package org.apache.nifi.processors.aws.s3.encryption;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.UploadPartRequest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processors.aws.s3.AbstractS3Processor;
import org.apache.nifi.processors.aws.s3.AmazonS3EncryptionService;
import org.apache.nifi.processors.aws.s3.PutS3Object;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@CapabilityDescription("Adds configurable encryption to S3 Put and S3 Fetch operations.")
@Tags({"service", "aws", "s3", "encryption", "encrypt", "decryption", "decrypt", "key"})
/* loaded from: input_file:org/apache/nifi/processors/aws/s3/encryption/StandardS3EncryptionService.class */
public class StandardS3EncryptionService extends AbstractControllerService implements AmazonS3EncryptionService {
    private static final Logger logger = LoggerFactory.getLogger(StandardS3EncryptionService.class);
    private static final Map<String, S3EncryptionStrategy> NAMED_STRATEGIES = new HashMap<String, S3EncryptionStrategy>() { // from class: org.apache.nifi.processors.aws.s3.encryption.StandardS3EncryptionService.1
        {
            put("NONE", new NoOpEncryptionStrategy());
            put("SSE_S3", new ServerSideS3EncryptionStrategy());
            put("SSE_KMS", new ServerSideKMSEncryptionStrategy());
            put("SSE_C", new ServerSideCEncryptionStrategy());
            put("CSE_KMS", new ClientSideKMSEncryptionStrategy());
            put("CSE_C", new ClientSideCEncryptionStrategy());
        }
    };
    private static final AllowableValue NONE = new AllowableValue("NONE", PutS3Object.NO_SERVER_SIDE_ENCRYPTION, "No encryption.");
    private static final AllowableValue SSE_S3 = new AllowableValue("SSE_S3", "Server-side S3", "Use server-side, S3-managed encryption.");
    private static final AllowableValue SSE_KMS = new AllowableValue("SSE_KMS", "Server-side KMS", "Use server-side, KMS key to perform encryption.");
    private static final AllowableValue SSE_C = new AllowableValue("SSE_C", "Server-side Customer Key", "Use server-side, customer-supplied key to perform encryption.");
    private static final AllowableValue CSE_KMS = new AllowableValue("CSE_KMS", "Client-side KMS", "Use client-side, KMS key to perform encryption.");
    private static final AllowableValue CSE_C = new AllowableValue("CSE_C", "Client-side Customer Key", "Use client-side, customer-supplied key to perform encryption.");
    public static final Map<String, AllowableValue> ENCRYPTION_STRATEGY_ALLOWABLE_VALUES = new HashMap<String, AllowableValue>() { // from class: org.apache.nifi.processors.aws.s3.encryption.StandardS3EncryptionService.2
        {
            put("NONE", StandardS3EncryptionService.NONE);
            put("SSE_S3", StandardS3EncryptionService.SSE_S3);
            put("SSE_KMS", StandardS3EncryptionService.SSE_KMS);
            put("SSE_C", StandardS3EncryptionService.SSE_C);
            put("CSE_KMS", StandardS3EncryptionService.CSE_KMS);
            put("CSE_C", StandardS3EncryptionService.CSE_C);
        }
    };
    public static final PropertyDescriptor ENCRYPTION_STRATEGY = new PropertyDescriptor.Builder().name("encryption-strategy").displayName("Encryption Strategy").description("Strategy to use for S3 data encryption and decryption.").allowableValues(new AllowableValue[]{NONE, SSE_S3, SSE_KMS, SSE_C, CSE_KMS, CSE_C}).required(true).defaultValue(NONE.getValue()).build();
    public static final PropertyDescriptor ENCRYPTION_VALUE = new PropertyDescriptor.Builder().name("key-id-or-key-material").displayName("Key ID or Key Material").description("For None and Server-side S3: not used. For Server-side KMS and Client-side KMS: the KMS Key ID must be configured. For Server-side Customer Key and Client-side Customer Key: the Key Material must be specified in Base64 encoded form. In case of Server-side Customer Key, the key must be an AES-256 key. In case of Client-side Customer Key, it can be an AES-256, AES-192 or AES-128 key.").required(false).sensitive(true).addValidator((str, str2, validationContext) -> {
        return new ValidationResult.Builder().valid(true).build();
    }).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    public static final PropertyDescriptor KMS_REGION = new PropertyDescriptor.Builder().name("kms-region").displayName("KMS Region").description("The Region of the AWS Key Management Service. Only used in case of Client-side KMS.").required(false).allowableValues(AbstractS3Processor.getAvailableRegions()).defaultValue(AbstractS3Processor.createAllowableValue(Regions.DEFAULT_REGION).getValue()).build();
    private String keyValue = "";
    private String kmsRegion = "";
    private S3EncryptionStrategy encryptionStrategy = new NoOpEncryptionStrategy();
    private String strategyName = "NONE";

    @OnEnabled
    public void onConfigured(ConfigurationContext configurationContext) throws InitializationException {
        String value = configurationContext.getProperty(ENCRYPTION_STRATEGY).getValue();
        String value2 = configurationContext.getProperty(ENCRYPTION_VALUE).evaluateAttributeExpressions().getValue();
        S3EncryptionStrategy s3EncryptionStrategy = NAMED_STRATEGIES.get(value);
        String str = null;
        if (configurationContext.getProperty(KMS_REGION) != null) {
            str = configurationContext.getProperty(KMS_REGION).getValue();
        }
        if (s3EncryptionStrategy == null) {
            String str2 = "No encryption strategy found for name: " + this.strategyName;
            logger.warn(str2);
            throw new InitializationException(str2);
        }
        this.strategyName = value;
        this.encryptionStrategy = s3EncryptionStrategy;
        this.keyValue = value2;
        this.kmsRegion = str;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        String value = validationContext.getProperty(ENCRYPTION_STRATEGY).getValue();
        String displayName = ENCRYPTION_STRATEGY_ALLOWABLE_VALUES.get(value).getDisplayName();
        PropertyValue property = validationContext.getProperty(ENCRYPTION_VALUE);
        String value2 = property.evaluateAttributeExpressions().getValue();
        boolean z = -1;
        switch (value.hashCode()) {
            case -1839946022:
                if (value.equals("SSE_S3")) {
                    z = true;
                    break;
                }
                break;
            case -1203758633:
                if (value.equals("SSE_KMS")) {
                    z = 2;
                    break;
                }
                break;
            case 2402104:
                if (value.equals("NONE")) {
                    z = false;
                    break;
                }
                break;
            case 64417881:
                if (value.equals("CSE_C")) {
                    z = 5;
                    break;
                }
                break;
            case 79194217:
                if (value.equals("SSE_C")) {
                    z = 4;
                    break;
                }
                break;
            case 1776051655:
                if (value.equals("CSE_KMS")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
                if (property.isSet()) {
                    arrayList.add(new ValidationResult.Builder().subject(ENCRYPTION_VALUE.getDisplayName()).valid(false).explanation("the property cannot be specified for encryption strategy " + displayName).build());
                    break;
                }
                break;
            case true:
            case true:
                if (StringUtils.isEmpty(value2)) {
                    arrayList.add(new ValidationResult.Builder().subject(ENCRYPTION_VALUE.getDisplayName()).valid(false).explanation("a non-empty Key ID must be specified for encryption strategy " + displayName).build());
                    break;
                }
                break;
            case true:
            case true:
                if (!StringUtils.isEmpty(value2)) {
                    arrayList.add(NAMED_STRATEGIES.get(value).validateKey(validationContext.getProperty(ENCRYPTION_VALUE).evaluateAttributeExpressions().getValue()));
                    break;
                } else {
                    arrayList.add(new ValidationResult.Builder().subject(ENCRYPTION_VALUE.getDisplayName()).valid(false).explanation("a non-empty Key Material must be specified for encryption strategy " + displayName).build());
                    break;
                }
        }
        return arrayList;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(ENCRYPTION_STRATEGY);
        arrayList.add(ENCRYPTION_VALUE);
        arrayList.add(KMS_REGION);
        return Collections.unmodifiableList(arrayList);
    }

    public void configurePutObjectRequest(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        this.encryptionStrategy.configurePutObjectRequest(putObjectRequest, objectMetadata, this.keyValue);
    }

    public void configureInitiateMultipartUploadRequest(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ObjectMetadata objectMetadata) {
        this.encryptionStrategy.configureInitiateMultipartUploadRequest(initiateMultipartUploadRequest, objectMetadata, this.keyValue);
    }

    public void configureGetObjectRequest(GetObjectRequest getObjectRequest, ObjectMetadata objectMetadata) {
        this.encryptionStrategy.configureGetObjectRequest(getObjectRequest, objectMetadata, this.keyValue);
    }

    public void configureUploadPartRequest(UploadPartRequest uploadPartRequest, ObjectMetadata objectMetadata) {
        this.encryptionStrategy.configureUploadPartRequest(uploadPartRequest, objectMetadata, this.keyValue);
    }

    public AmazonS3Client createEncryptionClient(AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration) {
        return this.encryptionStrategy.createEncryptionClient(aWSCredentialsProvider, clientConfiguration, this.kmsRegion, this.keyValue);
    }

    public String getKmsRegion() {
        return this.kmsRegion;
    }

    public String getStrategyName() {
        return this.strategyName;
    }

    public String getStrategyDisplayName() {
        return ENCRYPTION_STRATEGY_ALLOWABLE_VALUES.get(this.strategyName).getDisplayName();
    }
}
