package de.adorsys.datasafe.rest.impl.config;

import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import dagger.Lazy;
import de.adorsys.datasafe.business.impl.service.DaggerDefaultDatasafeServices;
import de.adorsys.datasafe.business.impl.service.DaggerVersionedDatasafeServices;
import de.adorsys.datasafe.business.impl.service.DefaultDatasafeServices;
import de.adorsys.datasafe.business.impl.service.VersionedDatasafeServices;
import de.adorsys.datasafe.directory.api.config.DFSConfig;
import de.adorsys.datasafe.directory.api.profile.keys.StorageKeyStoreOperations;
import de.adorsys.datasafe.directory.impl.profile.config.DFSConfigWithStorageCreds;
import de.adorsys.datasafe.directory.impl.profile.config.DefaultDFSConfig;
import de.adorsys.datasafe.directory.impl.profile.config.MultiDFSConfig;
import de.adorsys.datasafe.directory.impl.profile.dfs.BucketAccessServiceImpl;
import de.adorsys.datasafe.directory.impl.profile.dfs.BucketAccessServiceImplRuntimeDelegatable;
import de.adorsys.datasafe.directory.impl.profile.dfs.RegexAccessServiceWithStorageCredentialsImpl;
import de.adorsys.datasafe.encrypiton.api.types.UserID;
import de.adorsys.datasafe.encrypiton.api.types.UserIDAuth;
import de.adorsys.datasafe.storage.api.RegexDelegatingStorage;
import de.adorsys.datasafe.storage.api.SchemeDelegatingStorage;
import de.adorsys.datasafe.storage.api.StorageService;
import de.adorsys.datasafe.storage.api.UriBasedAuthStorageService;
import de.adorsys.datasafe.storage.impl.db.DatabaseConnectionRegistry;
import de.adorsys.datasafe.storage.impl.db.DatabaseCredentials;
import de.adorsys.datasafe.storage.impl.db.DatabaseStorageService;
import de.adorsys.datasafe.storage.impl.fs.FileSystemStorageService;
import de.adorsys.datasafe.storage.impl.s3.BucketNameRemovingRouter;
import de.adorsys.datasafe.storage.impl.s3.S3ClientFactory;
import de.adorsys.datasafe.storage.impl.s3.S3StorageService;
import de.adorsys.datasafe.types.api.context.BaseOverridesRegistry;
import de.adorsys.datasafe.types.api.context.overrides.OverridesRegistry;
import de.adorsys.datasafe.types.api.resource.AbsoluteLocation;
import de.adorsys.datasafe.types.api.resource.PrivateResource;
import de.adorsys.datasafe.types.api.resource.PublicResource;
import de.adorsys.datasafe.types.api.utils.ExecutorServiceUtil;
import java.net.URI;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.regex.Pattern;
import lombok.Generated;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:BOOT-INF/classes/de/adorsys/datasafe/rest/impl/config/DatasafeConfig.class */
public class DatasafeConfig {
    public static final String FILESYSTEM_ENV = "USE_FILESYSTEM";
    public static final String CLIENT_CREDENTIALS = "ALLOW_CLIENT_S3_CREDENTIALS";
    public static final String DATASAFE_S3_STORAGE = "DATASAFE_S3_STORAGE";

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DatasafeConfig.class);
    private static final Set<String> ALLOWED_TABLES = ImmutableSet.of("private_profiles", "public_profiles");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/classes/de/adorsys/datasafe/rest/impl/config/DatasafeConfig$WithAccessCredentials.class */
    public static class WithAccessCredentials extends BucketAccessServiceImpl {
        private final RegexAccessServiceWithStorageCredentialsImpl access;

        private WithAccessCredentials(Lazy<StorageKeyStoreOperations> lazy) {
            super(null);
            this.access = new RegexAccessServiceWithStorageCredentialsImpl(lazy);
        }

        @Override // de.adorsys.datasafe.directory.impl.profile.dfs.BucketAccessServiceImpl, de.adorsys.datasafe.directory.api.profile.dfs.BucketAccessService
        @Generated
        public AbsoluteLocation<PrivateResource> privateAccessFor(UserIDAuth userIDAuth, PrivateResource privateResource) {
            return this.access.privateAccessFor(userIDAuth, privateResource);
        }

        @Override // de.adorsys.datasafe.directory.impl.profile.dfs.BucketAccessServiceImpl, de.adorsys.datasafe.directory.api.profile.dfs.BucketAccessService
        @Generated
        public AbsoluteLocation<PublicResource> publicAccessFor(UserID userID, PublicResource publicResource) {
            return this.access.publicAccessFor(userID, publicResource);
        }

        @Override // de.adorsys.datasafe.directory.impl.profile.dfs.BucketAccessServiceImpl, de.adorsys.datasafe.directory.api.profile.dfs.BucketAccessService
        @Generated
        public AbsoluteLocation withSystemAccess(AbsoluteLocation absoluteLocation) {
            return this.access.withSystemAccess(absoluteLocation);
        }
    }

    @ConditionalOnProperty(name = {DATASAFE_S3_STORAGE}, havingValue = "true")
    @Bean
    DFSConfig singleDfsConfigS3(DatasafeProperties datasafeProperties) {
        return new DefaultDFSConfig(datasafeProperties.getSystemRoot(), datasafeProperties.getKeystorePassword());
    }

    @ConditionalOnProperty({FILESYSTEM_ENV})
    @Bean
    DFSConfig singleDfsConfigFilesystem(DatasafeProperties datasafeProperties) {
        return new DefaultDFSConfig(datasafeProperties.getSystemRoot(), datasafeProperties.getKeystorePassword());
    }

    @ConditionalOnProperty(name = {CLIENT_CREDENTIALS}, havingValue = "true")
    @Bean
    DFSConfig withClientCredentials(DatasafeProperties datasafeProperties) {
        return new DFSConfigWithStorageCreds(datasafeProperties.getSystemRoot(), datasafeProperties.getKeystorePassword());
    }

    @ConditionalOnProperty(name = {CLIENT_CREDENTIALS}, havingValue = "true")
    @Bean
    OverridesRegistry withClientCredentialsOverrides() {
        BaseOverridesRegistry baseOverridesRegistry = new BaseOverridesRegistry();
        BucketAccessServiceImplRuntimeDelegatable.overrideWith(baseOverridesRegistry, argumentsCaptor -> {
            return new WithAccessCredentials(argumentsCaptor.getStorageKeyStoreOperations());
        });
        return baseOverridesRegistry;
    }

    @ConditionalOnMissingBean({DFSConfig.class})
    @Bean
    DFSConfig multiDfsConfig(DatasafeProperties datasafeProperties) {
        return new MultiDFSConfig(URI.create(datasafeProperties.getS3Path()), URI.create(datasafeProperties.getDbProfilePath()), datasafeProperties.getKeystorePassword());
    }

    @Bean
    DefaultDatasafeServices datasafeService(StorageService storageService, DFSConfig dFSConfig, Optional<OverridesRegistry> optional) {
        Security.addProvider(new BouncyCastleProvider());
        return DaggerDefaultDatasafeServices.builder().config(dFSConfig).storage(storageService).overridesRegistry(optional.orElse(null)).build();
    }

    @Bean
    VersionedDatasafeServices versionedDatasafeServices(StorageService storageService, DFSConfig dFSConfig, Optional<OverridesRegistry> optional) {
        Security.addProvider(new BouncyCastleProvider());
        return DaggerVersionedDatasafeServices.builder().config(dFSConfig).storage(storageService).overridesRegistry(optional.orElse(null)).build();
    }

    @ConditionalOnProperty(value = {CLIENT_CREDENTIALS}, havingValue = "true")
    @Bean
    StorageService clientCredentials(AmazonS3 amazonS3, DatasafeProperties datasafeProperties) {
        ExecutorService submitterExecutesOnStarvationExecutingService = ExecutorServiceUtil.submitterExecutesOnStarvationExecutingService();
        return new RegexDelegatingStorage(ImmutableMap.builder().put(Pattern.compile(datasafeProperties.getSystemRoot() + ".+"), new S3StorageService(amazonS3, datasafeProperties.getBucketName(), submitterExecutesOnStarvationExecutingService)).put(Pattern.compile(".+"), new UriBasedAuthStorageService(accessId -> {
            return new S3StorageService(S3ClientFactory.getClient(accessId.getOnlyHostPart().toString(), accessId.getAccessKey(), accessId.getSecretKey()), new BucketNameRemovingRouter(accessId.getBucketName()), submitterExecutesOnStarvationExecutingService);
        })).build());
    }

    @ConditionalOnProperty({FILESYSTEM_ENV})
    @Bean
    StorageService singleStorageServiceFilesystem(DatasafeProperties datasafeProperties) {
        String str = System.getenv(FILESYSTEM_ENV);
        log.info("==================== FILESYSTEM");
        log.info("build DFS to FILESYSTEM with root " + str);
        datasafeProperties.setSystemRoot(str);
        return new FileSystemStorageService(Paths.get(str, new String[0]));
    }

    @ConditionalOnProperty(name = {DATASAFE_S3_STORAGE}, havingValue = "true")
    @Bean
    StorageService singleStorageServiceS3(AmazonS3 amazonS3, DatasafeProperties datasafeProperties) {
        return new S3StorageService(amazonS3, datasafeProperties.getBucketName(), ExecutorServiceUtil.submitterExecutesOnStarvationExecutingService());
    }

    @ConditionalOnMissingBean({StorageService.class})
    @Bean
    StorageService multiStorageService(DatasafeProperties datasafeProperties) {
        return new SchemeDelegatingStorage(ImmutableMap.of("s3", (DatabaseStorageService) new S3StorageService(s3(datasafeProperties), datasafeProperties.getBucketName(), ExecutorServiceUtil.submitterExecutesOnStarvationExecutingService()), "jdbc-mysql", new DatabaseStorageService(ALLOWED_TABLES, new DatabaseConnectionRegistry(ImmutableMap.of(datasafeProperties.getDbUrl(), new DatabaseCredentials(datasafeProperties.getDbUsername(), datasafeProperties.getDbPassword()))))));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    @org.springframework.context.annotation.Lazy
    AmazonS3 s3(DatasafeProperties datasafeProperties) {
        boolean z = datasafeProperties.getAmazonUrl() != null;
        AmazonS3ClientBuilder amazonS3ClientBuilder = (AmazonS3ClientBuilder) AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(datasafeProperties.getAmazonAccessKeyID(), datasafeProperties.getAmazonSecretAccessKey())));
        if (z) {
            amazonS3ClientBuilder = ((AmazonS3ClientBuilder) amazonS3ClientBuilder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(datasafeProperties.getAmazonUrl(), datasafeProperties.getAmazonRegion()))).enablePathStyleAccess();
        } else {
            amazonS3ClientBuilder.withRegion(datasafeProperties.getAmazonRegion());
        }
        AmazonS3 amazonS3 = (AmazonS3) amazonS3ClientBuilder.build();
        if (z && !amazonS3.doesBucketExistV2(datasafeProperties.getBucketName())) {
            amazonS3.createBucket(datasafeProperties.getBucketName());
        }
        return amazonS3;
    }
}
