package io.trino.filesystem.s3;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.net.HostAndPort;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.units.DataSize;
import io.airlift.units.Duration;
import io.airlift.units.MaxDataSize;
import io.airlift.units.MinDataSize;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotNull;
import java.util.Optional;
import java.util.Set;
import software.amazon.awssdk.awscore.retry.AwsRetryStrategy;
import software.amazon.awssdk.retries.api.RetryStrategy;
import software.amazon.awssdk.services.s3.model.ObjectCannedACL;

/* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemConfig.class */
public class S3FileSystemConfig {
    private String awsAccessKey;
    private String awsSecretKey;
    private String endpoint;
    private String region;
    private boolean pathStyleAccess;
    private String iamRole;
    private String externalId;
    private String stsEndpoint;
    private String stsRegion;
    private String sseKmsKeyId;
    private boolean useWebIdentityTokenCredentialsProvider;
    private boolean requesterPays;
    private Duration connectionTtl;
    private Duration connectionMaxIdleTime;
    private Duration socketConnectTimeout;
    private Duration socketReadTimeout;
    private boolean tcpKeepAlive;
    private HostAndPort httpProxy;
    private boolean httpProxySecure;
    private String httpProxyUsername;
    private String httpProxyPassword;
    private boolean preemptiveBasicProxyAuth;
    private String roleSessionName = "trino-filesystem";
    private S3SseType sseType = S3SseType.NONE;
    private DataSize streamingPartSize = DataSize.of(16, DataSize.Unit.MEGABYTE);
    private Integer maxConnections = 500;
    private Set<String> nonProxyHosts = ImmutableSet.of();
    private ObjectCannedAcl objectCannedAcl = ObjectCannedAcl.NONE;
    private RetryMode retryMode = RetryMode.LEGACY;
    private int maxErrorRetries = 10;
    private boolean supportsExclusiveCreate = true;

    /* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemConfig$ObjectCannedAcl.class */
    public enum ObjectCannedAcl {
        NONE,
        PRIVATE,
        PUBLIC_READ,
        PUBLIC_READ_WRITE,
        AUTHENTICATED_READ,
        BUCKET_OWNER_READ,
        BUCKET_OWNER_FULL_CONTROL;

        public static ObjectCannedACL getCannedAcl(ObjectCannedAcl objectCannedAcl) {
            switch (objectCannedAcl) {
                case NONE:
                    return null;
                case PRIVATE:
                    return ObjectCannedACL.PRIVATE;
                case PUBLIC_READ:
                    return ObjectCannedACL.PUBLIC_READ;
                case PUBLIC_READ_WRITE:
                    return ObjectCannedACL.PUBLIC_READ_WRITE;
                case AUTHENTICATED_READ:
                    return ObjectCannedACL.AUTHENTICATED_READ;
                case BUCKET_OWNER_READ:
                    return ObjectCannedACL.BUCKET_OWNER_READ;
                case BUCKET_OWNER_FULL_CONTROL:
                    return ObjectCannedACL.BUCKET_OWNER_FULL_CONTROL;
                default:
                    throw new MatchException((String) null, (Throwable) null);
            }
        }
    }

    /* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemConfig$RetryMode.class */
    public enum RetryMode {
        STANDARD,
        LEGACY,
        ADAPTIVE;

        public static RetryStrategy getRetryStrategy(RetryMode retryMode) {
            switch (retryMode) {
                case STANDARD:
                    return AwsRetryStrategy.standardRetryStrategy();
                case LEGACY:
                    return AwsRetryStrategy.legacyRetryStrategy();
                case ADAPTIVE:
                    return AwsRetryStrategy.adaptiveRetryStrategy();
                default:
                    throw new MatchException((String) null, (Throwable) null);
            }
        }
    }

    /* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemConfig$S3SseType.class */
    public enum S3SseType {
        NONE,
        S3,
        KMS
    }

    public String getAwsAccessKey() {
        return this.awsAccessKey;
    }

    @Config("s3.aws-access-key")
    public S3FileSystemConfig setAwsAccessKey(String str) {
        this.awsAccessKey = str;
        return this;
    }

    public String getAwsSecretKey() {
        return this.awsSecretKey;
    }

    @ConfigSecuritySensitive
    @Config("s3.aws-secret-key")
    public S3FileSystemConfig setAwsSecretKey(String str) {
        this.awsSecretKey = str;
        return this;
    }

    public String getEndpoint() {
        return this.endpoint;
    }

    @Config("s3.endpoint")
    public S3FileSystemConfig setEndpoint(String str) {
        this.endpoint = str;
        return this;
    }

    public String getRegion() {
        return this.region;
    }

    @Config("s3.region")
    public S3FileSystemConfig setRegion(String str) {
        this.region = str;
        return this;
    }

    public boolean isPathStyleAccess() {
        return this.pathStyleAccess;
    }

    @ConfigDescription("Use path-style access for all requests to S3")
    @Config("s3.path-style-access")
    public S3FileSystemConfig setPathStyleAccess(boolean z) {
        this.pathStyleAccess = z;
        return this;
    }

    public String getIamRole() {
        return this.iamRole;
    }

    @ConfigDescription("ARN of an IAM role to assume when connecting to S3")
    @Config("s3.iam-role")
    public S3FileSystemConfig setIamRole(String str) {
        this.iamRole = str;
        return this;
    }

    @NotNull
    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    @ConfigDescription("Role session name to use when connecting to S3")
    @Config("s3.role-session-name")
    public S3FileSystemConfig setRoleSessionName(String str) {
        this.roleSessionName = str;
        return this;
    }

    public String getExternalId() {
        return this.externalId;
    }

    @ConfigDescription("External ID for the IAM role trust policy when connecting to S3")
    @Config("s3.external-id")
    public S3FileSystemConfig setExternalId(String str) {
        this.externalId = str;
        return this;
    }

    public String getStsEndpoint() {
        return this.stsEndpoint;
    }

    @Config("s3.sts.endpoint")
    public S3FileSystemConfig setStsEndpoint(String str) {
        this.stsEndpoint = str;
        return this;
    }

    public String getStsRegion() {
        return this.stsRegion;
    }

    @Config("s3.sts.region")
    public S3FileSystemConfig setStsRegion(String str) {
        this.stsRegion = str;
        return this;
    }

    @NotNull
    public ObjectCannedAcl getCannedAcl() {
        return this.objectCannedAcl;
    }

    @ConfigDescription("Canned ACL (predefined grants) to manage access to objects")
    @Config("s3.canned-acl")
    public S3FileSystemConfig setCannedAcl(ObjectCannedAcl objectCannedAcl) {
        this.objectCannedAcl = objectCannedAcl;
        return this;
    }

    public RetryMode getRetryMode() {
        return this.retryMode;
    }

    @ConfigDescription("Specifies how the AWS SDK attempts retries, default is LEGACY")
    @Config("s3.retry-mode")
    public S3FileSystemConfig setRetryMode(RetryMode retryMode) {
        this.retryMode = retryMode;
        return this;
    }

    @Min(1)
    public int getMaxErrorRetries() {
        return this.maxErrorRetries;
    }

    @Config("s3.max-error-retries")
    public S3FileSystemConfig setMaxErrorRetries(int i) {
        this.maxErrorRetries = i;
        return this;
    }

    @NotNull
    public S3SseType getSseType() {
        return this.sseType;
    }

    @Config("s3.sse.type")
    public S3FileSystemConfig setSseType(S3SseType s3SseType) {
        this.sseType = s3SseType;
        return this;
    }

    public String getSseKmsKeyId() {
        return this.sseKmsKeyId;
    }

    @ConfigDescription("KMS Key ID to use for S3 server-side encryption with KMS-managed key")
    @Config("s3.sse.kms-key-id")
    public S3FileSystemConfig setSseKmsKeyId(String str) {
        this.sseKmsKeyId = str;
        return this;
    }

    public boolean isUseWebIdentityTokenCredentialsProvider() {
        return this.useWebIdentityTokenCredentialsProvider;
    }

    @Config("s3.use-web-identity-token-credentials-provider")
    public S3FileSystemConfig setUseWebIdentityTokenCredentialsProvider(boolean z) {
        this.useWebIdentityTokenCredentialsProvider = z;
        return this;
    }

    @MaxDataSize("256MB")
    @NotNull
    @MinDataSize("5MB")
    public DataSize getStreamingPartSize() {
        return this.streamingPartSize;
    }

    @ConfigDescription("Part size for S3 streaming upload")
    @Config("s3.streaming.part-size")
    public S3FileSystemConfig setStreamingPartSize(DataSize dataSize) {
        this.streamingPartSize = dataSize;
        return this;
    }

    public boolean isRequesterPays() {
        return this.requesterPays;
    }

    @Config("s3.requester-pays")
    public S3FileSystemConfig setRequesterPays(boolean z) {
        this.requesterPays = z;
        return this;
    }

    @Min(1)
    public Integer getMaxConnections() {
        return this.maxConnections;
    }

    @Config("s3.max-connections")
    public S3FileSystemConfig setMaxConnections(Integer num) {
        this.maxConnections = num;
        return this;
    }

    public Optional<Duration> getConnectionTtl() {
        return Optional.ofNullable(this.connectionTtl);
    }

    @ConfigDescription("Maximum time allowed for connections to be reused before being replaced in the connection pool")
    @Config("s3.connection-ttl")
    public S3FileSystemConfig setConnectionTtl(Duration duration) {
        this.connectionTtl = duration;
        return this;
    }

    public Optional<Duration> getConnectionMaxIdleTime() {
        return Optional.ofNullable(this.connectionMaxIdleTime);
    }

    @ConfigDescription("Maximum time allowed for connections to remain idle in the connection pool before being closed")
    @Config("s3.connection-max-idle-time")
    public S3FileSystemConfig setConnectionMaxIdleTime(Duration duration) {
        this.connectionMaxIdleTime = duration;
        return this;
    }

    public Optional<Duration> getSocketConnectTimeout() {
        return Optional.ofNullable(this.socketConnectTimeout);
    }

    @ConfigDescription("Maximum time allowed for socket connect to complete before timing out")
    @Config("s3.socket-connect-timeout")
    public S3FileSystemConfig setSocketConnectTimeout(Duration duration) {
        this.socketConnectTimeout = duration;
        return this;
    }

    public Optional<Duration> getSocketReadTimeout() {
        return Optional.ofNullable(this.socketReadTimeout);
    }

    @ConfigDescription("Maximum time allowed for socket reads before timing out")
    @Config("s3.socket-read-timeout")
    public S3FileSystemConfig setSocketReadTimeout(Duration duration) {
        this.socketReadTimeout = duration;
        return this;
    }

    public boolean getTcpKeepAlive() {
        return this.tcpKeepAlive;
    }

    @ConfigDescription("Enable TCP keep alive on created connections")
    @Config("s3.tcp-keep-alive")
    public S3FileSystemConfig setTcpKeepAlive(boolean z) {
        this.tcpKeepAlive = z;
        return this;
    }

    public HostAndPort getHttpProxy() {
        return this.httpProxy;
    }

    @Config("s3.http-proxy")
    public S3FileSystemConfig setHttpProxy(HostAndPort hostAndPort) {
        this.httpProxy = hostAndPort;
        return this;
    }

    public boolean isHttpProxySecure() {
        return this.httpProxySecure;
    }

    @Config("s3.http-proxy.secure")
    public S3FileSystemConfig setHttpProxySecure(boolean z) {
        this.httpProxySecure = z;
        return this;
    }

    public String getHttpProxyUsername() {
        return this.httpProxyUsername;
    }

    @Config("s3.http-proxy.username")
    public S3FileSystemConfig setHttpProxyUsername(String str) {
        this.httpProxyUsername = str;
        return this;
    }

    public String getHttpProxyPassword() {
        return this.httpProxyPassword;
    }

    @ConfigSecuritySensitive
    @Config("s3.http-proxy.password")
    public S3FileSystemConfig setHttpProxyPassword(String str) {
        this.httpProxyPassword = str;
        return this;
    }

    public boolean getHttpProxyPreemptiveBasicProxyAuth() {
        return this.preemptiveBasicProxyAuth;
    }

    @Config("s3.http-proxy.preemptive-basic-auth")
    public S3FileSystemConfig setHttpProxyPreemptiveBasicProxyAuth(boolean z) {
        this.preemptiveBasicProxyAuth = z;
        return this;
    }

    public Set<String> getNonProxyHosts() {
        return this.nonProxyHosts;
    }

    @Config("s3.http-proxy.non-proxy-hosts")
    public S3FileSystemConfig setNonProxyHosts(String str) {
        this.nonProxyHosts = ImmutableSet.copyOf(Splitter.on(',').omitEmptyStrings().trimResults().split(Strings.nullToEmpty(str)));
        return this;
    }

    public boolean isSupportsExclusiveCreate() {
        return this.supportsExclusiveCreate;
    }

    @ConfigDescription("Whether S3-compatible storage supports exclusive create (true for Minio and AWS S3)")
    @Config("s3.exclusive-create")
    public S3FileSystemConfig setSupportsExclusiveCreate(boolean z) {
        this.supportsExclusiveCreate = z;
        return this;
    }
}
