package org.apache.druid.data.input.s3;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.model.S3ObjectSummary;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.fasterxml.jackson.annotation.JacksonInject;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import java.net.URI;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.druid.common.aws.AWSClientConfig;
import org.apache.druid.common.aws.AWSEndpointConfig;
import org.apache.druid.common.aws.AWSProxyConfig;
import org.apache.druid.data.input.InputEntity;
import org.apache.druid.data.input.InputFileAttribute;
import org.apache.druid.data.input.InputSource;
import org.apache.druid.data.input.InputSplit;
import org.apache.druid.data.input.SplitHintSpec;
import org.apache.druid.data.input.impl.CloudObjectInputSource;
import org.apache.druid.data.input.impl.CloudObjectLocation;
import org.apache.druid.data.input.impl.SplittableInputSource;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.storage.s3.S3InputDataConfig;
import org.apache.druid.storage.s3.S3StorageDruidModule;
import org.apache.druid.storage.s3.S3Utils;
import org.apache.druid.storage.s3.ServerSideEncryptingAmazonS3;
import org.apache.druid.utils.Streams;

/* loaded from: input_file:org/apache/druid/data/input/s3/S3InputSource.class */
public class S3InputSource extends CloudObjectInputSource {
    private final Supplier<ServerSideEncryptingAmazonS3> s3ClientSupplier;

    @JsonProperty("properties")
    private final S3InputSourceConfig s3InputSourceConfig;
    private final S3InputDataConfig inputDataConfig;
    private final AWSProxyConfig awsProxyConfig;
    private final AWSClientConfig awsClientConfig;
    private final AWSEndpointConfig awsEndpointConfig;
    private final AWSCredentialsProvider awsCredentialsProvider;
    private int maxRetries;

    @JsonCreator
    public S3InputSource(@JacksonInject ServerSideEncryptingAmazonS3 serverSideEncryptingAmazonS3, @JacksonInject ServerSideEncryptingAmazonS3.Builder builder, @JacksonInject S3InputDataConfig s3InputDataConfig, @JsonProperty("uris") @Nullable List<URI> list, @JsonProperty("prefixes") @Nullable List<URI> list2, @JsonProperty("objects") @Nullable List<CloudObjectLocation> list3, @JsonProperty("properties") @Nullable S3InputSourceConfig s3InputSourceConfig, @JsonProperty("proxyConfig") @Nullable AWSProxyConfig aWSProxyConfig, @JsonProperty("endpointConfig") @Nullable AWSEndpointConfig aWSEndpointConfig, @JsonProperty("clientConfig") @Nullable AWSClientConfig aWSClientConfig, @JacksonInject AWSCredentialsProvider aWSCredentialsProvider) {
        super(S3StorageDruidModule.SCHEME, list, list2, list3);
        this.inputDataConfig = (S3InputDataConfig) Preconditions.checkNotNull(s3InputDataConfig, "S3DataSegmentPusherConfig");
        Preconditions.checkNotNull(serverSideEncryptingAmazonS3, "s3Client");
        this.s3InputSourceConfig = s3InputSourceConfig;
        this.awsProxyConfig = aWSProxyConfig;
        this.awsClientConfig = aWSClientConfig;
        this.awsEndpointConfig = aWSEndpointConfig;
        this.s3ClientSupplier = Suppliers.memoize(() -> {
            if (builder == null || s3InputSourceConfig == null) {
                return serverSideEncryptingAmazonS3;
            }
            if (aWSEndpointConfig != null && aWSEndpointConfig.getUrl() != null) {
                builder.getAmazonS3ClientBuilder().setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(aWSEndpointConfig.getUrl(), aWSEndpointConfig.getSigningRegion()));
                if (aWSClientConfig != null) {
                    builder.getAmazonS3ClientBuilder().withChunkedEncodingDisabled(Boolean.valueOf(aWSClientConfig.isDisableChunkedEncoding())).withPathStyleAccessEnabled(Boolean.valueOf(aWSClientConfig.isEnablePathStyleAccess())).withForceGlobalBucketAccessEnabled(Boolean.valueOf(aWSClientConfig.isForceGlobalBucketAccessEnabled()));
                    if (aWSProxyConfig != null) {
                        builder.getAmazonS3ClientBuilder().withClientConfiguration(S3Utils.setProxyConfig(builder.getAmazonS3ClientBuilder().getClientConfiguration(), aWSProxyConfig).withProtocol(S3Utils.determineProtocol(aWSClientConfig, aWSEndpointConfig)));
                    }
                }
            }
            if (!s3InputSourceConfig.isCredentialsConfigured()) {
                applyAssumeRole(builder, s3InputSourceConfig, aWSCredentialsProvider);
            } else if (s3InputSourceConfig.getAssumeRoleArn() == null) {
                builder.getAmazonS3ClientBuilder().withCredentials(createStaticCredentialsProvider(s3InputSourceConfig));
            } else {
                applyAssumeRole(builder, s3InputSourceConfig, createStaticCredentialsProvider(s3InputSourceConfig));
            }
            return builder.build();
        });
        this.maxRetries = 10;
        this.awsCredentialsProvider = aWSCredentialsProvider;
    }

    @VisibleForTesting
    public S3InputSource(ServerSideEncryptingAmazonS3 serverSideEncryptingAmazonS3, ServerSideEncryptingAmazonS3.Builder builder, S3InputDataConfig s3InputDataConfig, List<URI> list, List<URI> list2, List<CloudObjectLocation> list3, S3InputSourceConfig s3InputSourceConfig, AWSProxyConfig aWSProxyConfig, AWSEndpointConfig aWSEndpointConfig, AWSClientConfig aWSClientConfig) {
        this(serverSideEncryptingAmazonS3, builder, s3InputDataConfig, list, list2, list3, s3InputSourceConfig, aWSProxyConfig, aWSEndpointConfig, aWSClientConfig, (AWSCredentialsProvider) null);
    }

    @VisibleForTesting
    public S3InputSource(ServerSideEncryptingAmazonS3 serverSideEncryptingAmazonS3, ServerSideEncryptingAmazonS3.Builder builder, S3InputDataConfig s3InputDataConfig, List<URI> list, List<URI> list2, List<CloudObjectLocation> list3, S3InputSourceConfig s3InputSourceConfig, AWSProxyConfig aWSProxyConfig, AWSEndpointConfig aWSEndpointConfig, AWSClientConfig aWSClientConfig, int i) {
        this(serverSideEncryptingAmazonS3, builder, s3InputDataConfig, list, list2, list3, s3InputSourceConfig, aWSProxyConfig, aWSEndpointConfig, aWSClientConfig, (AWSCredentialsProvider) null);
        this.maxRetries = i;
    }

    private void applyAssumeRole(ServerSideEncryptingAmazonS3.Builder builder, S3InputSourceConfig s3InputSourceConfig, AWSCredentialsProvider aWSCredentialsProvider) {
        String assumeRoleArn = s3InputSourceConfig.getAssumeRoleArn();
        if (assumeRoleArn != null) {
            STSAssumeRoleSessionCredentialsProvider.Builder withStsClient = new STSAssumeRoleSessionCredentialsProvider.Builder(assumeRoleArn, StringUtils.format("druid-s3-input-source-%s", new Object[]{UUID.randomUUID().toString()})).withStsClient((AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSCredentialsProvider).build());
            if (s3InputSourceConfig.getAssumeRoleExternalId() != null) {
                withStsClient.withExternalId(s3InputSourceConfig.getAssumeRoleExternalId());
            }
            builder.getAmazonS3ClientBuilder().withCredentials(withStsClient.build());
        }
    }

    @Nonnull
    private AWSStaticCredentialsProvider createStaticCredentialsProvider(S3InputSourceConfig s3InputSourceConfig) {
        return new AWSStaticCredentialsProvider(new BasicAWSCredentials(s3InputSourceConfig.getAccessKeyId().getPassword(), s3InputSourceConfig.getSecretAccessKey().getPassword()));
    }

    @JsonProperty("properties")
    @Nullable
    public S3InputSourceConfig getS3InputSourceConfig() {
        return this.s3InputSourceConfig;
    }

    @JsonProperty("proxyConfig")
    @Nullable
    public AWSProxyConfig getAwsProxyConfig() {
        return this.awsProxyConfig;
    }

    @JsonProperty("clientConfig")
    @Nullable
    public AWSClientConfig getAwsClientConfig() {
        return this.awsClientConfig;
    }

    @JsonProperty("endpointConfig")
    @Nullable
    public AWSEndpointConfig getAwsEndpointConfig() {
        return this.awsEndpointConfig;
    }

    protected InputEntity createEntity(CloudObjectLocation cloudObjectLocation) {
        return new S3Entity((ServerSideEncryptingAmazonS3) this.s3ClientSupplier.get(), cloudObjectLocation, this.maxRetries);
    }

    protected Stream<InputSplit<List<CloudObjectLocation>>> getPrefixesSplitStream(@Nonnull SplitHintSpec splitHintSpec) {
        return Streams.sequentialStreamFrom(splitHintSpec.split(getIterableObjectsFromPrefixes().iterator(), s3ObjectSummary -> {
            return new InputFileAttribute(s3ObjectSummary.getSize());
        })).map(list -> {
            return (List) list.stream().map(S3Utils::summaryToCloudObjectLocation).collect(Collectors.toList());
        }).map((v1) -> {
            return new InputSplit(v1);
        });
    }

    public SplittableInputSource<List<CloudObjectLocation>> withSplit(InputSplit<List<CloudObjectLocation>> inputSplit) {
        return new S3InputSource((ServerSideEncryptingAmazonS3) this.s3ClientSupplier.get(), (ServerSideEncryptingAmazonS3.Builder) null, this.inputDataConfig, (List<URI>) null, (List<URI>) null, (List<CloudObjectLocation>) inputSplit.get(), getS3InputSourceConfig(), getAwsProxyConfig(), getAwsEndpointConfig(), getAwsClientConfig(), this.awsCredentialsProvider);
    }

    public int hashCode() {
        return Objects.hash(Integer.valueOf(super.hashCode()), this.s3InputSourceConfig);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass() || !super.equals(obj)) {
            return false;
        }
        S3InputSource s3InputSource = (S3InputSource) obj;
        return Objects.equals(this.s3InputSourceConfig, s3InputSource.s3InputSourceConfig) && Objects.equals(this.awsProxyConfig, s3InputSource.awsProxyConfig) && Objects.equals(this.awsClientConfig, s3InputSource.awsClientConfig) && Objects.equals(this.awsEndpointConfig, s3InputSource.awsEndpointConfig);
    }

    public String toString() {
        return "S3InputSource{uris=" + getUris() + ", prefixes=" + getPrefixes() + ", objects=" + getObjects() + ", s3InputSourceConfig=" + getS3InputSourceConfig() + ", awsProxyConfig=" + getAwsProxyConfig() + ", awsEndpointConfig=" + getAwsEndpointConfig() + ", awsClientConfig=" + getAwsClientConfig() + '}';
    }

    private Iterable<S3ObjectSummary> getIterableObjectsFromPrefixes() {
        return () -> {
            return S3Utils.objectSummaryIterator((ServerSideEncryptingAmazonS3) this.s3ClientSupplier.get(), getPrefixes(), this.inputDataConfig.getMaxListingLength(), this.maxRetries);
        };
    }

    /* renamed from: withSplit, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ InputSource m0withSplit(InputSplit inputSplit) {
        return withSplit((InputSplit<List<CloudObjectLocation>>) inputSplit);
    }
}
