package com.takeshi.config;

import com.fasterxml.jackson.databind.JsonNode;
import com.takeshi.config.properties.AWSSecretsManagerCredentials;
import com.takeshi.util.AwsSecretsManagerUtil;
import java.util.concurrent.CompletableFuture;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.DependsOn;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.model.AbortIncompleteMultipartUpload;
import software.amazon.awssdk.services.s3.model.AccelerateConfiguration;
import software.amazon.awssdk.services.s3.model.BucketAccelerateStatus;
import software.amazon.awssdk.services.s3.model.BucketLifecycleConfiguration;
import software.amazon.awssdk.services.s3.model.CORSConfiguration;
import software.amazon.awssdk.services.s3.model.CORSRule;
import software.amazon.awssdk.services.s3.model.ExpirationStatus;
import software.amazon.awssdk.services.s3.model.LifecycleRule;
import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
import software.amazon.awssdk.services.s3.model.ObjectOwnership;
import software.amazon.awssdk.services.s3.model.OwnershipControls;
import software.amazon.awssdk.services.s3.model.OwnershipControlsRule;
import software.amazon.awssdk.services.s3.model.PublicAccessBlockConfiguration;
import software.amazon.awssdk.services.s3.model.PutBucketAccelerateConfigurationRequest;
import software.amazon.awssdk.services.s3.model.PutBucketCorsRequest;
import software.amazon.awssdk.services.s3.model.PutBucketLifecycleConfigurationRequest;
import software.amazon.awssdk.services.s3.model.PutBucketOwnershipControlsRequest;
import software.amazon.awssdk.services.s3.model.PutBucketPolicyRequest;
import software.amazon.awssdk.services.s3.model.PutPublicAccessBlockRequest;
import software.amazon.awssdk.services.s3.presigner.S3Presigner;
import software.amazon.awssdk.transfer.s3.S3TransferManager;

@AutoConfiguration("awsConfig")
@ConditionalOnClass({S3TransferManager.class})
/* loaded from: input_file:com/takeshi/config/AwsConfig.class */
public class AwsConfig {
    private static final Logger log = LoggerFactory.getLogger(AwsConfig.class);
    private final AWSSecretsManagerCredentials awsSecretsManagerCredentials;

    @ConditionalOnMissingBean
    @DependsOn({"secretsManagerClient"})
    @Bean
    public S3AsyncClient s3AsyncClient() {
        JsonNode secret = AwsSecretsManagerUtil.getSecret();
        String asText = secret.path(this.awsSecretsManagerCredentials.getS3AccessKeySecrets()).asText();
        String asText2 = secret.path(this.awsSecretsManagerCredentials.getS3SecretKeySecrets()).asText();
        String bucketName = this.awsSecretsManagerCredentials.getBucketName();
        S3AsyncClient s3AsyncClient = (S3AsyncClient) S3AsyncClient.builder().region(Region.of(this.awsSecretsManagerCredentials.getRegion())).credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(asText, asText2))).build();
        s3AsyncClient.headBucket(builder -> {
            builder.bucket(bucketName).build();
        }).handle((headBucketResponse, th) -> {
            return (th == null || !(th.getCause() instanceof NoSuchBucketException)) ? CompletableFuture.completedFuture(null) : createBucketAndConfigure(s3AsyncClient, bucketName);
        }).join();
        return s3AsyncClient;
    }

    @ConditionalOnMissingBean
    @DependsOn({"s3AsyncClient"})
    @Bean
    public S3TransferManager s3TransferManager(S3AsyncClient s3AsyncClient, ThreadPoolTaskExecutor threadPoolTaskExecutor) {
        return S3TransferManager.builder().s3Client(s3AsyncClient).executor(threadPoolTaskExecutor).build();
    }

    @ConditionalOnMissingBean
    @DependsOn({"secretsManagerClient"})
    @Bean
    public S3Presigner s3Presigner() {
        JsonNode secret = AwsSecretsManagerUtil.getSecret();
        return S3Presigner.builder().region(Region.of(this.awsSecretsManagerCredentials.getRegion())).credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(secret.path(this.awsSecretsManagerCredentials.getS3AccessKeySecrets()).asText(), secret.path(this.awsSecretsManagerCredentials.getS3SecretKeySecrets()).asText()))).build();
    }

    private CompletableFuture<Void> createBucketAndConfigure(S3AsyncClient s3AsyncClient, String str) {
        return s3AsyncClient.createBucket(builder -> {
            builder.bucket(str).build();
        }).thenCompose(createBucketResponse -> {
            log.info("AwsConfig.createBucketAndConfigure --> Bucket [{}] created successfully: {}", str, Boolean.valueOf(createBucketResponse.sdkHttpResponse().isSuccessful()));
            return configurePublicAccessBlock(s3AsyncClient, str);
        }).exceptionally(th -> {
            log.error("AwsConfig.createBucketAndConfigure --> Failed to create bucket [{}]: {}", str, th.getMessage());
            return null;
        });
    }

    private CompletableFuture<Void> configurePublicAccessBlock(S3AsyncClient s3AsyncClient, String str) {
        boolean isBlockPublicAccess = this.awsSecretsManagerCredentials.isBlockPublicAccess();
        return s3AsyncClient.putPublicAccessBlock((PutPublicAccessBlockRequest) PutPublicAccessBlockRequest.builder().bucket(str).publicAccessBlockConfiguration((PublicAccessBlockConfiguration) PublicAccessBlockConfiguration.builder().blockPublicAcls(Boolean.valueOf(isBlockPublicAccess)).ignorePublicAcls(Boolean.valueOf(isBlockPublicAccess)).blockPublicPolicy(Boolean.valueOf(isBlockPublicAccess)).restrictPublicBuckets(Boolean.valueOf(isBlockPublicAccess)).build()).build()).thenCompose(putPublicAccessBlockResponse -> {
            log.info("AwsConfig.configurePublicAccessBlock --> Bucket [{}] blocks all public access successfully: {}", str, Boolean.valueOf(putPublicAccessBlockResponse.sdkHttpResponse().isSuccessful()));
            return configureRemainingSettings(s3AsyncClient, str);
        }).exceptionally(th -> {
            log.error("AwsConfig.configurePublicAccessBlock --> Bucket [{}] blocks all public access failed: {}", str, th.getMessage());
            return null;
        });
    }

    private CompletableFuture<Void> configureRemainingSettings(S3AsyncClient s3AsyncClient, String str) {
        CompletableFuture completedFuture = CompletableFuture.completedFuture(null);
        CompletableFuture completedFuture2 = CompletableFuture.completedFuture(null);
        if (this.awsSecretsManagerCredentials.isBucketAcl()) {
            log.info("AwsConfig.configureRemainingSettings --> Enable ACLs for buckets");
            completedFuture = s3AsyncClient.putBucketOwnershipControls((PutBucketOwnershipControlsRequest) PutBucketOwnershipControlsRequest.builder().bucket(str).ownershipControls((OwnershipControls) OwnershipControls.builder().rules(new OwnershipControlsRule[]{(OwnershipControlsRule) OwnershipControlsRule.builder().objectOwnership(ObjectOwnership.BUCKET_OWNER_PREFERRED).build()}).build()).build()).exceptionally(th -> {
                log.error("AwsConfig.configureRemainingSettings --> Enable ACLs for buckets error", th);
                return null;
            });
        } else if (this.awsSecretsManagerCredentials.isBucketPolicyPublicRead()) {
            log.info("AwsConfig.configureRemainingSettings --> Configure bucket public read policy");
            completedFuture2 = s3AsyncClient.putBucketPolicy((PutBucketPolicyRequest) PutBucketPolicyRequest.builder().bucket(str).policy("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"PublicReadGetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::" + str + "/*\"}]}").build()).exceptionally(th2 -> {
                log.error("AwsConfig.configureRemainingSettings --> Configure bucket public read policy error", th2);
                return null;
            });
        }
        CompletableFuture completedFuture3 = CompletableFuture.completedFuture(null);
        if (this.awsSecretsManagerCredentials.isBucketAccelerate()) {
            log.info("AwsConfig.configureRemainingSettings --> Enable transfer acceleration for a bucket");
            completedFuture3 = s3AsyncClient.putBucketAccelerateConfiguration((PutBucketAccelerateConfigurationRequest) PutBucketAccelerateConfigurationRequest.builder().bucket(str).accelerateConfiguration((AccelerateConfiguration) AccelerateConfiguration.builder().status(BucketAccelerateStatus.ENABLED).build()).build()).exceptionally(th3 -> {
                log.error("AwsConfig.configureRemainingSettings --> Enable transfer acceleration for a bucket error", th3);
                return null;
            });
        }
        log.info("AwsConfig.configureRemainingSettings --> Configure cross-domain rules for buckets");
        CompletableFuture exceptionally = s3AsyncClient.putBucketCors((PutBucketCorsRequest) PutBucketCorsRequest.builder().bucket(str).corsConfiguration((CORSConfiguration) CORSConfiguration.builder().corsRules(new CORSRule[]{(CORSRule) CORSRule.builder().allowedHeaders(new String[]{"*"}).allowedMethods(new String[]{"GET", "HEAD"}).allowedOrigins(new String[]{"*"}).exposeHeaders(new String[]{"ETag", "x-amz-meta-custom-header"}).maxAgeSeconds(3000).build()}).build()).build()).exceptionally(th4 -> {
            log.error("AwsConfig.configureRemainingSettings --> Configure cross-domain rules for buckets error", th4);
            return null;
        });
        log.info("AwsConfig.configureRemainingSettings --> Configure lifecycle rules for bucket multipart uploads");
        return CompletableFuture.allOf(completedFuture, completedFuture2, completedFuture3, exceptionally, s3AsyncClient.putBucketLifecycleConfiguration((PutBucketLifecycleConfigurationRequest) PutBucketLifecycleConfigurationRequest.builder().bucket(str).lifecycleConfiguration((BucketLifecycleConfiguration) BucketLifecycleConfiguration.builder().rules(new LifecycleRule[]{(LifecycleRule) LifecycleRule.builder().id("Automatically delete incomplete multipart upload after seven days").abortIncompleteMultipartUpload((AbortIncompleteMultipartUpload) AbortIncompleteMultipartUpload.builder().daysAfterInitiation(7).build()).status(ExpirationStatus.ENABLED).build()}).build()).build()).exceptionally(th5 -> {
            log.error("AwsConfig.configureRemainingSettings --> Configure lifecycle rules for bucket multipart uploads error", th5);
            return null;
        }));
    }

    public AwsConfig(AWSSecretsManagerCredentials aWSSecretsManagerCredentials) {
        this.awsSecretsManagerCredentials = aWSSecretsManagerCredentials;
    }
}
