package org.projectnessie.catalog.files.s3;

import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import com.github.benmanes.caffeine.cache.Scheduler;
import java.io.IOException;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.projectnessie.catalog.files.api.StorageLocations;
import org.projectnessie.catalog.files.config.S3ClientIam;
import org.projectnessie.storage.uri.StorageUri;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/projectnessie/catalog/files/s3/S3IamPolicies.class */
public final class S3IamPolicies {
    private static final ObjectMapper MAPPER = new ObjectMapper();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/projectnessie/catalog/files/s3/S3IamPolicies$ParsedIamStatements.class */
    public static class ParsedIamStatements {
        static final LoadingCache<String, ObjectNode> STATEMENTS = Caffeine.newBuilder().maximumSize(2000).expireAfterAccess(Duration.of(1, ChronoUnit.HOURS)).scheduler(Scheduler.systemScheduler()).build(ParsedIamStatements::parseStatement);

        private ParsedIamStatements() {
        }

        private static ObjectNode parseStatement(String str) {
            try {
                MappingIterator readValues = S3IamPolicies.MAPPER.readerFor(ObjectNode.class).readValues(str);
                try {
                    ObjectNode objectNode = null;
                    if (readValues.hasNext()) {
                        Object nextValue = readValues.nextValue();
                        if (!(nextValue instanceof ObjectNode)) {
                            throw new IOException("Invalid statement");
                        }
                        objectNode = (ObjectNode) nextValue;
                    }
                    if (readValues.hasNext()) {
                        throw new IOException("Invalid statement");
                    }
                    ObjectNode objectNode2 = objectNode;
                    if (readValues != null) {
                        readValues.close();
                    }
                    return objectNode2;
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private S3IamPolicies() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String locationDependentPolicy(S3ClientIam s3ClientIam, StorageLocations storageLocations) {
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        objectNode.put("Version", "2012-10-17");
        ArrayNode withArray = objectNode.withArray("Statement");
        for (StorageUri storageUri : Stream.concat(storageLocations.writeableLocations().stream(), storageLocations.readonlyLocations().stream())) {
            String iamEscapeString = S3Utils.iamEscapeString(storageUri.requiredAuthority());
            String iamEscapeString2 = S3Utils.iamEscapeString(storageUri.pathWithoutLeadingTrailingSlash());
            ObjectNode addObject = withArray.addObject();
            addObject.put("Effect", "Allow");
            addObject.put("Action", "s3:ListBucket");
            addObject.put("Resource", String.format("arn:aws:s3:::%s", iamEscapeString));
            ArrayNode withArray2 = addObject.withObject("Condition").withObject("StringLike").withArray("s3:prefix");
            withArray2.add(iamEscapeString2);
            withArray2.add(iamEscapeString2 + "/*");
            withArray2.add("*/" + iamEscapeString2);
            withArray2.add("*/" + iamEscapeString2 + "/*");
            withArray2.add("*/*/*/*/" + iamEscapeString2);
            withArray2.add("*/*/*/*/" + iamEscapeString2 + "/*");
        }
        List<StorageUri> writeableLocations = storageLocations.writeableLocations();
        if (!writeableLocations.isEmpty()) {
            ObjectNode addObject2 = withArray.addObject();
            addObject2.put("Effect", "Allow");
            ArrayNode putArray = addObject2.putArray("Action");
            putArray.add("s3:GetObject");
            putArray.add("s3:GetObjectVersion");
            putArray.add("s3:PutObject");
            putArray.add("s3:DeleteObject");
            ArrayNode withArray3 = addObject2.withArray("Resource");
            for (StorageUri storageUri2 : writeableLocations) {
                String iamEscapeString3 = S3Utils.iamEscapeString(storageUri2.requiredAuthority());
                String iamEscapeString4 = S3Utils.iamEscapeString(storageUri2.pathWithoutLeadingTrailingSlash());
                withArray3.add(String.format("arn:aws:s3:::%s/%s/*", iamEscapeString3, iamEscapeString4));
                withArray3.add(String.format("arn:aws:s3:::%s/*/%s/*", iamEscapeString3, iamEscapeString4));
                withArray3.add(String.format("arn:aws:s3:::%s/*/*/*/*/%s/*", iamEscapeString3, iamEscapeString4));
            }
        }
        List<StorageUri> readonlyLocations = storageLocations.readonlyLocations();
        if (!readonlyLocations.isEmpty()) {
            ObjectNode addObject3 = withArray.addObject();
            addObject3.put("Effect", "Allow");
            ArrayNode putArray2 = addObject3.putArray("Action");
            putArray2.add("s3:GetObject");
            putArray2.add("s3:GetObjectVersion");
            ArrayNode withArray4 = addObject3.withArray("Resource");
            for (StorageUri storageUri3 : readonlyLocations) {
                String iamEscapeString5 = S3Utils.iamEscapeString(storageUri3.requiredAuthority());
                String iamEscapeString6 = S3Utils.iamEscapeString(storageUri3.pathWithoutLeadingTrailingSlash());
                withArray4.add(String.format("arn:aws:s3:::%s%s/*", iamEscapeString5, iamEscapeString6));
                withArray4.add(String.format("arn:aws:s3:::%s/*/%s/*", iamEscapeString5, iamEscapeString6));
                withArray4.add(String.format("arn:aws:s3:::%s/*/*/*/*/%s/*", iamEscapeString5, iamEscapeString6));
            }
        }
        s3ClientIam.statements().ifPresent(list -> {
            Stream stream = list.stream();
            LoadingCache<String, ObjectNode> loadingCache = ParsedIamStatements.STATEMENTS;
            Objects.requireNonNull(loadingCache);
            Stream map = stream.map((v1) -> {
                return r1.get(v1);
            });
            Objects.requireNonNull(withArray);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        });
        return objectNode.toString();
    }
}
