package org.apache.flink.connector.aws.util;

import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.nio.file.Paths;
import java.time.Duration;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.regex.Pattern;
import org.apache.flink.annotation.Internal;
import org.apache.flink.annotation.VisibleForTesting;
import org.apache.flink.connector.aws.config.AWSConfigConstants;
import org.apache.flink.util.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
import software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider;
import software.amazon.awssdk.http.Protocol;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.SdkHttpConfigurationOption;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
import software.amazon.awssdk.http.nio.netty.Http2Configuration;
import software.amazon.awssdk.http.nio.netty.NettyNioAsyncHttpClient;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.utils.AttributeMap;
import software.amazon.awssdk.utils.SdkAutoCloseable;

@Internal
/* loaded from: input_file:org/apache/flink/connector/aws/util/AWSGeneralUtil.class */
public class AWSGeneralUtil {
    private static final int INITIAL_WINDOW_SIZE_BYTES = 524288;
    private static final boolean TRUST_ALL_CERTIFICATES = false;
    private static final Logger LOG = LoggerFactory.getLogger(AWSGeneralUtil.class);
    private static final Duration CONNECTION_ACQUISITION_TIMEOUT = Duration.ofSeconds(60);
    private static final Duration HEALTH_CHECK_PING_PERIOD = Duration.ofSeconds(60);
    private static final Duration HTTP_CLIENT_READ_TIMEOUT = Duration.ofMinutes(6);
    private static final Protocol HTTP_PROTOCOL = Protocol.HTTP2;
    private static final int HTTP_CLIENT_MAX_CONCURRENCY = 10000;
    private static final AttributeMap HTTP_CLIENT_DEFAULTS = AttributeMap.builder().put(SdkHttpConfigurationOption.MAX_CONNECTIONS, Integer.valueOf(HTTP_CLIENT_MAX_CONCURRENCY)).put(SdkHttpConfigurationOption.READ_TIMEOUT, HTTP_CLIENT_READ_TIMEOUT).put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, false).put(SdkHttpConfigurationOption.PROTOCOL, HTTP_PROTOCOL).build();

    public static AWSConfigConstants.CredentialProvider getCredentialProviderType(Properties properties, String str) {
        if (!properties.containsKey(str)) {
            return (properties.containsKey(AWSConfigConstants.accessKeyId(str)) && properties.containsKey(AWSConfigConstants.secretKey(str))) ? AWSConfigConstants.CredentialProvider.BASIC : AWSConfigConstants.CredentialProvider.AUTO;
        }
        try {
            return AWSConfigConstants.CredentialProvider.valueOf(properties.getProperty(str));
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException(String.format("Invalid AWS Credential Provider Type %s.", properties.getProperty(str)), e);
        }
    }

    public static AwsCredentialsProvider getCredentialsProvider(Map<String, ?> map) {
        Properties properties = new Properties();
        properties.putAll(map);
        return getCredentialsProvider(properties);
    }

    public static AwsCredentialsProvider getCredentialsProvider(Properties properties) {
        return getCredentialsProvider(properties, AWSConfigConstants.AWS_CREDENTIALS_PROVIDER);
    }

    public static AwsCredentialsProvider getCredentialsProvider(Properties properties, String str) {
        AWSConfigConstants.CredentialProvider credentialProviderType = getCredentialProviderType(properties, str);
        switch (credentialProviderType) {
            case ENV_VAR:
                return EnvironmentVariableCredentialsProvider.create();
            case SYS_PROP:
                return SystemPropertyCredentialsProvider.create();
            case CUSTOM:
                return getCustomCredentialProvider(properties, AWSConfigConstants.customCredentialsProviderClass(str));
            case PROFILE:
                return getProfileCredentialProvider(properties, str);
            case BASIC:
                return () -> {
                    return AwsBasicCredentials.create(properties.getProperty(AWSConfigConstants.accessKeyId(str)), properties.getProperty(AWSConfigConstants.secretKey(str)));
                };
            case ASSUME_ROLE:
                return getAssumeRoleCredentialProvider(properties, str);
            case WEB_IDENTITY_TOKEN:
                return getWebIdentityTokenFileCredentialsProvider(WebIdentityTokenFileCredentialsProvider.builder(), properties, str);
            case AUTO:
                return DefaultCredentialsProvider.builder().build();
            default:
                throw new IllegalArgumentException("Credential provider not supported: " + credentialProviderType);
        }
    }

    public static AwsCredentialsProvider getCustomCredentialProvider(Properties properties, String str) {
        String property = properties.getProperty(str);
        if (property == null) {
            throw new RuntimeException("No custom AWS credential provider class was provided with config key " + str);
        }
        try {
            return (AwsCredentialsProvider) Class.forName(property).getDeclaredConstructor(Properties.class).newInstance(properties);
        } catch (ClassNotFoundException | NoSuchMethodException e) {
            LOG.error("Failed to find the specified custom AWS credentials provider {} {}", e.getMessage(), e);
            throw new RuntimeException(e);
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e2) {
            LOG.error("Failed to instantiate the specified custom AWS credentials provider {} {}", e2.getMessage(), e2);
            throw new RuntimeException(e2);
        }
    }

    public static AwsCredentialsProvider getProfileCredentialProvider(Properties properties, String str) {
        ProfileCredentialsProvider.Builder profileName = ProfileCredentialsProvider.builder().profileName(properties.getProperty(AWSConfigConstants.profileName(str), null));
        Optional.ofNullable(properties.getProperty(AWSConfigConstants.profilePath(str))).map(str2 -> {
            return Paths.get(str2, new String[TRUST_ALL_CERTIFICATES]);
        }).ifPresent(path -> {
            profileName.profileFile(ProfileFile.builder().type(ProfileFile.Type.CREDENTIALS).content(path).build());
        });
        return profileName.build();
    }

    private static AwsCredentialsProvider getAssumeRoleCredentialProvider(Properties properties, String str) {
        StsClientBuilder region = StsClient.builder().credentialsProvider(getCredentialsProvider(properties, AWSConfigConstants.roleCredentialsProvider(str))).region(getRegion(properties));
        Optional ofNullable = Optional.ofNullable(getStsEndpoint(properties));
        region.getClass();
        ofNullable.ifPresent(region::endpointOverride);
        return StsAssumeRoleCredentialsProvider.builder().refreshRequest((AssumeRoleRequest) AssumeRoleRequest.builder().roleArn(properties.getProperty(AWSConfigConstants.roleArn(str))).roleSessionName(properties.getProperty(AWSConfigConstants.roleSessionName(str))).externalId(properties.getProperty(AWSConfigConstants.externalId(str))).build()).stsClient((StsClient) region.build()).build();
    }

    @VisibleForTesting
    static AwsCredentialsProvider getWebIdentityTokenFileCredentialsProvider(WebIdentityTokenFileCredentialsProvider.Builder builder, Properties properties, String str) {
        Optional ofNullable = Optional.ofNullable(properties.getProperty(AWSConfigConstants.roleArn(str)));
        builder.getClass();
        ofNullable.ifPresent(builder::roleArn);
        Optional ofNullable2 = Optional.ofNullable(properties.getProperty(AWSConfigConstants.roleSessionName(str)));
        builder.getClass();
        ofNullable2.ifPresent(builder::roleSessionName);
        Optional map = Optional.ofNullable(properties.getProperty(AWSConfigConstants.webIdentityTokenFile(str))).map(str2 -> {
            return Paths.get(str2, new String[TRUST_ALL_CERTIFICATES]);
        });
        builder.getClass();
        map.ifPresent(builder::webIdentityTokenFile);
        return builder.build();
    }

    public static SdkAsyncHttpClient createAsyncHttpClient(Properties properties) {
        return createAsyncHttpClient(properties, NettyNioAsyncHttpClient.builder());
    }

    public static SdkAsyncHttpClient createAsyncHttpClient(Properties properties, NettyNioAsyncHttpClient.Builder builder) {
        AttributeMap.Builder put = AttributeMap.builder().put(SdkHttpConfigurationOption.TCP_KEEPALIVE, true);
        Optional.ofNullable(properties.getProperty(AWSConfigConstants.HTTP_CLIENT_MAX_CONCURRENCY)).map(Integer::parseInt).ifPresent(num -> {
            put.put(SdkHttpConfigurationOption.MAX_CONNECTIONS, num);
        });
        Optional.ofNullable(properties.getProperty(AWSConfigConstants.HTTP_CLIENT_READ_TIMEOUT_MILLIS)).map(Integer::parseInt).map((v0) -> {
            return Duration.ofMillis(v0);
        }).ifPresent(duration -> {
            put.put(SdkHttpConfigurationOption.READ_TIMEOUT, duration);
        });
        Optional.ofNullable(properties.getProperty(AWSConfigConstants.TRUST_ALL_CERTIFICATES)).map(Boolean::parseBoolean).ifPresent(bool -> {
            put.put(SdkHttpConfigurationOption.TRUST_ALL_CERTIFICATES, bool);
        });
        Optional.ofNullable(properties.getProperty(AWSConfigConstants.HTTP_PROTOCOL_VERSION)).map(Protocol::valueOf).ifPresent(protocol -> {
            put.put(SdkHttpConfigurationOption.PROTOCOL, protocol);
        });
        return createAsyncHttpClient(put.build(), builder);
    }

    public static SdkAsyncHttpClient createAsyncHttpClient(NettyNioAsyncHttpClient.Builder builder) {
        return createAsyncHttpClient(AttributeMap.empty(), builder);
    }

    public static SdkAsyncHttpClient createAsyncHttpClient(AttributeMap attributeMap, NettyNioAsyncHttpClient.Builder builder) {
        builder.connectionAcquisitionTimeout(CONNECTION_ACQUISITION_TIMEOUT).http2Configuration((Http2Configuration) Http2Configuration.builder().healthCheckPingPeriod(HEALTH_CHECK_PING_PERIOD).initialWindowSize(Integer.valueOf(INITIAL_WINDOW_SIZE_BYTES)).build());
        return builder.buildWithDefaults(attributeMap.merge(HTTP_CLIENT_DEFAULTS));
    }

    public static SdkHttpClient createSyncHttpClient(AttributeMap attributeMap, ApacheHttpClient.Builder builder) {
        builder.connectionAcquisitionTimeout(CONNECTION_ACQUISITION_TIMEOUT);
        return builder.buildWithDefaults(attributeMap.merge(HTTP_CLIENT_DEFAULTS));
    }

    public static Region getRegion(Properties properties) {
        return Region.of(properties.getProperty(AWSConfigConstants.AWS_REGION));
    }

    public static URI getStsEndpoint(Properties properties) {
        return (URI) Optional.ofNullable(properties.getProperty(AWSConfigConstants.AWS_ROLE_STS_ENDPOINT)).map(URI::create).orElse(null);
    }

    public static boolean isValidRegion(Region region) {
        return Pattern.matches("^[a-z]+-([a-z]+[-]{0,1}[a-z]+-([0-9]|global)|global)$", region.id());
    }

    public static void validateAwsConfiguration(Properties properties) {
        if (properties.containsKey(AWSConfigConstants.AWS_CREDENTIALS_PROVIDER)) {
            validateCredentialProvider(properties);
            if (getCredentialProviderType(properties, AWSConfigConstants.AWS_CREDENTIALS_PROVIDER) == AWSConfigConstants.CredentialProvider.BASIC && (!properties.containsKey(AWSConfigConstants.AWS_ACCESS_KEY_ID) || !properties.containsKey(AWSConfigConstants.AWS_SECRET_ACCESS_KEY))) {
                throw new IllegalArgumentException("Please set values for AWS Access Key ID ('" + AWSConfigConstants.AWS_ACCESS_KEY_ID + "') and Secret Key ('" + AWSConfigConstants.AWS_SECRET_ACCESS_KEY + "') when using the BASIC AWS credential provider type.");
            }
        }
        if (!properties.containsKey(AWSConfigConstants.AWS_REGION) || isValidRegion(getRegion(properties))) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = Region.regions().iterator();
        while (it.hasNext()) {
            sb.append((Region) it.next()).append(", ");
        }
        throw new IllegalArgumentException("Invalid AWS region set in config. Valid values are: " + sb.toString());
    }

    public static void closeResources(SdkAutoCloseable... sdkAutoCloseableArr) {
        RuntimeException runtimeException = TRUST_ALL_CERTIFICATES;
        int length = sdkAutoCloseableArr.length;
        for (int i = TRUST_ALL_CERTIFICATES; i < length; i++) {
            SdkAutoCloseable sdkAutoCloseable = sdkAutoCloseableArr[i];
            if (sdkAutoCloseable != null) {
                try {
                    sdkAutoCloseable.close();
                } catch (RuntimeException e) {
                    runtimeException = (RuntimeException) ExceptionUtils.firstOrSuppressed(e, runtimeException);
                }
            }
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
    }

    public static void validateAwsCredentials(Properties properties) {
        validateAwsConfiguration(properties);
        getCredentialsProvider(properties).resolveCredentials();
    }

    private static void validateCredentialProvider(Properties properties) {
        try {
            getCredentialsProvider(properties);
        } catch (IllegalArgumentException e) {
            StringBuilder sb = new StringBuilder();
            AWSConfigConstants.CredentialProvider[] values = AWSConfigConstants.CredentialProvider.values();
            int length = values.length;
            for (int i = TRUST_ALL_CERTIFICATES; i < length; i++) {
                sb.append(values[i].toString()).append(", ");
            }
            throw new IllegalArgumentException("Invalid AWS Credential Provider Type set in config. Valid values are: " + sb.toString());
        }
    }
}
