package io.camunda.document.store.aws;

import io.camunda.document.api.DocumentContent;
import io.camunda.document.api.DocumentCreationRequest;
import io.camunda.document.api.DocumentError;
import io.camunda.document.api.DocumentLink;
import io.camunda.document.api.DocumentMetadataModel;
import io.camunda.document.api.DocumentReference;
import io.camunda.document.api.DocumentStore;
import io.camunda.zeebe.util.Either;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.time.Duration;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneId;
import java.time.temporal.TemporalAmount;
import java.util.Collections;
import java.util.HashMap;
import java.util.HexFormat;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.HeadBucketRequest;
import software.amazon.awssdk.services.s3.model.HeadObjectRequest;
import software.amazon.awssdk.services.s3.model.HeadObjectResponse;
import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.services.s3.model.Tag;
import software.amazon.awssdk.services.s3.model.Tagging;
import software.amazon.awssdk.services.s3.presigner.S3Presigner;
import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest;

/* loaded from: input_file:io/camunda/document/store/aws/AwsDocumentStore.class */
public class AwsDocumentStore implements DocumentStore {
    public static final String CONTENT_HASH_METADATA_KEY = "content-hash";
    public static final String EXPIRES_AT_METADATA_KEY = "expires-at";
    public static final String FILENAME_METADATA_KEY = "filename";
    public static final String SIZE_METADATA_KEY = "size";
    public static final String CONTENT_TYPE_METADATA_KEY = "content-type";
    private static final Logger LOGGER = LoggerFactory.getLogger(AwsDocumentStore.class);
    private static final Tag NO_AUTO_DELETE_TAG = (Tag) Tag.builder().key("NoAutoDelete").value("true").build();
    private static final String METADATA_PROCESS_DEFINITION_ID = "camunda.processDefinitionId";
    private static final String METADATA_PROCESS_INSTANCE_KEY = "camunda.processInstanceKey";
    private final String bucketName;
    private final S3Client client;
    private final ExecutorService executor;
    private final S3Presigner preSigner;
    private final Long defaultTTL;
    private final String bucketPath;

    public AwsDocumentStore(String str, Long l, String str2, ExecutorService executorService) {
        this(str, l, str2, S3Client.create(), executorService, S3Presigner.create());
    }

    public AwsDocumentStore(String str, Long l, String str2, S3Client s3Client, ExecutorService executorService, S3Presigner s3Presigner) {
        this.bucketName = str;
        this.defaultTTL = l;
        this.bucketPath = str2;
        this.client = s3Client;
        this.executor = executorService;
        this.preSigner = s3Presigner;
    }

    public CompletableFuture<Either<DocumentError, DocumentReference>> createDocument(DocumentCreationRequest documentCreationRequest) {
        return CompletableFuture.supplyAsync(() -> {
            return createDocumentInternal(documentCreationRequest);
        }, this.executor);
    }

    public CompletableFuture<Either<DocumentError, DocumentContent>> getDocument(String str) {
        return CompletableFuture.supplyAsync(() -> {
            return getDocumentInternal(str);
        }, this.executor);
    }

    public CompletableFuture<Either<DocumentError, Void>> deleteDocument(String str) {
        return CompletableFuture.supplyAsync(() -> {
            return deleteDocumentInternal(str);
        }, this.executor);
    }

    public CompletableFuture<Either<DocumentError, DocumentLink>> createLink(String str, long j) {
        return CompletableFuture.supplyAsync(() -> {
            return linkDocumentInternal(str, j);
        }, this.executor);
    }

    public CompletableFuture<Either<DocumentError, Void>> verifyContentHash(String str, String str2) {
        return CompletableFuture.supplyAsync(() -> {
            return verifyContentHashInternal(str, str2);
        }, this.executor);
    }

    public void validateSetup() {
        try {
            this.client.headBucket((HeadBucketRequest) HeadBucketRequest.builder().bucket(this.bucketName).build());
            LOGGER.info("Successfully accessed bucket '{}'", this.bucketName);
        } catch (NoSuchBucketException e) {
            LOGGER.warn("Bucket '{}' does not exist. {}", this.bucketName, "The application will continue to operate, but document handling features may be unavailable or limited.");
        } catch (Exception e2) {
            LOGGER.warn("Unexpected error while accessing bucket '{}'. {}", new Object[]{this.bucketName, "The application will continue to operate, but document handling features may be unavailable or limited.", e2});
        } catch (S3Exception e3) {
            LOGGER.warn("Could not access bucket '{}'. {}", new Object[]{this.bucketName, "The application will continue to operate, but document handling features may be unavailable or limited.", e3});
        }
    }

    private Either<DocumentError, DocumentReference> createDocumentInternal(DocumentCreationRequest documentCreationRequest) {
        try {
            String str = (String) Objects.requireNonNullElse(documentCreationRequest.documentId(), UUID.randomUUID().toString());
            return getDocumentInfo(str) != null ? Either.left(new DocumentError.DocumentAlreadyExists(str)) : uploadDocument(documentCreationRequest, str);
        } catch (Exception e) {
            return Either.left(new DocumentError.UnknownDocumentError(e));
        }
    }

    private Either<DocumentError, DocumentContent> getDocumentInternal(String str) {
        try {
            GetObjectRequest getObjectRequest = (GetObjectRequest) GetObjectRequest.builder().key(resolveKey(str)).bucket(this.bucketName).build();
            HeadObjectResponse documentInfo = getDocumentInfo(str);
            return (documentInfo == null || !isDocumentExpired(documentInfo.metadata(), str)) ? Either.right(new DocumentContent(this.client.getObject(getObjectRequest), (String) Optional.ofNullable(documentInfo).map((v0) -> {
                return v0.contentType();
            }).orElse(null))) : Either.left(new DocumentError.DocumentNotFound(str));
        } catch (Exception e) {
            return Either.left(getDocumentError(str, e));
        }
    }

    private Either<DocumentError, Void> deleteDocumentInternal(String str) {
        try {
            this.client.deleteObject((DeleteObjectRequest) DeleteObjectRequest.builder().bucket(this.bucketName).key(resolveKey(str)).build());
            return Either.right((Object) null);
        } catch (Exception e) {
            return Either.left(getDocumentError(str, e));
        }
    }

    private Either<DocumentError, DocumentLink> linkDocumentInternal(String str, long j) {
        try {
            if (j <= 0) {
                return Either.left(new DocumentError.InvalidInput("Duration must be greater than 0"));
            }
            HeadObjectResponse documentInfo = getDocumentInfo(str);
            if (documentInfo == null || isDocumentExpired(documentInfo.metadata(), str)) {
                return Either.left(new DocumentError.DocumentNotFound(str));
            }
            return Either.right(new DocumentLink(this.preSigner.presignGetObject(GetObjectPresignRequest.builder().signatureDuration(Duration.ofMillis(j)).getObjectRequest((GetObjectRequest) GetObjectRequest.builder().bucket(this.bucketName).key(resolveKey(str)).build()).build()).url().toString(), OffsetDateTime.ofInstant(Instant.now().plusMillis(j), ZoneId.systemDefault())));
        } catch (Exception e) {
            return Either.left(getDocumentError(str, e));
        }
    }

    private Either<DocumentError, Void> verifyContentHashInternal(String str, String str2) {
        try {
            HeadObjectResponse documentInfo = getDocumentInfo(str);
            return documentInfo == null ? Either.left(new DocumentError.DocumentNotFound(str)) : !documentInfo.hasMetadata() ? Either.left(new DocumentError.InvalidInput("No metadata found for document")) : !documentInfo.metadata().containsKey(CONTENT_HASH_METADATA_KEY) ? Either.left(new DocumentError.InvalidInput("No content hash found for document")) : !((String) documentInfo.metadata().get(CONTENT_HASH_METADATA_KEY.toLowerCase())).equals(str2) ? Either.left(new DocumentError.DocumentHashMismatch(str, str2)) : Either.right((Object) null);
        } catch (Exception e) {
            return Either.left(new DocumentError.UnknownDocumentError(e));
        }
    }

    private HeadObjectResponse getDocumentInfo(String str) {
        try {
            return this.client.headObject((HeadObjectRequest) HeadObjectRequest.builder().bucket(this.bucketName).key(resolveKey(str)).build());
        } catch (S3Exception e) {
            if (e.statusCode() == 404) {
                return null;
            }
            throw e;
        }
    }

    private boolean isDocumentExpired(Map<String, String> map, String str) {
        String str2;
        if (map == null || (str2 = map.get(EXPIRES_AT_METADATA_KEY)) == null || !OffsetDateTime.parse(str2).isBefore(OffsetDateTime.now())) {
            return false;
        }
        deleteDocumentInternal(str);
        return true;
    }

    private Either<DocumentError, DocumentReference> uploadDocument(DocumentCreationRequest documentCreationRequest, String str) {
        String resolveFileName = resolveFileName(documentCreationRequest.metadata(), str);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            DigestInputStream digestInputStream = new DigestInputStream(documentCreationRequest.contentInputStream(), messageDigest);
            String formatHex = HexFormat.of().formatHex(messageDigest.digest());
            this.client.putObject((PutObjectRequest) PutObjectRequest.builder().key(resolveKey(str)).bucket(this.bucketName).metadata(toS3MetaData(documentCreationRequest.metadata(), resolveFileName, formatHex)).tagging(generateExpiryTag(documentCreationRequest.metadata().expiresAt())).build(), RequestBody.fromInputStream(digestInputStream, documentCreationRequest.metadata().size().longValue()));
            return Either.right(new DocumentReference(str, formatHex, new DocumentMetadataModel(documentCreationRequest.metadata().contentType(), resolveFileName(documentCreationRequest.metadata(), str), documentCreationRequest.metadata().expiresAt(), documentCreationRequest.metadata().size(), documentCreationRequest.metadata().processDefinitionId(), documentCreationRequest.metadata().processInstanceKey(), documentCreationRequest.metadata().customProperties())));
        } catch (Exception e) {
            return Either.left(new DocumentError.UnknownDocumentError(e));
        }
    }

    private Map<String, String> toS3MetaData(DocumentMetadataModel documentMetadataModel, String str, String str2) {
        if (documentMetadataModel == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        putIfPresent(CONTENT_TYPE_METADATA_KEY, documentMetadataModel.contentType(), hashMap);
        putIfPresent(SIZE_METADATA_KEY, documentMetadataModel.size(), hashMap);
        putIfPresent(FILENAME_METADATA_KEY, str, hashMap);
        putIfPresent(EXPIRES_AT_METADATA_KEY, documentMetadataModel.expiresAt(), hashMap);
        hashMap.put(CONTENT_HASH_METADATA_KEY, str2);
        if (documentMetadataModel.customProperties() != null) {
            documentMetadataModel.customProperties().forEach((str3, obj) -> {
                hashMap.put(str3, String.valueOf(obj));
            });
        }
        putIfPresent(METADATA_PROCESS_DEFINITION_ID, documentMetadataModel.processDefinitionId(), hashMap);
        putIfPresent(METADATA_PROCESS_INSTANCE_KEY, documentMetadataModel.processInstanceKey(), hashMap);
        return hashMap;
    }

    private <T> void putIfPresent(String str, T t, Map<String, String> map) {
        if (t != null) {
            map.put(str, t.toString());
        }
    }

    private static DocumentError getDocumentError(String str, Exception exc) {
        return ((exc instanceof S3Exception) && ((S3Exception) exc).statusCode() == 404) ? new DocumentError.DocumentNotFound(str) : new DocumentError.UnknownDocumentError(exc);
    }

    private Tagging generateExpiryTag(OffsetDateTime offsetDateTime) {
        return (Tagging) Tagging.builder().tagSet(offsetDateTime != null && this.defaultTTL != null && offsetDateTime.isAfter(OffsetDateTime.now().plus((TemporalAmount) Duration.ofDays(this.defaultTTL.longValue()))) ? Collections.singletonList(NO_AUTO_DELETE_TAG) : Collections.emptyList()).build();
    }

    private String resolveKey(String str) {
        return this.bucketPath + str;
    }

    private String resolveFileName(DocumentMetadataModel documentMetadataModel, String str) {
        return documentMetadataModel.fileName() != null ? documentMetadataModel.fileName() : str;
    }
}
