package org.nuxeo.ecm.core.storage.sql;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.automation.server.jaxrs.batch.Batch;
import org.nuxeo.ecm.automation.server.jaxrs.batch.handler.AbstractBatchHandler;
import org.nuxeo.ecm.automation.server.jaxrs.batch.handler.BatchFileInfo;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.blob.binary.BinaryBlob;
import org.nuxeo.ecm.core.blob.binary.CachingBinaryManager;
import org.nuxeo.ecm.core.blob.binary.LazyBinary;

/* loaded from: input_file:org/nuxeo/ecm/core/storage/sql/S3DirectBatchHandler.class */
public class S3DirectBatchHandler extends AbstractBatchHandler {
    public static final String ACCELERATE_MODE_ENABLED_PROPERTY = "accelerateMode";
    public static final String POLICY_TEMPLATE_PROPERTY = "policyTemplate";
    public static final String INFO_AWS_SECRET_KEY_ID = "awsSecretKeyId";
    public static final String INFO_AWS_SECRET_ACCESS_KEY = "awsSecretAccessKey";
    public static final String INFO_AWS_SESSION_TOKEN = "awsSessionToken";
    public static final String INFO_BUCKET = "bucket";
    public static final String INFO_BASE_KEY = "baseKey";
    public static final String INFO_EXPIRATION = "expiration";
    public static final String INFO_AWS_REGION = "region";
    public static final String INFO_USE_S3_ACCELERATE = "useS3Accelerate";
    protected AWSSecurityTokenService stsClient;
    protected AmazonS3 amazonS3;
    protected String region;
    protected String bucket;
    protected String bucketPrefix;
    protected boolean accelerateModeEnabled;
    protected int expiration;
    protected String policy;
    private static final Log log = LogFactory.getLog(S3BinaryManager.class);
    protected static final Pattern REGEX_MULTIPART_ETAG = Pattern.compile("-\\d+$");
    protected static final Pattern REGEX_BUCKET_PATH_PLACE_HOLDER = Pattern.compile("\\{\\{bucketPath}}");
    protected static final List<String> MANDATORY_PROPERTIES = Arrays.asList(S3BinaryManager.AWS_ID_PROPERTY, S3BinaryManager.AWS_SECRET_PROPERTY, "bucket", "region");

    protected void initialize(Map<String, String> map) {
        super.initialize(map);
        for (String str : MANDATORY_PROPERTIES) {
            if (StringUtils.isEmpty(map.get(str))) {
                throw new NuxeoException("Missing configuration property: " + str);
            }
        }
        this.region = map.get("region");
        this.bucket = map.get("bucket");
        this.bucketPrefix = StringUtils.defaultString(map.get(S3BinaryManager.BUCKET_PREFIX_PROPERTY));
        this.accelerateModeEnabled = Boolean.parseBoolean(map.get(ACCELERATE_MODE_ENABLED_PROPERTY));
        String str2 = map.get(S3BinaryManager.AWS_ID_PROPERTY);
        String str3 = map.get(S3BinaryManager.AWS_SECRET_PROPERTY);
        this.expiration = Integer.parseInt((String) StringUtils.defaultIfEmpty(map.get(INFO_EXPIRATION), "0"));
        this.policy = map.get(POLICY_TEMPLATE_PROPERTY);
        AWSCredentialsProvider aWSCredentialsProvider = S3Utils.getAWSCredentialsProvider(str2, str3);
        this.stsClient = initializeSTSClient(aWSCredentialsProvider);
        this.amazonS3 = initializeS3Client(aWSCredentialsProvider);
        if (StringUtils.isBlank(this.bucketPrefix) || this.bucketPrefix.endsWith("/")) {
            return;
        }
        log.warn(String.format("%s %s S3 bucket prefix should end with '/': added automatically.", S3BinaryManager.BUCKET_PREFIX_PROPERTY, this.bucketPrefix));
        this.bucketPrefix += "/";
    }

    protected AWSSecurityTokenService initializeSTSClient(AWSCredentialsProvider aWSCredentialsProvider) {
        return (AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withRegion(this.region).withCredentials(aWSCredentialsProvider).build();
    }

    protected AmazonS3 initializeS3Client(AWSCredentialsProvider aWSCredentialsProvider) {
        return (AmazonS3) AmazonS3ClientBuilder.standard().withRegion(this.region).withCredentials(aWSCredentialsProvider).withAccelerateModeEnabled(Boolean.valueOf(this.accelerateModeEnabled)).build();
    }

    public Batch getBatch(String str) {
        Map batchParameters = getBatchParameters(str);
        if (batchParameters == null) {
            return null;
        }
        Batch batch = new Batch(str, batchParameters, getName(), getTransientStore());
        GetFederationTokenRequest withName = new GetFederationTokenRequest().withPolicy(this.policy).withName(str.substring(0, Math.min(32, str.length())));
        if (this.expiration > 0) {
            withName.setDurationSeconds(Integer.valueOf(this.expiration));
        }
        Credentials sTSCredentials = getSTSCredentials(withName);
        Map properties = batch.getProperties();
        properties.put(INFO_AWS_SECRET_KEY_ID, sTSCredentials.getAccessKeyId());
        properties.put(INFO_AWS_SECRET_ACCESS_KEY, sTSCredentials.getSecretAccessKey());
        properties.put(INFO_AWS_SESSION_TOKEN, sTSCredentials.getSessionToken());
        properties.put("bucket", this.bucket);
        properties.put(INFO_BASE_KEY, this.bucketPrefix);
        properties.put(INFO_EXPIRATION, Long.valueOf(sTSCredentials.getExpiration().toInstant().toEpochMilli()));
        properties.put("region", this.region);
        properties.put(INFO_USE_S3_ACCELERATE, Boolean.valueOf(this.accelerateModeEnabled));
        return batch;
    }

    protected Credentials getSTSCredentials(GetFederationTokenRequest getFederationTokenRequest) {
        return this.stsClient.getFederationToken(getFederationTokenRequest).getCredentials();
    }

    public boolean completeUpload(String str, String str2, BatchFileInfo batchFileInfo) {
        ObjectMetadata copyFile;
        String key = batchFileInfo.getKey();
        ObjectMetadata objectMetadata = this.amazonS3.getObjectMetadata(this.bucket, key);
        String eTag = objectMetadata.getETag();
        if (StringUtils.isEmpty(eTag)) {
            return false;
        }
        String contentType = objectMetadata.getContentType();
        String contentEncoding = objectMetadata.getContentEncoding();
        if (objectMetadata.getContentLength() > lowerThresholdToUseMultipartCopy()) {
            copyFile = S3Utils.copyFileMultipart(this.amazonS3, objectMetadata, this.bucket, key, this.bucket, eTag, true);
        } else {
            copyFile = S3Utils.copyFile(this.amazonS3, objectMetadata, this.bucket, key, this.bucket, eTag, true);
            if (REGEX_MULTIPART_ETAG.matcher(eTag).find()) {
                eTag = copyFile.getETag();
                copyFile = S3Utils.copyFile(this.amazonS3, objectMetadata, this.bucket, eTag, this.bucket, eTag, true);
            }
        }
        String str3 = this.transientStoreName + ':' + eTag;
        String filename = batchFileInfo.getFilename();
        getBatch(str).addFile(str2, new BinaryBlob(new LazyBinary(str3, this.transientStoreName, (CachingBinaryManager) null), str3, filename, contentType, contentEncoding, copyFile.getContentMD5(), copyFile.getContentLength()), filename, contentType);
        return true;
    }

    protected long lowerThresholdToUseMultipartCopy() {
        return S3Utils.NON_MULTIPART_COPY_MAX_SIZE;
    }
}
