package org.projectnessie.catalog.files.gcs;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.gax.retrying.RetrySettings;
import com.google.auth.Credentials;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.auth.oauth2.UserCredentials;
import com.google.cloud.NoCredentials;
import com.google.cloud.http.HttpTransportOptions;
import com.google.cloud.storage.HttpStorageOptions;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalDouble;
import java.util.OptionalInt;
import java.util.function.Function;
import java.util.function.Supplier;
import org.projectnessie.catalog.files.config.GcsBucketOptions;
import org.projectnessie.catalog.files.config.GcsConfig;
import org.projectnessie.catalog.secrets.KeySecret;
import org.projectnessie.catalog.secrets.SecretType;
import org.projectnessie.catalog.secrets.SecretsProvider;
import org.projectnessie.catalog.secrets.TokenSecret;
import org.threeten.bp.Duration;

/* loaded from: input_file:org/projectnessie/catalog/files/gcs/GcsClients.class */
public final class GcsClients {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.projectnessie.catalog.files.gcs.GcsClients$1, reason: invalid class name */
    /* loaded from: input_file:org/projectnessie/catalog/files/gcs/GcsClients$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType = new int[GcsBucketOptions.GcsAuthType.values().length];

        static {
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[GcsBucketOptions.GcsAuthType.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[GcsBucketOptions.GcsAuthType.USER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[GcsBucketOptions.GcsAuthType.SERVICE_ACCOUNT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[GcsBucketOptions.GcsAuthType.ACCESS_TOKEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[GcsBucketOptions.GcsAuthType.APPLICATION_DEFAULT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/projectnessie/catalog/files/gcs/GcsClients$SharedHttpTransportFactory.class */
    static final class SharedHttpTransportFactory implements HttpTransportFactory {
        private final Supplier<HttpTransport> delegate;
        private volatile HttpTransport httpTransport;

        SharedHttpTransportFactory(Supplier<HttpTransport> supplier) {
            this.delegate = supplier;
        }

        public HttpTransport create() {
            if (this.httpTransport == null) {
                synchronized (this) {
                    if (this.httpTransport == null) {
                        this.httpTransport = this.delegate.get();
                    }
                }
            }
            return this.httpTransport;
        }
    }

    private GcsClients() {
    }

    public static Storage buildStorage(GcsConfig gcsConfig, GcsBucketOptions gcsBucketOptions, HttpTransportFactory httpTransportFactory, SecretsProvider secretsProvider) {
        HttpTransportOptions.Builder httpTransportFactory2 = HttpTransportOptions.newBuilder().setHttpTransportFactory(httpTransportFactory);
        gcsConfig.connectTimeout().ifPresent(duration -> {
            httpTransportFactory2.setConnectTimeout((int) duration.toMillis());
        });
        gcsConfig.readTimeout().ifPresent(duration2 -> {
            httpTransportFactory2.setReadTimeout((int) duration2.toMillis());
        });
        HttpStorageOptions.Builder transportOptions = StorageOptions.http().setCredentials(buildCredentials(gcsBucketOptions, httpTransportFactory, secretsProvider)).setTransportOptions(httpTransportFactory2.build());
        Optional projectId = gcsBucketOptions.projectId();
        Objects.requireNonNull(transportOptions);
        projectId.ifPresent(transportOptions::setProjectId);
        Optional quotaProjectId = gcsBucketOptions.quotaProjectId();
        Objects.requireNonNull(transportOptions);
        quotaProjectId.ifPresent(transportOptions::setQuotaProjectId);
        Optional map = gcsBucketOptions.host().map((v0) -> {
            return v0.toString();
        });
        Objects.requireNonNull(transportOptions);
        map.ifPresent(transportOptions::setHost);
        Optional clientLibToken = gcsBucketOptions.clientLibToken();
        Objects.requireNonNull(transportOptions);
        clientLibToken.ifPresent(transportOptions::setClientLibToken);
        transportOptions.setRetrySettings(buildRetrySettings(gcsConfig));
        return transportOptions.build().getService();
    }

    static RetrySettings buildRetrySettings(GcsConfig gcsConfig) {
        Function function = duration -> {
            return Duration.ofMillis(duration.toMillis());
        };
        RetrySettings.Builder newBuilder = RetrySettings.newBuilder();
        OptionalInt maxAttempts = gcsConfig.maxAttempts();
        Objects.requireNonNull(newBuilder);
        maxAttempts.ifPresent(newBuilder::setMaxAttempts);
        Optional map = gcsConfig.logicalTimeout().map(function);
        Objects.requireNonNull(newBuilder);
        map.ifPresent(newBuilder::setLogicalTimeout);
        Optional map2 = gcsConfig.totalTimeout().map(function);
        Objects.requireNonNull(newBuilder);
        map2.ifPresent(newBuilder::setTotalTimeout);
        Optional map3 = gcsConfig.initialRetryDelay().map(function);
        Objects.requireNonNull(newBuilder);
        map3.ifPresent(newBuilder::setInitialRetryDelay);
        Optional map4 = gcsConfig.maxRetryDelay().map(function);
        Objects.requireNonNull(newBuilder);
        map4.ifPresent(newBuilder::setMaxRetryDelay);
        OptionalDouble retryDelayMultiplier = gcsConfig.retryDelayMultiplier();
        Objects.requireNonNull(newBuilder);
        retryDelayMultiplier.ifPresent(newBuilder::setRetryDelayMultiplier);
        Optional map5 = gcsConfig.initialRpcTimeout().map(function);
        Objects.requireNonNull(newBuilder);
        map5.ifPresent(newBuilder::setInitialRpcTimeout);
        Optional map6 = gcsConfig.maxRpcTimeout().map(function);
        Objects.requireNonNull(newBuilder);
        map6.ifPresent(newBuilder::setMaxRpcTimeout);
        OptionalDouble rpcTimeoutMultiplier = gcsConfig.rpcTimeoutMultiplier();
        Objects.requireNonNull(newBuilder);
        rpcTimeoutMultiplier.ifPresent(newBuilder::setRpcTimeoutMultiplier);
        return newBuilder.build();
    }

    public static HttpTransportFactory buildSharedHttpTransportFactory() {
        NetHttpTransport.Builder builder = new NetHttpTransport.Builder();
        Objects.requireNonNull(builder);
        return new SharedHttpTransportFactory(builder::build);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Credentials buildCredentials(GcsBucketOptions gcsBucketOptions, HttpTransportFactory httpTransportFactory, SecretsProvider secretsProvider) {
        GcsBucketOptions.GcsAuthType effectiveAuthType = gcsBucketOptions.effectiveAuthType();
        switch (AnonymousClass1.$SwitchMap$org$projectnessie$catalog$files$config$GcsBucketOptions$GcsAuthType[effectiveAuthType.ordinal()]) {
            case 1:
                return NoCredentials.getInstance();
            case 2:
                try {
                    return UserCredentials.fromStream(new ByteArrayInputStream(((KeySecret) secretsProvider.getSecret((URI) gcsBucketOptions.authCredentialsJson().orElseThrow(() -> {
                        return new IllegalStateException("auth-credentials-json missing");
                    }), SecretType.KEY, KeySecret.class).orElseThrow(() -> {
                        return new IllegalStateException("auth-credentials-json missing");
                    })).key().getBytes(StandardCharsets.UTF_8)), httpTransportFactory);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            case 3:
                try {
                    return ServiceAccountCredentials.fromStream(new ByteArrayInputStream(((KeySecret) secretsProvider.getSecret((URI) gcsBucketOptions.authCredentialsJson().orElseThrow(() -> {
                        return new IllegalStateException("auth-credentials-json missing");
                    }), SecretType.KEY, KeySecret.class).orElseThrow(() -> {
                        return new IllegalStateException("auth-credentials-json missing");
                    })).key().getBytes(StandardCharsets.UTF_8)), httpTransportFactory);
                } catch (IOException e2) {
                    throw new RuntimeException(e2);
                }
            case 4:
                TokenSecret tokenSecret = (TokenSecret) secretsProvider.getSecret((URI) gcsBucketOptions.oauth2Token().orElseThrow(() -> {
                    return new IllegalStateException("oauth2-token missing");
                }), SecretType.EXPIRING_TOKEN, TokenSecret.class).orElseThrow(() -> {
                    return new IllegalStateException("oauth2-token missing");
                });
                return OAuth2Credentials.create(new AccessToken(tokenSecret.token(), (Date) tokenSecret.expiresAt().map(instant -> {
                    return new Date(instant.toEpochMilli());
                }).orElse(null)));
            case 5:
                try {
                    return GoogleCredentials.getApplicationDefault();
                } catch (IOException e3) {
                    throw new IllegalArgumentException("Unable to load default credentials", e3);
                }
            default:
                throw new IllegalArgumentException("Unsupported auth type " + String.valueOf(effectiveAuthType));
        }
    }
}
