package org.projectnessie.catalog.files.s3;

import com.google.common.base.Preconditions;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.time.Duration;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.BiConsumer;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.projectnessie.catalog.files.api.ObjectIO;
import org.projectnessie.catalog.files.api.StorageLocations;
import org.projectnessie.catalog.files.config.S3BucketOptions;
import org.projectnessie.catalog.files.config.S3NamedBucketOptions;
import org.projectnessie.storage.uri.StorageUri;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.model.Delete;
import software.amazon.awssdk.services.s3.model.DeleteObjectsRequest;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.ObjectIdentifier;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;

/* loaded from: input_file:org/projectnessie/catalog/files/s3/S3ObjectIO.class */
public class S3ObjectIO implements ObjectIO {
    static final String S3_CLIENT_REGION = "client.region";
    static final String S3_ACCESS_KEY_ID = "s3.access-key-id";
    static final String S3_SECRET_ACCESS_KEY = "s3.secret-access-key";
    static final String S3_SESSION_TOKEN = "s3.session-token";
    static final String S3_ENDPOINT = "s3.endpoint";
    static final String S3_ACCESS_POINTS_PREFIX = "s3.access-points.";
    static final String S3_PATH_STYLE_ACCESS = "s3.path-style-access";
    static final String S3_USE_ARN_REGION_ENABLED = "s3.use-arn-region-enabled";
    static final String S3_REMOTE_SIGNING_ENABLED = "s3.remote-signing-enabled";
    static final String S3_SIGNER = "s3.signer";
    private final S3ClientSupplier s3clientSupplier;
    private final S3CredentialsResolver s3CredentialsResolver;

    public S3ObjectIO(S3ClientSupplier s3ClientSupplier, S3CredentialsResolver s3CredentialsResolver) {
        this.s3clientSupplier = s3ClientSupplier;
        this.s3CredentialsResolver = s3CredentialsResolver;
    }

    public void ping(StorageUri storageUri) {
        this.s3clientSupplier.getClient(storageUri).headBucket(builder -> {
            builder.bucket(storageUri.requiredAuthority());
        });
    }

    public InputStream readObject(StorageUri storageUri) {
        Preconditions.checkArgument(storageUri != null, "Invalid location: null");
        Preconditions.checkArgument(S3Utils.isS3scheme(storageUri.scheme()), "Invalid S3 scheme: %s", storageUri);
        return this.s3clientSupplier.getClient(storageUri).getObject((GetObjectRequest) GetObjectRequest.builder().bucket(storageUri.requiredAuthority()).key(withoutLeadingSlash(storageUri)).build());
    }

    public OutputStream writeObject(final StorageUri storageUri) {
        Preconditions.checkArgument(storageUri != null, "Invalid location: null");
        Preconditions.checkArgument(S3Utils.isS3scheme(storageUri.scheme()), "Invalid S3 scheme: %s", storageUri);
        return new ByteArrayOutputStream() { // from class: org.projectnessie.catalog.files.s3.S3ObjectIO.1
            private final AtomicBoolean closed = new AtomicBoolean();

            @Override // java.io.ByteArrayOutputStream, java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                if (this.closed.compareAndSet(false, true)) {
                    super.close();
                    S3ObjectIO.this.s3clientSupplier.getClient(storageUri).putObject((PutObjectRequest) PutObjectRequest.builder().bucket(storageUri.requiredAuthority()).key(S3ObjectIO.withoutLeadingSlash(storageUri)).build(), RequestBody.fromBytes(toByteArray()));
                }
            }
        };
    }

    public void deleteObjects(List<StorageUri> list) {
        for (Map.Entry entry : ((Map) list.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.requiredAuthority();
        }))).entrySet()) {
            String str = (String) entry.getKey();
            List list2 = (List) entry.getValue();
            this.s3clientSupplier.getClient((StorageUri) list2.get(0)).deleteObjects((DeleteObjectsRequest) DeleteObjectsRequest.builder().bucket(str).delete((Delete) Delete.builder().objects((List) list2.stream().map(S3ObjectIO::withoutLeadingSlash).map(str2 -> {
                return (ObjectIdentifier) ObjectIdentifier.builder().key(str2).build();
            }).collect(Collectors.toList())).build()).build());
        }
    }

    public Optional<String> canResolve(StorageUri storageUri) {
        if (!S3Utils.isS3scheme(storageUri.scheme())) {
            return Optional.of("Not an S3 URI");
        }
        try {
            return this.s3clientSupplier.getClient(storageUri) != null ? Optional.empty() : Optional.of("S3 client could not be constructed");
        } catch (IllegalArgumentException e) {
            return Optional.of(e.getMessage());
        }
    }

    private static String withoutLeadingSlash(StorageUri storageUri) {
        String requiredPath = storageUri.requiredPath();
        return requiredPath.startsWith("/") ? requiredPath.substring(1) : requiredPath;
    }

    public void configureIcebergWarehouse(StorageUri storageUri, BiConsumer<String, String> biConsumer, BiConsumer<String, String> biConsumer2) {
        icebergConfigDefaults(storageUri, biConsumer);
        icebergConfigOverrides(storageUri, biConsumer2);
    }

    public void configureIcebergTable(StorageLocations storageLocations, BiConsumer<String, String> biConsumer, Predicate<Duration> predicate, boolean z) {
        if (Stream.concat(storageLocations.writeableLocations().stream(), storageLocations.readonlyLocations().stream()).map((v0) -> {
            return v0.scheme();
        }).noneMatch(S3Utils::isS3scheme)) {
            return;
        }
        icebergConfigDefaults(storageLocations.warehouseLocation(), biConsumer);
        S3BucketOptions icebergConfigOverrides = icebergConfigOverrides(storageLocations.warehouseLocation(), biConsumer);
        boolean effectiveRequestSigningEnabled = icebergConfigOverrides.effectiveRequestSigningEnabled();
        if (effectiveRequestSigningEnabled) {
            effectiveRequestSigningEnabled = predicate.test(icebergConfigOverrides.effectiveUrlSigningExpire());
        }
        biConsumer.accept(S3_REMOTE_SIGNING_ENABLED, Boolean.toString(effectiveRequestSigningEnabled));
        if (effectiveRequestSigningEnabled) {
            biConsumer.accept(S3_SIGNER, "S3V4RestSigner");
        }
        if (icebergConfigOverrides.effectiveClientAssumeRoleEnabled() && z) {
            S3Credentials resolveSessionCredentials = this.s3CredentialsResolver.resolveSessionCredentials(icebergConfigOverrides, storageLocations);
            biConsumer.accept(S3_ACCESS_KEY_ID, resolveSessionCredentials.accessKeyId());
            biConsumer.accept(S3_SECRET_ACCESS_KEY, resolveSessionCredentials.secretAccessKey());
            resolveSessionCredentials.sessionToken().ifPresent(str -> {
                biConsumer.accept(S3_SESSION_TOKEN, str);
            });
        }
        icebergConfigOverrides.tableConfigOverrides().forEach(biConsumer);
    }

    public void trinoSampleConfig(StorageUri storageUri, Map<String, String> map, BiConsumer<String, String> biConsumer) {
        biConsumer.accept("iceberg.rest-catalog.vended-credentials-enabled", Boolean.toString(this.s3clientSupplier.s3options().resolveOptionsForUri(storageUri).effectiveClientAssumeRoleEnabled()));
        biConsumer.accept("fs.native-s3.enabled", "true");
        if (map.containsKey(S3_ENDPOINT)) {
            biConsumer.accept(S3_ENDPOINT, map.get(S3_ENDPOINT));
        }
        if (map.containsKey(S3_CLIENT_REGION)) {
            biConsumer.accept("s3.region", map.get(S3_CLIENT_REGION));
        }
        biConsumer.accept(S3_PATH_STYLE_ACCESS, map.getOrDefault(S3_PATH_STYLE_ACCESS, "false"));
    }

    S3BucketOptions icebergConfigOverrides(StorageUri storageUri, BiConsumer<String, String> biConsumer) {
        S3NamedBucketOptions resolveOptionsForUri = this.s3clientSupplier.s3options().resolveOptionsForUri(storageUri);
        resolveOptionsForUri.region().ifPresent(str -> {
            biConsumer.accept(S3_CLIENT_REGION, str);
        });
        if (resolveOptionsForUri.externalEndpoint().isPresent()) {
            biConsumer.accept(S3_ENDPOINT, ((URI) resolveOptionsForUri.externalEndpoint().get()).toString());
        } else {
            resolveOptionsForUri.endpoint().ifPresent(uri -> {
                biConsumer.accept(S3_ENDPOINT, uri.toString());
            });
        }
        resolveOptionsForUri.accessPoint().ifPresent(str2 -> {
            biConsumer.accept("s3.access-points." + ((String) resolveOptionsForUri.authority().orElseThrow()), str2);
        });
        resolveOptionsForUri.allowCrossRegionAccessPoint().ifPresent(bool -> {
            biConsumer.accept(S3_USE_ARN_REGION_ENABLED, bool.booleanValue() ? "true" : "false");
        });
        resolveOptionsForUri.pathStyleAccess().ifPresent(bool2 -> {
            biConsumer.accept(S3_PATH_STYLE_ACCESS, bool2.booleanValue() ? "true" : "false");
        });
        return resolveOptionsForUri;
    }

    void icebergConfigDefaults(StorageUri storageUri, BiConsumer<String, String> biConsumer) {
        this.s3clientSupplier.s3options().resolveOptionsForUri(storageUri).region().ifPresent(str -> {
            biConsumer.accept(S3_CLIENT_REGION, str);
        });
        biConsumer.accept("py-io-impl", "pyiceberg.io.fsspec.FsspecFileIO");
        biConsumer.accept("io-impl", "org.apache.iceberg.aws.s3.S3FileIO");
    }
}
