package com.netflix.spinnaker.kork.artifacts.artifactstore.s3;

import com.netflix.spinnaker.kork.artifacts.ArtifactTypes;
import com.netflix.spinnaker.kork.artifacts.artifactstore.ArtifactReferenceURI;
import com.netflix.spinnaker.kork.artifacts.artifactstore.ArtifactStoreStorer;
import com.netflix.spinnaker.kork.artifacts.artifactstore.ArtifactStoreURIBuilder;
import com.netflix.spinnaker.kork.artifacts.model.Artifact;
import com.netflix.spinnaker.kork.exceptions.SpinnakerException;
import com.netflix.spinnaker.security.AuthenticatedRequest;
import java.util.Base64;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.HeadObjectRequest;
import software.amazon.awssdk.services.s3.model.NoSuchKeyException;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.services.s3.model.Tag;
import software.amazon.awssdk.services.s3.model.Tagging;

/* loaded from: input_file:com/netflix/spinnaker/kork/artifacts/artifactstore/s3/S3ArtifactStoreStorer.class */
public class S3ArtifactStoreStorer implements ArtifactStoreStorer {
    private static final Logger log = LogManager.getLogger(S3ArtifactStoreStorer.class);
    private final S3Client s3Client;
    private final String bucket;
    private final ArtifactStoreURIBuilder uriBuilder;
    private final Pattern applicationsPattern;

    public S3ArtifactStoreStorer(S3Client s3Client, String str, ArtifactStoreURIBuilder artifactStoreURIBuilder, String str2) {
        this.s3Client = s3Client;
        this.bucket = str;
        this.uriBuilder = artifactStoreURIBuilder;
        this.applicationsPattern = str2 != null ? Pattern.compile(str2, 2) : null;
    }

    @Override // com.netflix.spinnaker.kork.artifacts.artifactstore.ArtifactStoreStorer
    public Artifact store(Artifact artifact) {
        String str = (String) AuthenticatedRequest.getSpinnakerApplication().orElse(null);
        if (str == null) {
            log.warn("failed to retrieve application from request artifact={}", artifact.getName());
            return artifact;
        }
        if (this.applicationsPattern != null && !this.applicationsPattern.matcher(str).matches()) {
            return artifact;
        }
        try {
            byte[] referenceAsBytes = getReferenceAsBytes(artifact);
            ArtifactReferenceURI buildArtifactURI = this.uriBuilder.buildArtifactURI(str, artifact);
            Artifact build = artifact.toBuilder().type(ArtifactTypes.REMOTE_BASE64.getMimeType()).reference(buildArtifactURI.uri()).build();
            if (objectExists(buildArtifactURI)) {
                return build;
            }
            this.s3Client.putObject((PutObjectRequest) PutObjectRequest.builder().bucket(this.bucket).key(buildArtifactURI.paths()).tagging((Tagging) Tagging.builder().tagSet(new Tag[]{(Tag) Tag.builder().key(S3ArtifactStore.ENFORCE_PERMS_KEY).value(str).build()}).build()).build(), RequestBody.fromBytes(referenceAsBytes));
            return build;
        } catch (IllegalArgumentException e) {
            log.warn("Artifact cannot be stored due to reference not being base64 encoded");
            return artifact;
        }
    }

    private byte[] getReferenceAsBytes(Artifact artifact) {
        String reference = artifact.getReference();
        if (reference == null) {
            throw new IllegalArgumentException("reference cannot be null");
        }
        String type = artifact.getType();
        return (type == null || !type.endsWith("/base64")) ? reference.getBytes() : Base64.getDecoder().decode(reference);
    }

    private boolean objectExists(ArtifactReferenceURI artifactReferenceURI) {
        try {
            this.s3Client.headObject((HeadObjectRequest) HeadObjectRequest.builder().bucket(this.bucket).key(artifactReferenceURI.paths()).build());
            log.debug("Artifact exists. No need to store. reference={}", artifactReferenceURI.uri());
            return true;
        } catch (S3Exception e) {
            int statusCode = e.statusCode();
            log.error("Artifact store failed head object request statusCode={} reference={}", Integer.valueOf(statusCode), artifactReferenceURI.uri());
            if (statusCode != 0) {
                throw new SpinnakerException(buildHeadObjectExceptionMessage(e), e);
            }
            throw new SpinnakerException("S3 head object failed", e);
        } catch (NoSuchKeyException e2) {
            log.info("Artifact does not exist reference={}", artifactReferenceURI.uri());
            return false;
        }
    }

    private static String buildHeadObjectExceptionMessage(S3Exception s3Exception) {
        switch (s3Exception.statusCode()) {
            case 400:
                return "Failed to query artifact due to invalid request";
            case 403:
                return "Failed to query artifact due to IAM permissions either on the bucket or object";
            default:
                return String.format("Failed to query artifact: %d", Integer.valueOf(s3Exception.statusCode()));
        }
    }
}
