {
            propertyConfiguration.setProperty(AzureStorageUtils.CREDENTIALS_TYPE, AzureStorageCredentialsType.SAS_TOKEN.getValue());
        } else if (propertyConfiguration.isPropertySet(AzureStorageUtils.SERVICE_PRINCIPAL_TENANT_ID)) {
            propertyConfiguration.setProperty(AzureStorageUtils.CREDENTIALS_TYPE, AzureStorageCredentialsType.SERVICE_PRINCIPAL.getValue());
        } else {
            propertyConfiguration.getPropertyValue("storage-use-managed-identity").ifPresent(str -> {
                if ("true".equals(str)) {
                    propertyConfiguration.setProperty(AzureStorageUtils.CREDENTIALS_TYPE, AzureStorageCredentialsType.MANAGED_IDENTITY.getValue());
                }
            });
        }
        propertyConfiguration.removeProperty("storage-use-managed-identity");
    }

    @OnEnabled
    public void onEnabled(ConfigurationContext configurationContext) {
        this.context = configurationContext;
    }

    public ADLSCredentialsDetails getCredentialsDetails(Map<String, String> map) {
        ADLSCredentialsDetails.Builder newBuilder = ADLSCredentialsDetails.Builder.newBuilder();
        setValue(newBuilder, ACCOUNT_NAME, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setAccountName(v1);
        }, map);
        setValue(newBuilder, ACCOUNT_KEY, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setAccountKey(v1);
        }, map);
        setValue(newBuilder, SAS_TOKEN, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setSasToken(v1);
        }, map);
        setValue(newBuilder, ENDPOINT_SUFFIX, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setEndpointSuffix(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.CREDENTIALS_TYPE, propertyValue -> {
            return Boolean.valueOf(propertyValue.asAllowableValue(AzureStorageCredentialsType.class) == AzureStorageCredentialsType.MANAGED_IDENTITY);
        }, (v0, v1) -> {
            v0.setUseManagedIdentity(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.MANAGED_IDENTITY_CLIENT_ID, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setManagedIdentityClientId(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.SERVICE_PRINCIPAL_TENANT_ID, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalTenantId(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.SERVICE_PRINCIPAL_CLIENT_ID, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalClientId(v1);
        }, map);
        setValue(newBuilder, AzureStorageUtils.SERVICE_PRINCIPAL_CLIENT_SECRET, (v0) -> {
            return v0.getValue();
        }, (v0, v1) -> {
            v0.setServicePrincipalClientSecret(v1);
        }, map);
        newBuilder.setProxyOptions(AzureStorageUtils.getProxyOptions(this.context));
        return newBuilder.build();
    }

    private <T> void setValue(ADLSCredentialsDetails.Builder builder, PropertyDescriptor propertyDescriptor, Function<PropertyValue, T> function, BiConsumer<ADLSCredentialsDetails.Builder, T> biConsumer, Map<String, String> map) {
        PropertyValue property = this.context.getProperty(propertyDescriptor);
        if (property.isSet()) {
            if (propertyDescriptor.isExpressionLanguageSupported()) {
                property = propertyDescriptor.getExpressionLanguageScope() == ExpressionLanguageScope.FLOWFILE_ATTRIBUTES ? property.evaluateAttributeExpressions(map) : property.evaluateAttributeExpressions();
            }
            biConsumer.accept(builder, function.apply(property));
        }
    }
}
