package com.netflix.kayenta.aws.config;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.netflix.kayenta.aws.config.AwsManagedAccount;
import com.netflix.kayenta.aws.security.AwsCredentials;
import com.netflix.kayenta.aws.security.AwsNamedAccountCredentials;
import com.netflix.kayenta.security.AccountCredentials;
import com.netflix.kayenta.security.AccountCredentialsRepository;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@Configuration
@ConditionalOnProperty({"kayenta.aws.enabled"})
@ComponentScan({"com.netflix.kayenta.aws"})
/* loaded from: input_file:com/netflix/kayenta/aws/config/AwsConfiguration.class */
public class AwsConfiguration {
    private static final Logger log = LoggerFactory.getLogger(AwsConfiguration.class);

    @ConfigurationProperties("kayenta.aws")
    @Bean
    AwsConfigurationProperties awsConfigurationProperties() {
        return new AwsConfigurationProperties();
    }

    @Bean
    boolean registerAwsCredentials(AwsConfigurationProperties awsConfigurationProperties, AccountCredentialsRepository accountCredentialsRepository) throws IOException {
        for (AwsManagedAccount awsManagedAccount : awsConfigurationProperties.getAccounts()) {
            String name = awsManagedAccount.getName();
            List<AccountCredentials.Type> supportedTypes = awsManagedAccount.getSupportedTypes();
            log.info("Registering AWS account {} with supported types {}.", name, supportedTypes);
            ClientConfiguration clientConfiguration = new ClientConfiguration();
            if (awsManagedAccount.getProxyProtocol() != null) {
                if (awsManagedAccount.getProxyProtocol().equalsIgnoreCase("HTTPS")) {
                    clientConfiguration.setProtocol(Protocol.HTTPS);
                } else {
                    clientConfiguration.setProtocol(Protocol.HTTP);
                }
                Optional ofNullable = Optional.ofNullable(awsManagedAccount.getProxyHost());
                Objects.requireNonNull(clientConfiguration);
                ofNullable.ifPresent(clientConfiguration::setProxyHost);
                Optional map = Optional.ofNullable(awsManagedAccount.getProxyPort()).map(Integer::parseInt);
                Objects.requireNonNull(clientConfiguration);
                map.ifPresent((v1) -> {
                    r1.setProxyPort(v1);
                });
            }
            AmazonS3ClientBuilder standard = AmazonS3ClientBuilder.standard();
            String profileName = awsManagedAccount.getProfileName();
            if (!StringUtils.isEmpty(profileName)) {
                standard.withCredentials(new ProfileCredentialsProvider(profileName));
            }
            AwsManagedAccount.ExplicitAwsCredentials explicitCredentials = awsManagedAccount.getExplicitCredentials();
            if (explicitCredentials != null) {
                String sessionToken = explicitCredentials.getSessionToken();
                standard.withCredentials(new AWSStaticCredentialsProvider(sessionToken == null ? new BasicAWSCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey()) : new BasicSessionCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey(), sessionToken)));
            }
            String endpoint = awsManagedAccount.getEndpoint();
            if (StringUtils.isEmpty(endpoint)) {
                Optional ofNullable2 = Optional.ofNullable(awsManagedAccount.getRegion());
                Objects.requireNonNull(standard);
                ofNullable2.ifPresent(standard::setRegion);
            } else {
                standard.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(endpoint, (String) null));
                standard.setPathStyleAccessEnabled(true);
            }
            AmazonS3 amazonS3 = (AmazonS3) standard.build();
            try {
                AwsNamedAccountCredentials.AwsNamedAccountCredentialsBuilder credentials = ((AwsNamedAccountCredentials.AwsNamedAccountCredentialsBuilder) AwsNamedAccountCredentials.builder().name(name)).credentials(new AwsCredentials());
                if (!CollectionUtils.isEmpty(supportedTypes)) {
                    if (supportedTypes.contains(AccountCredentials.Type.OBJECT_STORE)) {
                        String bucket = awsManagedAccount.getBucket();
                        String rootFolder = awsManagedAccount.getRootFolder();
                        if (StringUtils.isEmpty(bucket)) {
                            throw new IllegalArgumentException("AWS/S3 account " + name + " is required to specify a bucket.");
                        }
                        if (StringUtils.isEmpty(rootFolder)) {
                            throw new IllegalArgumentException("AWS/S3 account " + name + " is required to specify a rootFolder.");
                        }
                        credentials.bucket(bucket);
                        credentials.region(awsManagedAccount.getRegion());
                        credentials.rootFolder(rootFolder);
                        credentials.amazonS3(amazonS3);
                    }
                    credentials.supportedTypes(supportedTypes);
                }
                accountCredentialsRepository.save(name, credentials.mo3build());
            } catch (Throwable th) {
                log.error("Could not load AWS account " + name + ".", th);
            }
        }
        return true;
    }
}
