package net.snowflake.spark.snowflake.io;

import java.io.InputStream;
import java.net.URI;
import java.security.SecureRandom;
import java.sql.Connection;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.jdbc.MatDesc;
import net.snowflake.client.jdbc.SnowflakeConnectionV1;
import net.snowflake.client.jdbc.SnowflakeSQLException;
import net.snowflake.client.jdbc.cloud.storage.StageInfo;
import net.snowflake.client.jdbc.internal.amazonaws.ClientConfiguration;
import net.snowflake.client.jdbc.internal.amazonaws.auth.AWSStaticCredentialsProvider;
import net.snowflake.client.jdbc.internal.amazonaws.auth.BasicAWSCredentials;
import net.snowflake.client.jdbc.internal.amazonaws.auth.BasicSessionCredentials;
import net.snowflake.client.jdbc.internal.amazonaws.client.builder.AwsClientBuilder;
import net.snowflake.client.jdbc.internal.amazonaws.retry.PredefinedRetryPolicies;
import net.snowflake.client.jdbc.internal.amazonaws.retry.RetryPolicy;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.AmazonS3;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.AmazonS3Client;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.AmazonS3ClientBuilder;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.model.ObjectMetadata;
import net.snowflake.client.jdbc.internal.amazonaws.util.Base64;
import net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.JsonNode;
import net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.ObjectMapper;
import net.snowflake.client.jdbc.internal.microsoft.azure.storage.StorageCredentialsAnonymous;
import net.snowflake.client.jdbc.internal.microsoft.azure.storage.StorageCredentialsSharedAccessSignature;
import net.snowflake.client.jdbc.internal.microsoft.azure.storage.blob.CloudBlobClient;
import net.snowflake.spark.snowflake.DefaultJDBCWrapper;
import net.snowflake.spark.snowflake.DefaultJDBCWrapper$;
import net.snowflake.spark.snowflake.Parameters;
import net.snowflake.spark.snowflake.ProxyInfo;
import net.snowflake.spark.snowflake.SnowflakeConnectorFeatureNotSupportException;
import org.apache.spark.rdd.RDD;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Enumeration;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple4;
import scala.collection.LinearSeqOps;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.runtime.BoxedUnit;
import scala.util.Random$;
import scala.util.matching.Regex;

/* compiled from: CloudStorageOperations.scala */
/* loaded from: input_file:net/snowflake/spark/snowflake/io/CloudStorageOperations$.class */
public final class CloudStorageOperations$ {
    public static final CloudStorageOperations$ MODULE$ = new CloudStorageOperations$();
    private static final int DEFAULT_PARALLELISM = 10;
    private static final int S3_MAX_RETRIES = 6;
    private static final int S3_MAX_TIMEOUT_MS = 30000;
    private static final String AES = "AES";
    private static final String AMZ_KEY = "x-amz-key";
    private static final String AMZ_IV = "x-amz-iv";
    private static final String DATA_CIPHER = "AES/CBC/PKCS5Padding";
    private static final String KEY_CIPHER = "AES/ECB/PKCS5Padding";
    private static final String AMZ_MATDESC = "x-amz-matdesc";
    private static final String AZ_ENCRYPTIONDATA = "encryptiondata";
    private static final String AZ_IV = "ContentEncryptionIV";
    private static final String AZ_KEY_WRAP = "WrappedContentKey";
    private static final String AZ_KEY = "EncryptedKey";
    private static final String AZ_MATDESC = "matdesc";
    private static final Logger log = LoggerFactory.getLogger(MODULE$.getClass());

    public int DEFAULT_PARALLELISM() {
        return DEFAULT_PARALLELISM;
    }

    public int S3_MAX_RETRIES() {
        return S3_MAX_RETRIES;
    }

    public int S3_MAX_TIMEOUT_MS() {
        return S3_MAX_TIMEOUT_MS;
    }

    public String AES() {
        return AES;
    }

    public String AMZ_KEY() {
        return AMZ_KEY;
    }

    public String AMZ_IV() {
        return AMZ_IV;
    }

    public String DATA_CIPHER() {
        return DATA_CIPHER;
    }

    public String KEY_CIPHER() {
        return KEY_CIPHER;
    }

    public String AMZ_MATDESC() {
        return AMZ_MATDESC;
    }

    public String AZ_ENCRYPTIONDATA() {
        return AZ_ENCRYPTIONDATA;
    }

    public String AZ_IV() {
        return AZ_IV;
    }

    public String AZ_KEY_WRAP() {
        return AZ_KEY_WRAP;
    }

    public String AZ_KEY() {
        return AZ_KEY;
    }

    public String AZ_MATDESC() {
        return AZ_MATDESC;
    }

    public Logger log() {
        return log;
    }

    public final InputStream getDecryptedStream(InputStream inputStream, String str, Map<String, String> map, StageInfo.StageType stageType) {
        Tuple2<String, String> parseEncryptionData;
        byte[] decode = Base64.decode(str);
        if (StageInfo.StageType.S3.equals(stageType)) {
            parseEncryptionData = new Tuple2<>(map.get(AMZ_KEY()), map.get(AMZ_IV()));
        } else {
            if (!StageInfo.StageType.AZURE.equals(stageType)) {
                throw new UnsupportedOperationException(new StringBuilder(44).append("Only support s3 or azure stage. Stage Type: ").append(stageType).toString());
            }
            parseEncryptionData = parseEncryptionData(map.get(AZ_ENCRYPTIONDATA()));
        }
        Tuple2<String, String> tuple2 = parseEncryptionData;
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        Tuple2 tuple22 = new Tuple2((String) tuple2._1(), (String) tuple2._2());
        String str2 = (String) tuple22._1();
        String str3 = (String) tuple22._2();
        if (str2 == null || str3 == null) {
            throw new SnowflakeSQLException("XX000", Predef$.MODULE$.Integer2int(ErrorCode.INTERNAL_ERROR.getMessageCode()), new Object[]{"File metadata incomplete"});
        }
        byte[] decode2 = Base64.decode(str2);
        byte[] decode3 = Base64.decode(str3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(decode, 0, decode.length, AES());
        Cipher cipher = Cipher.getInstance(KEY_CIPHER());
        cipher.init(2, secretKeySpec);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(cipher.doFinal(decode2), 0, decode.length, AES());
        Cipher cipher2 = Cipher.getInstance(DATA_CIPHER());
        cipher2.init(2, secretKeySpec2, new IvParameterSpec(decode3));
        return new CipherInputStream(inputStream, cipher2);
    }

    public final Tuple2<String, String> parseEncryptionData(String str) {
        JsonNode readTree = new ObjectMapper().readTree(str);
        return new Tuple2<>(readTree.findValue(AZ_KEY_WRAP()).findValue(AZ_KEY()).asText(), readTree.findValue(AZ_IV()).asText());
    }

    public final Tuple2<Cipher, ObjectMetadata> getCipherAndS3Metadata(String str, String str2, String str3) {
        Tuple4<Cipher, String, String, String> cipherAndMetadata = getCipherAndMetadata(str, str2, str3);
        if (cipherAndMetadata == null) {
            throw new MatchError(cipherAndMetadata);
        }
        Tuple4 tuple4 = new Tuple4((Cipher) cipherAndMetadata._1(), (String) cipherAndMetadata._2(), (String) cipherAndMetadata._3(), (String) cipherAndMetadata._4());
        Cipher cipher = (Cipher) tuple4._1();
        String str4 = (String) tuple4._2();
        String str5 = (String) tuple4._3();
        String str6 = (String) tuple4._4();
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.addUserMetadata(AMZ_MATDESC(), str4);
        objectMetadata.addUserMetadata(AMZ_KEY(), str5);
        objectMetadata.addUserMetadata(AMZ_IV(), str6);
        return new Tuple2<>(cipher, objectMetadata);
    }

    public final Tuple2<Cipher, HashMap<String, String>> getCipherAndAZMetaData(String str, String str2, String str3) {
        Tuple4<Cipher, String, String, String> cipherAndMetadata = getCipherAndMetadata(str, str2, str3);
        if (cipherAndMetadata == null) {
            throw new MatchError(cipherAndMetadata);
        }
        Tuple4 tuple4 = new Tuple4((Cipher) cipherAndMetadata._1(), (String) cipherAndMetadata._2(), (String) cipherAndMetadata._3(), (String) cipherAndMetadata._4());
        Cipher cipher = (Cipher) tuple4._1();
        String str4 = (String) tuple4._2();
        String str5 = (String) tuple4._3();
        String str6 = (String) tuple4._4();
        HashMap hashMap = new HashMap();
        hashMap.put(AZ_MATDESC(), str4);
        hashMap.put(AZ_ENCRYPTIONDATA(), buildEncryptionMetadataJSON$1(str6, str5));
        return new Tuple2<>(cipher, hashMap);
    }

    public final Tuple4<Cipher, String, String, String> getCipherAndMetadata(String str, String str2, String str3) {
        byte[] decode = Base64.decode(str);
        int length = decode.length;
        byte[] bArr = new byte[length];
        Cipher cipher = Cipher.getInstance(DATA_CIPHER());
        byte[] bArr2 = new byte[cipher.getBlockSize()];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
        secureRandom.nextBytes(new byte[10]);
        secureRandom.nextBytes(bArr2);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        secureRandom.nextBytes(bArr);
        cipher.init(1, new SecretKeySpec(bArr, 0, length, AES()), ivParameterSpec);
        Cipher cipher2 = Cipher.getInstance(KEY_CIPHER());
        cipher2.init(1, new SecretKeySpec(decode, 0, length, AES()));
        return new Tuple4<>(cipher, new MatDesc(StringOps$.MODULE$.toLong$extension(Predef$.MODULE$.augmentString(str3)), str2, length * 8).toString(), Base64.encodeAsString(cipher2.doFinal(bArr)), Base64.encodeAsString(bArr2));
    }

    public CloudStorage createStorageClientFromStage(Parameters.MergedParameters mergedParameters, Connection connection, String str, Option<String> option, boolean z) {
        DefaultJDBCWrapper.DataBaseOperations DataBaseOperations = DefaultJDBCWrapper$.MODULE$.DataBaseOperations(connection);
        DataBaseOperations.createStage(str, DataBaseOperations.createStage$default$2(), DataBaseOperations.createStage$default$3(), DataBaseOperations.createStage$default$4(), DataBaseOperations.createStage$default$5(), DataBaseOperations.createStage$default$6(), z, DataBaseOperations.createStage$default$8());
        SFInternalStage sFInternalStage = new SFInternalStage(false, mergedParameters, str, (SnowflakeConnectionV1) connection, SFInternalStage$.MODULE$.$lessinit$greater$default$5());
        StageInfo.StageType stageType = sFInternalStage.stageType();
        if (StageInfo.StageType.S3.equals(stageType)) {
            return new InternalS3Storage(mergedParameters, str, connection, InternalS3Storage$.MODULE$.apply$default$4());
        }
        if (StageInfo.StageType.AZURE.equals(stageType)) {
            return new InternalAzureStorage(mergedParameters, str, connection);
        }
        if (StageInfo.StageType.GCS.equals(stageType)) {
            return new InternalGcsStorage(mergedParameters, str, connection, sFInternalStage);
        }
        throw new UnsupportedOperationException(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString(new StringBuilder(80).append("Only support s3, Azure or Gcs stage,\n             | stage types: ").append(sFInternalStage.stageType()).append("\n             |").toString())));
    }

    public Tuple2<CloudStorage, String> createStorageClient(Parameters.MergedParameters mergedParameters, Connection connection, boolean z, Option<String> option, String str) {
        Regex r$extension = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("wasbs?://([^@]+)@([^.]+)\\.([^/]+)/(.*)"));
        Regex r$extension2 = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("s3[an]://([^/]+)/(.*)"));
        Regex r$extension3 = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("gcs://([^/]+)/(.*)"));
        String str2 = (String) option.getOrElse(() -> {
            return new StringBuilder(23).append("spark_connector_").append(str).append("_stage_").append(Random$.MODULE$.alphanumeric().take(10).mkString("")).toString();
        });
        String rootTempDir = mergedParameters.rootTempDir();
        if (rootTempDir != null) {
            Option unapplySeq = r$extension.unapplySeq(rootTempDir);
            if (!unapplySeq.isEmpty() && unapplySeq.get() != null && ((List) unapplySeq.get()).lengthCompare(4) == 0) {
                String str3 = (String) ((LinearSeqOps) unapplySeq.get()).apply(0);
                String str4 = (String) ((LinearSeqOps) unapplySeq.get()).apply(1);
                String str5 = (String) ((LinearSeqOps) unapplySeq.get()).apply(2);
                String str6 = (String) ((LinearSeqOps) unapplySeq.get()).apply(3);
                Predef$.MODULE$.require(mergedParameters.azureSAS().isDefined(), () -> {
                    return "missing Azure SAS";
                });
                String str7 = (String) mergedParameters.azureSAS().get();
                DefaultJDBCWrapper$.MODULE$.executeQueryInterruptibly(connection, StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString(new StringBuilder(147).append("\n             |create or replace ").append((Object) (z ? "temporary" : "")).append(" stage ").append(str2).append("\n             |url = 'azure://").append(str4).append(".").append(str5).append("/").append(str3).append("/").append(str6).append("'\n             |credentials =\n             |(azure_sas_token='").append(str7).append("')\n         ").toString())));
                return new Tuple2<>(new ExternalAzureStorage(str3, str4, str5, str7, mergedParameters.proxyInfo(), mergedParameters.maxRetryCount(), mergedParameters.sfURL(), mergedParameters.useExponentialBackoff(), mergedParameters.expectedPartitionCount(), str6, connection), str2);
            }
        }
        if (rootTempDir != null) {
            Option unapplySeq2 = r$extension2.unapplySeq(rootTempDir);
            if (!unapplySeq2.isEmpty() && unapplySeq2.get() != null && ((List) unapplySeq2.get()).lengthCompare(2) == 0) {
                String str8 = (String) ((LinearSeqOps) unapplySeq2.get()).apply(0);
                String str9 = (String) ((LinearSeqOps) unapplySeq2.get()).apply(1);
                Predef$.MODULE$.require(mergedParameters.awsAccessKey().isDefined(), () -> {
                    return "missing aws access key";
                });
                Predef$.MODULE$.require(mergedParameters.awsSecretKey().isDefined(), () -> {
                    return "missing aws secret key";
                });
                DefaultJDBCWrapper$.MODULE$.executeQueryInterruptibly(connection, StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString(new StringBuilder(155).append("\n             |create or replace ").append((Object) (z ? "temporary" : "")).append(" stage ").append(str2).append("\n             |url = 's3://").append(str8).append("/").append(str9).append("'\n             |credentials =\n             |(aws_key_id='").append(mergedParameters.awsAccessKey().get()).append("' aws_secret_key='").append(mergedParameters.awsSecretKey().get()).append("')\n         ").toString())));
                return new Tuple2<>(new ExternalS3Storage(str8, (String) mergedParameters.awsAccessKey().get(), (String) mergedParameters.awsSecretKey().get(), mergedParameters.proxyInfo(), mergedParameters.maxRetryCount(), mergedParameters.sfURL(), mergedParameters.useExponentialBackoff(), mergedParameters.expectedPartitionCount(), ExternalS3Storage$.MODULE$.apply$default$9(), str9, connection, ExternalS3Storage$.MODULE$.apply$default$12(), None$.MODULE$, None$.MODULE$, None$.MODULE$), str2);
            }
        }
        if (rootTempDir != null) {
            Option unapplySeq3 = r$extension3.unapplySeq(rootTempDir);
            if (!unapplySeq3.isEmpty() && unapplySeq3.get() != null && ((List) unapplySeq3.get()).lengthCompare(2) == 0) {
                throw new SnowflakeConnectorFeatureNotSupportException(new StringBuilder(41).append("Doesn't support GCS external stage. url: ").append(mergedParameters.rootTempDir()).toString());
            }
        }
        return new Tuple2<>(createStorageClientFromStage(mergedParameters, connection, str2, None$.MODULE$, z), str2);
    }

    public Option<String> createStorageClientFromStage$default$4() {
        return None$.MODULE$;
    }

    public boolean createStorageClientFromStage$default$5() {
        return false;
    }

    public boolean createStorageClient$default$3() {
        return true;
    }

    public Option<String> createStorageClient$default$4() {
        return None$.MODULE$;
    }

    public String createStorageClient$default$5() {
        return "unload";
    }

    public List<String> saveToStorage(RDD<String> rdd, Enumeration.Value value, Option<String> option, boolean z, CloudStorage cloudStorage) {
        return cloudStorage.upload(rdd, value, option, z).map(fileUploadResult -> {
            return fileUploadResult.fileName();
        });
    }

    public Enumeration.Value saveToStorage$default$2() {
        return SupportedFormat$.MODULE$.CSV();
    }

    public Option<String> saveToStorage$default$3() {
        return None$.MODULE$;
    }

    public boolean saveToStorage$default$4() {
        return true;
    }

    public void deleteFiles(List<String> list, CloudStorage cloudStorage, Connection connection) {
        cloudStorage.deleteFiles(list);
    }

    public AmazonS3 createS3Client(String str, String str2, Option<String> option, int i, Option<ProxyInfo> option2, Option<String> option3, Option<String> option4, Option<String> option5) {
        BasicSessionCredentials basicAWSCredentials;
        if (option instanceof Some) {
            basicAWSCredentials = new BasicSessionCredentials(str, str2, (String) ((Some) option).value());
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            basicAWSCredentials = new BasicAWSCredentials(str, str2);
        }
        BasicSessionCredentials basicSessionCredentials = basicAWSCredentials;
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setMaxConnections(i);
        clientConfiguration.setMaxErrorRetry(S3_MAX_RETRIES());
        clientConfiguration.setRetryPolicy(new RetryPolicy(PredefinedRetryPolicies.DEFAULT_RETRY_CONDITION, PredefinedRetryPolicies.DEFAULT_BACKOFF_STRATEGY, S3_MAX_RETRIES(), true));
        clientConfiguration.setConnectionTimeout(S3_MAX_TIMEOUT_MS());
        if (option2 instanceof Some) {
            ((ProxyInfo) ((Some) option2).value()).setProxyForS3(clientConfiguration);
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!None$.MODULE$.equals(option2)) {
                throw new MatchError(option2);
            }
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        if (option3.isEmpty()) {
            return new AmazonS3Client(basicSessionCredentials, clientConfiguration);
        }
        AmazonS3ClientBuilder withClientConfiguration = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withClientConfiguration(clientConfiguration);
        if (option5.nonEmpty()) {
            withClientConfiguration.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration((String) option5.get(), (String) option4.get()));
        } else if (StringOps$.MODULE$.toBoolean$extension(Predef$.MODULE$.augmentString((String) option3.get()))) {
            withClientConfiguration.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(new StringBuilder(17).append("s3.").append(option4.get()).append(".amazonaws.com").toString(), (String) option4.get()));
        } else {
            withClientConfiguration.withRegion((String) option4.get());
        }
        return (AmazonS3) withClientConfiguration.build();
    }

    public final CloudBlobClient createAzureClient(String str, String str2, Option<String> option, Option<ProxyInfo> option2) {
        URI uri = new URI("https", new StringBuilder(2).append(str).append(".").append(str2).append("/").toString(), null, null);
        StorageCredentialsSharedAccessSignature storageCredentialsSharedAccessSignature = option.isDefined() ? new StorageCredentialsSharedAccessSignature((String) option.get()) : StorageCredentialsAnonymous.ANONYMOUS;
        if (option2 instanceof Some) {
            ((ProxyInfo) ((Some) option2).value()).setProxyForAzure();
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!None$.MODULE$.equals(option2)) {
                throw new MatchError(option2);
            }
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        return new CloudBlobClient(uri, storageCredentialsSharedAccessSignature);
    }

    public final Option<String> createAzureClient$default$3() {
        return None$.MODULE$;
    }

    private static final String buildEncryptionMetadataJSON$1(String str, String str2) {
        return StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString(new StringBuilder(349).append("\n         | {\"EncryptionMode\":\"FullBlob\",\n         | \"WrappedContentKey\":\n         | {\"KeyId\":\"symmKey1\",\"EncryptedKey\":\"").append(str2).append("\",\"Algorithm\":\"AES_CBC_256\"},\n         | \"EncryptionAgent\":{\"Protocol\":\"1.0\",\"EncryptionAlgorithm\":\"AES_CBC_256\"},\n         | \"ContentEncryptionIV\":\"").append(str).append("\",\n         | \"KeyWrappingMetadata\":{\"EncryptionLibrary\":\"Java 5.3.0\"}}\n       ").toString()));
    }

    private CloudStorageOperations$() {
    }
}
