package org.openmetadata.service.util;

import java.io.IOException;
import java.util.Set;
import javax.ws.rs.core.UriInfo;
import org.openmetadata.schema.api.configuration.pipelineServiceClient.PipelineServiceClientConfiguration;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.SSOAuthMechanism;
import org.openmetadata.schema.entity.Bot;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.security.secrets.SecretsManagerClientLoader;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.schema.security.ssl.ValidateSSLClientConfig;
import org.openmetadata.schema.security.ssl.VerifySSL;
import org.openmetadata.schema.services.connections.metadata.AuthProvider;
import org.openmetadata.schema.services.connections.metadata.OpenMetadataConnection;
import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.BotRepository;
import org.openmetadata.service.jdbi3.UserRepository;
import org.openmetadata.service.secrets.SecretsManagerFactory;
import org.openmetadata.service.util.EntityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/util/OpenMetadataConnectionBuilder.class */
public class OpenMetadataConnectionBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(OpenMetadataConnectionBuilder.class);
    AuthProvider authProvider;
    String bot;
    Object securityConfig;
    private final VerifySSL verifySSL;
    private final String openMetadataURL;
    private final String clusterName;
    private final SecretsManagerProvider secretsManagerProvider;
    private final SecretsManagerClientLoader secretsManagerLoader;
    private final Object openMetadataSSLConfig;
    BotRepository botRepository = (BotRepository) Entity.getEntityRepository(Entity.BOT);
    UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openmetadata.service.util.OpenMetadataConnectionBuilder$1, reason: invalid class name */
    /* loaded from: input_file:org/openmetadata/service/util/OpenMetadataConnectionBuilder$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType;
        static final /* synthetic */ int[] $SwitchMap$org$openmetadata$schema$security$ssl$VerifySSL = new int[VerifySSL.values().length];

        static {
            try {
                $SwitchMap$org$openmetadata$schema$security$ssl$VerifySSL[VerifySSL.NO_SSL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$security$ssl$VerifySSL[VerifySSL.IGNORE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$security$ssl$VerifySSL[VerifySSL.VALIDATE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType = new int[AuthenticationMechanism.AuthType.values().length];
            try {
                $SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType[AuthenticationMechanism.AuthType.SSO.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType[AuthenticationMechanism.AuthType.JWT.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public OpenMetadataConnectionBuilder(OpenMetadataApplicationConfig openMetadataApplicationConfig) {
        User retrieveBotUser = retrieveBotUser();
        this.securityConfig = extractSecurityConfig(retrieveBotUser);
        this.authProvider = extractAuthProvider(retrieveBotUser);
        PipelineServiceClientConfiguration pipelineServiceClientConfiguration = openMetadataApplicationConfig.getPipelineServiceClientConfiguration();
        this.openMetadataURL = pipelineServiceClientConfiguration.getMetadataApiEndpoint();
        this.verifySSL = pipelineServiceClientConfiguration.getVerifySSL();
        this.openMetadataSSLConfig = getOMSSLConfigFromPipelineServiceClient(pipelineServiceClientConfiguration.getVerifySSL(), pipelineServiceClientConfiguration.getSslConfig());
        this.clusterName = openMetadataApplicationConfig.getClusterName();
        this.secretsManagerLoader = pipelineServiceClientConfiguration.getSecretsManagerLoader();
        this.secretsManagerProvider = SecretsManagerFactory.getSecretsManager().getSecretsManagerProvider();
    }

    private AuthProvider extractAuthProvider(User user) {
        AuthenticationMechanism.AuthType authType = user.getAuthenticationMechanism().getAuthType();
        switch (AnonymousClass1.$SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType[authType.ordinal()]) {
            case 1:
                return AuthProvider.fromValue(((SSOAuthMechanism) JsonUtils.convertValue(user.getAuthenticationMechanism().getConfig(), SSOAuthMechanism.class)).getSsoServiceType().value());
            case 2:
                return AuthProvider.OPENMETADATA;
            default:
                throw new IllegalArgumentException(String.format("Not supported authentication mechanism type: [%s]", authType.value()));
        }
    }

    private Object extractSecurityConfig(User user) {
        AuthenticationMechanism authenticationMechanism = user.getAuthenticationMechanism();
        switch (AnonymousClass1.$SwitchMap$org$openmetadata$schema$entity$teams$AuthenticationMechanism$AuthType[user.getAuthenticationMechanism().getAuthType().ordinal()]) {
            case 1:
                return ((SSOAuthMechanism) JsonUtils.convertValue(authenticationMechanism.getConfig(), SSOAuthMechanism.class)).getAuthConfig();
            case 2:
                return new OpenMetadataJWTClientConfig().withJwtToken(((JWTAuthMechanism) JsonUtils.convertValue(authenticationMechanism.getConfig(), JWTAuthMechanism.class)).getJWTToken());
            default:
                throw new IllegalArgumentException(String.format("Not supported authentication mechanism type: [%s]", authenticationMechanism.getAuthType().value()));
        }
    }

    public OpenMetadataConnection build() {
        return new OpenMetadataConnection().withAuthProvider(this.authProvider).withHostPort(this.openMetadataURL).withSecurityConfig(this.securityConfig).withVerifySSL(this.verifySSL).withClusterName(this.clusterName).withSecretsManagerProvider(this.secretsManagerProvider).withSecretsManagerLoader(this.secretsManagerLoader).withSslConfig(this.openMetadataSSLConfig);
    }

    private User retrieveBotUser() {
        User retrieveIngestionBotUser = retrieveIngestionBotUser(Entity.INGESTION_BOT_NAME);
        if (retrieveIngestionBotUser == null) {
            throw new IllegalArgumentException("Please, verify that the ingestion-bot is present.");
        }
        return retrieveIngestionBotUser;
    }

    private User retrieveIngestionBotUser(String str) {
        try {
            Bot byName = this.botRepository.getByName(null, str, EntityUtil.Fields.EMPTY_FIELDS);
            if (byName.getBotUser() == null) {
                return null;
            }
            User byName2 = this.userRepository.getByName((UriInfo) null, byName.getBotUser().getFullyQualifiedName(), new EntityUtil.Fields(Set.of("authenticationMechanism")));
            if (byName2.getAuthenticationMechanism() != null) {
                byName2.getAuthenticationMechanism().setConfig(byName2.getAuthenticationMechanism().getConfig());
            }
            return byName2;
        } catch (IOException | EntityNotFoundException e) {
            LOG.debug((this.bot == null ? "Bot" : String.format("User for bot [%s]", str)) + " [{}] not found.", str);
            return null;
        }
    }

    protected Object getOMSSLConfigFromPipelineServiceClient(VerifySSL verifySSL, Object obj) {
        switch (AnonymousClass1.$SwitchMap$org$openmetadata$schema$security$ssl$VerifySSL[verifySSL.ordinal()]) {
            case 1:
            case 2:
                return null;
            case 3:
                return JsonUtils.convertValue(obj, ValidateSSLClientConfig.class);
            default:
                throw new IllegalArgumentException("OpenMetadata doesn't support SSL verification type " + verifySSL.value());
        }
    }
}
