package io.trino.filesystem.s3;

import com.google.inject.Inject;
import io.airlift.concurrent.Threads;
import io.opentelemetry.api.OpenTelemetry;
import io.opentelemetry.instrumentation.awssdk.v2_2.AwsSdkTelemetry;
import io.trino.filesystem.Location;
import io.trino.filesystem.TrinoFileSystemFactory;
import io.trino.filesystem.s3.S3FileSystemConfig;
import jakarta.annotation.PreDestroy;
import java.net.URI;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Executor;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.function.Function;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3ClientBuilder;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;

/* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemLoader.class */
final class S3FileSystemLoader implements Function<Location, TrinoFileSystemFactory> {
    private final Optional<S3SecurityMappingProvider> mappingProvider;
    private final SdkHttpClient httpClient;
    private final S3ClientFactory clientFactory;
    private final S3Context context;
    private final ExecutorService uploadExecutor;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/trino/filesystem/s3/S3FileSystemLoader$S3ClientFactory.class */
    public interface S3ClientFactory {
        S3Client create(Optional<S3SecurityMappingResult> optional);
    }

    @Inject
    public S3FileSystemLoader(S3SecurityMappingProvider s3SecurityMappingProvider, OpenTelemetry openTelemetry, S3FileSystemConfig s3FileSystemConfig) {
        this((Optional<S3SecurityMappingProvider>) Optional.of(s3SecurityMappingProvider), openTelemetry, s3FileSystemConfig);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public S3FileSystemLoader(OpenTelemetry openTelemetry, S3FileSystemConfig s3FileSystemConfig) {
        this((Optional<S3SecurityMappingProvider>) Optional.empty(), openTelemetry, s3FileSystemConfig);
    }

    private S3FileSystemLoader(Optional<S3SecurityMappingProvider> optional, OpenTelemetry openTelemetry, S3FileSystemConfig s3FileSystemConfig) {
        this.uploadExecutor = Executors.newCachedThreadPool(Threads.daemonThreadsNamed("s3-upload-%s"));
        this.mappingProvider = (Optional) Objects.requireNonNull(optional, "mappingProvider is null");
        this.httpClient = createHttpClient(s3FileSystemConfig);
        this.clientFactory = s3ClientFactory(this.httpClient, openTelemetry, s3FileSystemConfig);
        this.context = new S3Context(Math.toIntExact(s3FileSystemConfig.getStreamingPartSize().toBytes()), s3FileSystemConfig.isRequesterPays(), s3FileSystemConfig.getSseType(), s3FileSystemConfig.getSseKmsKeyId(), Optional.empty(), s3FileSystemConfig.getCannedAcl(), s3FileSystemConfig.isSupportsExclusiveCreate());
    }

    @Override // java.util.function.Function
    public TrinoFileSystemFactory apply(Location location) {
        return new S3SecurityMappingFileSystemFactory(this.mappingProvider.orElseThrow(), this.clientFactory, this.context, location, this.uploadExecutor);
    }

    @PreDestroy
    public void destroy() {
        SdkHttpClient sdkHttpClient = this.httpClient;
        try {
            this.uploadExecutor.shutdownNow();
            if (sdkHttpClient != null) {
                sdkHttpClient.close();
            }
        } catch (Throwable th) {
            if (sdkHttpClient != null) {
                try {
                    sdkHttpClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public S3Client createClient() {
        return this.clientFactory.create(Optional.empty());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public S3Context context() {
        return this.context;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Executor uploadExecutor() {
        return this.uploadExecutor;
    }

    private static S3ClientFactory s3ClientFactory(SdkHttpClient sdkHttpClient, OpenTelemetry openTelemetry, S3FileSystemConfig s3FileSystemConfig) {
        ClientOverrideConfiguration createOverrideConfiguration = createOverrideConfiguration(openTelemetry, s3FileSystemConfig);
        Optional<AwsCredentialsProvider> createStaticCredentialsProvider = createStaticCredentialsProvider(s3FileSystemConfig);
        Optional ofNullable = Optional.ofNullable(s3FileSystemConfig.getRegion());
        Optional ofNullable2 = Optional.ofNullable(s3FileSystemConfig.getEndpoint());
        boolean isPathStyleAccess = s3FileSystemConfig.isPathStyleAccess();
        boolean isUseWebIdentityTokenCredentialsProvider = s3FileSystemConfig.isUseWebIdentityTokenCredentialsProvider();
        Optional ofNullable3 = Optional.ofNullable(s3FileSystemConfig.getIamRole());
        String roleSessionName = s3FileSystemConfig.getRoleSessionName();
        String externalId = s3FileSystemConfig.getExternalId();
        return optional -> {
            Optional or = optional.flatMap((v0) -> {
                return v0.credentialsProvider();
            }).or(() -> {
                return createStaticCredentialsProvider;
            });
            Optional or2 = optional.flatMap((v0) -> {
                return v0.region();
            }).or(() -> {
                return ofNullable;
            });
            Optional or3 = optional.flatMap((v0) -> {
                return v0.endpoint();
            }).or(() -> {
                return ofNullable2;
            });
            Optional or4 = optional.flatMap((v0) -> {
                return v0.iamRole();
            }).or(() -> {
                return ofNullable3;
            });
            String str = (String) optional.flatMap((v0) -> {
                return v0.roleSessionName();
            }).orElse(roleSessionName);
            S3ClientBuilder builder = S3Client.builder();
            builder.overrideConfiguration(createOverrideConfiguration);
            builder.httpClient(sdkHttpClient);
            Optional map = or2.map(Region::of);
            Objects.requireNonNull(builder);
            map.ifPresent(builder::region);
            Optional map2 = or3.map(URI::create);
            Objects.requireNonNull(builder);
            map2.ifPresent(builder::endpointOverride);
            builder.forcePathStyle(Boolean.valueOf(isPathStyleAccess));
            if (isUseWebIdentityTokenCredentialsProvider) {
                builder.credentialsProvider(WebIdentityTokenFileCredentialsProvider.builder().asyncCredentialUpdateEnabled(true).build());
            } else if (or4.isPresent()) {
                builder.credentialsProvider(StsAssumeRoleCredentialsProvider.builder().refreshRequest(builder2 -> {
                    builder2.roleArn((String) or4.get()).roleSessionName(str).externalId(externalId);
                }).stsClient(createStsClient(s3FileSystemConfig, or)).asyncCredentialUpdateEnabled(true).build());
            } else {
                Objects.requireNonNull(builder);
                or.ifPresent(builder::credentialsProvider);
            }
            return (S3Client) builder.build();
        };
    }

    private static Optional<AwsCredentialsProvider> createStaticCredentialsProvider(S3FileSystemConfig s3FileSystemConfig) {
        return (s3FileSystemConfig.getAwsAccessKey() == null && s3FileSystemConfig.getAwsSecretKey() == null) ? Optional.empty() : Optional.of(StaticCredentialsProvider.create(AwsBasicCredentials.create(s3FileSystemConfig.getAwsAccessKey(), s3FileSystemConfig.getAwsSecretKey())));
    }

    private static StsClient createStsClient(S3FileSystemConfig s3FileSystemConfig, Optional<AwsCredentialsProvider> optional) {
        StsClientBuilder builder = StsClient.builder();
        Optional map = Optional.ofNullable(s3FileSystemConfig.getStsEndpoint()).map(URI::create);
        Objects.requireNonNull(builder);
        map.ifPresent(builder::endpointOverride);
        Optional map2 = Optional.ofNullable(s3FileSystemConfig.getStsRegion()).or(() -> {
            return Optional.ofNullable(s3FileSystemConfig.getRegion());
        }).map(Region::of);
        Objects.requireNonNull(builder);
        map2.ifPresent(builder::region);
        Objects.requireNonNull(builder);
        optional.ifPresent(builder::credentialsProvider);
        return (StsClient) builder.build();
    }

    private static ClientOverrideConfiguration createOverrideConfiguration(OpenTelemetry openTelemetry, S3FileSystemConfig s3FileSystemConfig) {
        return (ClientOverrideConfiguration) ClientOverrideConfiguration.builder().addExecutionInterceptor(AwsSdkTelemetry.builder(openTelemetry).setCaptureExperimentalSpanAttributes(true).setRecordIndividualHttpError(true).build().newExecutionInterceptor()).retryStrategy(S3FileSystemConfig.RetryMode.getRetryStrategy(s3FileSystemConfig.getRetryMode()).toBuilder().maxAttempts(s3FileSystemConfig.getMaxErrorRetries()).build()).build();
    }

    private static SdkHttpClient createHttpClient(S3FileSystemConfig s3FileSystemConfig) {
        ApacheHttpClient.Builder tcpKeepAlive = ApacheHttpClient.builder().maxConnections(s3FileSystemConfig.getMaxConnections()).tcpKeepAlive(Boolean.valueOf(s3FileSystemConfig.getTcpKeepAlive()));
        s3FileSystemConfig.getConnectionTtl().ifPresent(duration -> {
            tcpKeepAlive.connectionTimeToLive(duration.toJavaTime());
        });
        s3FileSystemConfig.getConnectionMaxIdleTime().ifPresent(duration2 -> {
            tcpKeepAlive.connectionMaxIdleTime(duration2.toJavaTime());
        });
        s3FileSystemConfig.getSocketConnectTimeout().ifPresent(duration3 -> {
            tcpKeepAlive.connectionTimeout(duration3.toJavaTime());
        });
        s3FileSystemConfig.getSocketReadTimeout().ifPresent(duration4 -> {
            tcpKeepAlive.socketTimeout(duration4.toJavaTime());
        });
        if (s3FileSystemConfig.getHttpProxy() != null) {
            ProxyConfiguration.Builder builder = ProxyConfiguration.builder();
            Object[] objArr = new Object[2];
            objArr[0] = s3FileSystemConfig.isHttpProxySecure() ? "https" : "http";
            objArr[1] = s3FileSystemConfig.getHttpProxy();
            tcpKeepAlive.proxyConfiguration((ProxyConfiguration) builder.endpoint(URI.create("%s://%s".formatted(objArr))).username(s3FileSystemConfig.getHttpProxyUsername()).password(s3FileSystemConfig.getHttpProxyPassword()).nonProxyHosts(s3FileSystemConfig.getNonProxyHosts()).preemptiveBasicAuthenticationEnabled(Boolean.valueOf(s3FileSystemConfig.getHttpProxyPreemptiveBasicProxyAuth())).build());
        }
        return tcpKeepAlive.build();
    }
}
