package com.instaclustr.cassandra.backup.s3;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.transfer.TransferManager;
import com.amazonaws.services.s3.transfer.TransferManagerBuilder;
import com.google.common.base.Strings;
import com.google.inject.Provider;
import com.instaclustr.cassandra.backup.impl.AbstractOperationRequest;
import com.instaclustr.kubernetes.KubernetesHelper;
import com.instaclustr.kubernetes.KubernetesSecretsReader;
import com.instaclustr.kubernetes.SecretReader;
import io.kubernetes.client.apis.CoreV1Api;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/instaclustr/cassandra/backup/s3/TransferManagerFactory.class */
public class TransferManagerFactory {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TransferManagerFactory.class);
    private final Provider<CoreV1Api> coreV1ApiProvider;
    private final boolean enablePathStyleAccess;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/instaclustr/cassandra/backup/s3/TransferManagerFactory$S3Configuration.class */
    public static final class S3Configuration {
        public String awsRegion;
        public String awsEndpoint;
        public String awsAccessKeyId;
        public String awsSecretKey;

        private S3Configuration() {
        }
    }

    public TransferManagerFactory(Provider<CoreV1Api> provider) {
        this(provider, false);
    }

    public TransferManagerFactory(Provider<CoreV1Api> provider, boolean z) {
        this.coreV1ApiProvider = provider;
        this.enablePathStyleAccess = z;
    }

    public TransferManager build(AbstractOperationRequest abstractOperationRequest) {
        return TransferManagerBuilder.standard().withS3Client(provideAmazonS3(this.coreV1ApiProvider, abstractOperationRequest)).build();
    }

    public boolean isRunningInKubernetes() {
        return KubernetesHelper.isRunningInKubernetes() || KubernetesHelper.isRunningAsClient();
    }

    private AmazonS3 provideAmazonS3(Provider<CoreV1Api> provider, AbstractOperationRequest abstractOperationRequest) {
        final S3Configuration resolveS3Configuration = resolveS3Configuration(provider, abstractOperationRequest);
        AmazonS3ClientBuilder standard = AmazonS3ClientBuilder.standard();
        if (resolveS3Configuration.awsEndpoint != null) {
            if (resolveS3Configuration.awsRegion == null) {
                throw new IllegalArgumentException("AWS_REGION must be set if AWS_ENDPOINT is set.");
            }
            standard.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(resolveS3Configuration.awsEndpoint, resolveS3Configuration.awsRegion.toLowerCase()));
        } else if (resolveS3Configuration.awsRegion != null) {
            standard.withRegion(Regions.fromName(resolveS3Configuration.awsRegion.toLowerCase()));
        }
        if (this.enablePathStyleAccess) {
            standard.enablePathStyleAccess();
        }
        if (abstractOperationRequest.insecure) {
            standard.withClientConfiguration(new ClientConfiguration().withProtocol(Protocol.HTTP));
        }
        if (isRunningInKubernetes() && resolveS3Configuration.awsAccessKeyId != null && resolveS3Configuration.awsSecretKey != null) {
            standard.setCredentials(new AWSCredentialsProvider() { // from class: com.instaclustr.cassandra.backup.s3.TransferManagerFactory.1
                @Override // com.amazonaws.auth.AWSCredentialsProvider
                public AWSCredentials getCredentials() {
                    return new AWSCredentials() { // from class: com.instaclustr.cassandra.backup.s3.TransferManagerFactory.1.1
                        @Override // com.amazonaws.auth.AWSCredentials
                        public String getAWSAccessKeyId() {
                            return resolveS3Configuration.awsAccessKeyId;
                        }

                        @Override // com.amazonaws.auth.AWSCredentials
                        public String getAWSSecretKey() {
                            return resolveS3Configuration.awsSecretKey;
                        }
                    };
                }

                @Override // com.amazonaws.auth.AWSCredentialsProvider
                public void refresh() {
                }
            });
        }
        return (AmazonS3) standard.build();
    }

    private S3Configuration resolveS3Configuration(Provider<CoreV1Api> provider, AbstractOperationRequest abstractOperationRequest) {
        if (!isRunningInKubernetes()) {
            return resolveS3ConfigurationFromEnvProperties();
        }
        if (!Strings.isNullOrEmpty(abstractOperationRequest.resolveKubernetesSecretName())) {
            return resolveS3ConfigurationFromK8S(provider, abstractOperationRequest);
        }
        logger.warn("Kubernetes secret name for resolving S3 credentials was not specified, going to resolve them from env. properties. If env. properties are not specified, credentials will be fetched from AWS instance itself.");
        return resolveS3ConfigurationFromEnvProperties();
    }

    private S3Configuration resolveS3ConfigurationFromK8S(Provider<CoreV1Api> provider, AbstractOperationRequest abstractOperationRequest) {
        String resolveKubernetesSecretName = abstractOperationRequest.resolveKubernetesSecretName();
        try {
            return (S3Configuration) new SecretReader(provider).readIntoObject(resolveKubernetesKeyspace(abstractOperationRequest), resolveKubernetesSecretName, v1Secret -> {
                Map<String, byte[]> data = v1Secret.getData();
                S3Configuration s3Configuration = new S3Configuration();
                byte[] bArr = data.get("awsendpoint");
                byte[] bArr2 = data.get("awsregion");
                byte[] bArr3 = data.get("awssecretaccesskey");
                byte[] bArr4 = data.get("awsaccesskeyid");
                if (bArr != null) {
                    s3Configuration.awsEndpoint = new String(bArr);
                }
                if (bArr2 != null) {
                    s3Configuration.awsRegion = new String(bArr2);
                }
                if (bArr4 == null) {
                    throw new S3ModuleException(String.format("Secret %s does not contain any entry with key 'awsaccesskeyid'.", v1Secret.getMetadata().getName()));
                }
                s3Configuration.awsAccessKeyId = new String(bArr4);
                if (bArr3 == null) {
                    throw new S3ModuleException(String.format("Secret %s does not contain any entry with key 'awssecretaccesskey'.", v1Secret.getMetadata().getName()));
                }
                s3Configuration.awsSecretKey = new String(bArr3);
                return s3Configuration;
            });
        } catch (Exception e) {
            throw new S3ModuleException("Unable to resolve S3 credentials for backup / restores from Kubernetes secret " + resolveKubernetesSecretName, e);
        }
    }

    private S3Configuration resolveS3ConfigurationFromEnvProperties() {
        S3Configuration s3Configuration = new S3Configuration();
        s3Configuration.awsRegion = System.getenv(SDKGlobalConfiguration.AWS_REGION_ENV_VAR);
        s3Configuration.awsEndpoint = System.getenv("AWS_ENDPOINT");
        return s3Configuration;
    }

    private String resolveKubernetesKeyspace(AbstractOperationRequest abstractOperationRequest) {
        return abstractOperationRequest.resolveKubernetesNamespace() != null ? abstractOperationRequest.resolveKubernetesNamespace() : KubernetesSecretsReader.readNamespace();
    }
}
