package com.atlassian.bamboo.build.artifact;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.regions.Region;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.DeleteObjectRequest;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.util.StringInputStream;
import com.atlassian.aws.ec2.awssdk.AwsSupportConstants;
import com.atlassian.aws.s3.BambooAmazonS3Client;
import com.atlassian.bamboo.FeatureManager;
import com.atlassian.bamboo.agent.elastic.server.ElasticConfiguration;
import com.atlassian.bamboo.aws.AmazonClientsFactory;
import com.atlassian.bamboo.build.artifact.handlers.AbstractArtifactHandlerConfigurator;
import com.atlassian.bamboo.collections.ActionParametersMap;
import com.atlassian.bamboo.configuration.AdministrationConfigurationAccessor;
import com.atlassian.bamboo.configuration.ConfigurationMap;
import com.atlassian.bamboo.configuration.ConfigurationMapImpl;
import com.atlassian.bamboo.utils.BambooRandomStringUtils;
import com.atlassian.bamboo.utils.BambooUrl;
import com.atlassian.bamboo.utils.MessageCollection;
import com.atlassian.bamboo.utils.MessageCollectionImpl;
import com.atlassian.bamboo.utils.error.ErrorCollection;
import com.atlassian.security.password.DefaultPasswordEncoder;
import com.atlassian.struts.TextProvider;
import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/build/artifact/S3ArtifactHandlerConfigurator.class */
public class S3ArtifactHandlerConfigurator extends AbstractArtifactHandlerConfigurator {
    public static final String S3_STORAGE_PROPERTIES_PREFIX = "custom.artifactHandlers.comAtlassianBambooPluginArtifactHandlerRemote:S3ArtifactHandler";
    private static final Logger log = Logger.getLogger(S3ArtifactHandlerConfigurator.class);
    static final String DEFAULT_BUCKET_PATH = "bamboo-artifacts";
    public static final String CONF_ACCESS_KEY_ID = "accessKeyId";
    static final String CONF_SECRET_ACCESS_KEY_CHANGE = "awsSecretAccessKeyChange";
    public static final String CONF_SECRET_ACCESS_KEY = "secretAccessKey";
    public static final String CONF_BUCKET_NAME = "bucketName";
    public static final String CONF_BUCKET_PATH = "bucketPath";
    public static final String CONF_REGION = "region";
    public static final String CONF_CREDENTIALS_SOURCE = "credentialsSource";
    public static final String CONF_CREDENTIALS_SOURCE_OPTIONS = "credentialsSourceList";
    static final String SHOW_CREDENTIALS_CONFIGURATION = "showCredentialsConfiguration";
    static final String BUCKET_NAME_MAX_LENGTH = "bucketNameMaxLength";
    static final String CONF_ENABLED_FOR_SHARED = "enabledForShared";
    static final String CONF_ENABLED_FOR_NON_SHARED = "enabledForNonShared";
    public static final String CONF_MAX_ARTIFACT_FILE_COUNT = "maxArtifactFileCount";
    static final int DEFAULT_MAX_ARTIFACT_FILE_COUNT_NO_AA = 10000000;
    static final int DEFAULT_MAX_ARTIFACT_FILE_COUNT_AA = 100;
    static final String EDITABLE_MAX_ARTIFACT_FILE_COUNT = "isArtifactFileCountEditable";
    static final int MIN_BUCKET_NAME_LENGTH = 3;
    static final int MAX_BUCKET_NAME_LENGTH = 63;
    private static final String BAMBOO_ARTIFACT_BUCKET_SUFFIX = "-bamboo-artifacts";

    @Autowired
    private AdministrationConfigurationAccessor administrationConfigurationAccessor;

    @Autowired
    private AmazonClientsFactory amazonClientsFactory;

    @Autowired
    private FeatureManager featureManager;

    @Autowired
    private TextProvider textProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/bamboo/build/artifact/S3ArtifactHandlerConfigurator$AwsCredentialsSource.class */
    public enum AwsCredentialsSource {
        EC2("ec2"),
        CUSTOM("custom");

        private String value;

        AwsCredentialsSource(String str) {
            this.value = str;
        }

        public boolean isValueEquals(Object obj) {
            return this.value.equals(obj);
        }

        public String getValue() {
            return this.value;
        }
    }

    public void populateContextForEdit(@NotNull Map<String, Object> map) {
        String value;
        super.populateContextForEdit(map);
        String configurationKey = getConfigurationKey(CONF_BUCKET_NAME);
        if (StringUtils.isEmpty(Objects.toString(map.get(configurationKey), ""))) {
            map.put(configurationKey, generateDefaultBucketName());
        }
        map.put(getConfigurationKey(SHOW_CREDENTIALS_CONFIGURATION), Boolean.valueOf(this.featureManager.isArtifactHandlerUiEnabled()));
        if ((map.get(getConfigurationKey(CONF_SECRET_ACCESS_KEY)) == null || AwsCredentialsSource.EC2.isValueEquals(map.get(getConfigurationKey(CONF_CREDENTIALS_SOURCE)))) && !isEc2Disabled()) {
            value = AwsCredentialsSource.EC2.getValue();
            map.put(getConfigurationKey(CONF_ACCESS_KEY_ID), "");
            map.put(getConfigurationKey(CONF_SECRET_ACCESS_KEY), "");
            map.put(getConfigurationKey(CONF_REGION), "");
        } else {
            value = AwsCredentialsSource.CUSTOM.getValue();
        }
        map.put(getConfigurationKey(CONF_CREDENTIALS_SOURCE), value);
        map.put(getConfigurationKey(BUCKET_NAME_MAX_LENGTH), Integer.valueOf(MAX_BUCKET_NAME_LENGTH));
        map.put(getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT), Integer.valueOf(this.featureManager.isAtlassianAgents() ? DEFAULT_MAX_ARTIFACT_FILE_COUNT_AA : DEFAULT_MAX_ARTIFACT_FILE_COUNT_NO_AA));
        map.put(getConfigurationKey(EDITABLE_MAX_ARTIFACT_FILE_COUNT), Boolean.valueOf(!this.featureManager.isAtlassianAgents()));
        map.put(getConfigurationKey(CONF_CREDENTIALS_SOURCE_OPTIONS), getCredentialsSourceOptions());
    }

    public void postProcessConfiguration(ActionParametersMap actionParametersMap) {
        super.postProcessConfiguration(actionParametersMap);
        String configurationKey = getConfigurationKey(CONF_BUCKET_PATH);
        if (StringUtils.isEmpty(actionParametersMap.getString(configurationKey))) {
            actionParametersMap.put(configurationKey, DEFAULT_BUCKET_PATH);
        }
        String configurationKey2 = getConfigurationKey(CONF_SECRET_ACCESS_KEY_CHANGE);
        if (!actionParametersMap.getBoolean(configurationKey2)) {
            actionParametersMap.remove(getConfigurationKey(CONF_SECRET_ACCESS_KEY));
        }
        actionParametersMap.remove(configurationKey2);
        if (AwsCredentialsSource.EC2.isValueEquals(actionParametersMap.getString(getConfigurationKey(CONF_CREDENTIALS_SOURCE)))) {
            actionParametersMap.put(getConfigurationKey(CONF_ACCESS_KEY_ID), "");
            actionParametersMap.put(getConfigurationKey(CONF_REGION), "");
        }
    }

    public void decorateConfigurationForRuntime(@NotNull Map<String, String> map) {
        super.decorateConfigurationForRuntime(map);
        String configurationKey = getConfigurationKey(CONF_ACCESS_KEY_ID);
        String configurationKey2 = getConfigurationKey(CONF_SECRET_ACCESS_KEY);
        if (StringUtils.isEmpty(map.get(configurationKey)) || StringUtils.isEmpty(map.get(configurationKey2)) || AwsCredentialsSource.EC2.isValueEquals(map.get(getConfigurationKey(CONF_CREDENTIALS_SOURCE)))) {
            Preconditions.checkState(!this.featureManager.isAtlassianAgents(), "S3 credentials were not provided during setup");
            ElasticConfiguration elasticConfig = this.administrationConfigurationAccessor.getAdministrationConfiguration().getElasticConfig();
            if (elasticConfig == null || !StringUtils.isNotEmpty(elasticConfig.getAwsAccessKeyId()) || !StringUtils.isNotEmpty(elasticConfig.getAwsSecretKey())) {
                log.warn("S3 artifact handler was used, but AWS credentials are missing");
                return;
            }
            map.put(configurationKey, elasticConfig.getAwsAccessKeyId());
            map.put(configurationKey2, elasticConfig.getAwsSecretKey());
            map.put(getConfigurationKey(CONF_REGION), elasticConfig.getRegion().toString());
        }
    }

    public void validateConfiguration(@NotNull Map<String, String> map, @NotNull Map<String, String> map2, @NotNull ErrorCollection errorCollection) {
        ConfigurationMapImpl configurationMapImpl = new ConfigurationMapImpl(map2);
        ConfigurationMapImpl configurationMapImpl2 = new ConfigurationMapImpl(map);
        if (this.featureManager.isAtlassianAgents() && !configurationMapImpl2.containsKey(getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT))) {
            configurationMapImpl2.put(getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT), Integer.toString(DEFAULT_MAX_ARTIFACT_FILE_COUNT_AA));
        }
        String str = (String) configurationMapImpl2.get(getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT));
        if (!StringUtils.isNumeric(str) || Long.parseLong(str) < 0) {
            errorCollection.addError(getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT), this.textProvider.getText("admin.artifactstorage.s3.maxArtifactFileCount.invalid"));
        }
        boolean asBoolean = configurationMapImpl2.getAsBoolean(getConfigurationKey(CONF_ENABLED_FOR_SHARED));
        boolean asBoolean2 = configurationMapImpl2.getAsBoolean(getConfigurationKey(CONF_ENABLED_FOR_NON_SHARED));
        if (this.featureManager.isOnDemandInstance() && (asBoolean ^ asBoolean2)) {
            throw new IllegalStateException("On Cloud, artifact handlers should be enabled/disabled for both shared and non-shared artifacts");
        }
        if (asBoolean || asBoolean2) {
            String str2 = (String) configurationMapImpl2.get(getConfigurationKey(CONF_BUCKET_NAME));
            String str3 = (String) configurationMapImpl2.get(getConfigurationKey(CONF_CREDENTIALS_SOURCE));
            validateBucketName(str2, errorCollection);
            if (errorCollection.hasAnyErrors()) {
                return;
            }
            if (((!configurationMapImpl.getAsBoolean(getConfigurationKey(CONF_ENABLED_FOR_SHARED)) && !configurationMapImpl.getAsBoolean(getConfigurationKey(CONF_ENABLED_FOR_NON_SHARED))) || !str2.equals((String) configurationMapImpl.get(getConfigurationKey(CONF_BUCKET_NAME))) || !str3.equals((String) configurationMapImpl.get(getConfigurationKey(CONF_CREDENTIALS_SOURCE))) || AwsCredentialsSource.CUSTOM.isValueEquals(str3)) && this.featureManager.isOnDemandInstance()) {
                if (AwsCredentialsSource.EC2.isValueEquals(str3)) {
                    validateEc2Settings(errorCollection, str2);
                } else {
                    validateCustomAwsSettings(configurationMapImpl2, str2, errorCollection);
                }
            }
        }
    }

    public Map<String, String> getArtifactHandlerConfiguration(@NotNull Map<String, String> map) {
        Map<String, String> artifactHandlerConfiguration = super.getArtifactHandlerConfiguration(map);
        artifactHandlerConfiguration.putAll(getConfiguration(map));
        return artifactHandlerConfiguration;
    }

    public Map<String, String> getEncryptedArtifactHandlerConfiguration(@NotNull Map<String, String> map) {
        Map<String, String> encryptedArtifactHandlerConfiguration = super.getEncryptedArtifactHandlerConfiguration(map);
        encryptedArtifactHandlerConfiguration.putAll(getConfiguration(map));
        String configurationKey = getConfigurationKey(CONF_SECRET_ACCESS_KEY);
        if (encryptedArtifactHandlerConfiguration.containsKey(configurationKey)) {
            encryptedArtifactHandlerConfiguration.put(configurationKey, DefaultPasswordEncoder.getDefaultInstance().encodePassword(encryptedArtifactHandlerConfiguration.get(configurationKey)));
        }
        return encryptedArtifactHandlerConfiguration;
    }

    public MessageCollection beforeSave(Map<String, String> map, Map<String, String> map2) {
        String str = map2.get(getConfigurationKey(CONF_BUCKET_NAME));
        String str2 = map.get(getConfigurationKey(CONF_BUCKET_NAME));
        MessageCollectionImpl messageCollectionImpl = new MessageCollectionImpl();
        if (StringUtils.isNotEmpty(str) && !Objects.equals(str, str2)) {
            messageCollectionImpl.addMessage(this.textProvider.getText("elastic.configure.aws.field.bucketName.modified", Collections.singletonList(this.textProvider.getText("help.aws.s3.sync"))));
        }
        return messageCollectionImpl;
    }

    private Map<String, String> getCredentialsSourceOptions() {
        HashMap hashMap = new HashMap();
        hashMap.put(AwsCredentialsSource.EC2.getValue(), this.textProvider.getText("admin.artifactstorage.s3.aws.credentials.source.ec2", Collections.singletonList(getViewElasticConfigActionUrl())));
        hashMap.put(AwsCredentialsSource.CUSTOM.getValue(), this.textProvider.getText("admin.artifactstorage.s3.aws.credentials.source.custom"));
        return hashMap;
    }

    private void validateEc2Settings(@NotNull ErrorCollection errorCollection, String str) {
        if (isEc2Disabled()) {
            errorCollection.addErrorMessage(this.textProvider.getText("elastic.configure.aws.not.configured.with.link", Collections.singletonList(getViewElasticConfigActionUrl())));
        } else {
            ElasticConfiguration elasticConfig = this.administrationConfigurationAccessor.getAdministrationConfiguration().getElasticConfig();
            testOrCreateBucket(errorCollection, str, elasticConfig.getAwsAccessKeyId(), elasticConfig.getAwsSecretKey(), elasticConfig.getRegion().getSdkRegion());
        }
    }

    @NotNull
    private String getViewElasticConfigActionUrl() {
        return new BambooUrl(this.administrationConfigurationAccessor).withBaseUrlFromRequest("/admin/elastic/viewElasticConfig.action");
    }

    private void validateCustomAwsSettings(@NotNull ConfigurationMap configurationMap, @NotNull String str, @NotNull ErrorCollection errorCollection) {
        String str2 = (String) configurationMap.get(getConfigurationKey(CONF_ACCESS_KEY_ID));
        String str3 = (String) configurationMap.get(getConfigurationKey(CONF_SECRET_ACCESS_KEY));
        String str4 = (String) configurationMap.get(getConfigurationKey(CONF_REGION));
        AwsSupportConstants.Region region = null;
        if (StringUtils.isEmpty(str2)) {
            errorCollection.addError(getConfigurationKey(CONF_ACCESS_KEY_ID), this.textProvider.getText("elastic.configure.aws.field.accessKeyId.required"));
        }
        if (StringUtils.isEmpty(str3)) {
            errorCollection.addError(getConfigurationKey(CONF_SECRET_ACCESS_KEY), this.textProvider.getText("elastic.configure.aws.field.secretAccessKey.required"));
        }
        if (StringUtils.isEmpty(str4)) {
            errorCollection.addError(getConfigurationKey(CONF_REGION), this.textProvider.getText("elastic.configure.aws.field.region.required"));
        } else {
            try {
                region = AwsSupportConstants.Region.valueOf(str4);
                if (region == null) {
                    errorCollection.addError(getConfigurationKey(CONF_REGION), this.textProvider.getText("elastic.configure.aws.field.region.not.supported", Collections.singletonList(str4)));
                }
            } catch (IllegalArgumentException e) {
                errorCollection.addError(getConfigurationKey(CONF_REGION), this.textProvider.getText("elastic.configure.aws.field.region.not.supported", Collections.singletonList(str4)));
            }
        }
        if (errorCollection.hasAnyErrors()) {
            return;
        }
        testOrCreateBucket(errorCollection, str, str2, str3, region.getSdkRegion());
    }

    private void validateBucketName(String str, ErrorCollection errorCollection) {
        if (str == null || str.length() < MIN_BUCKET_NAME_LENGTH || str.length() > MAX_BUCKET_NAME_LENGTH) {
            errorCollection.addError(getConfigurationKey(CONF_BUCKET_NAME), this.textProvider.getText("elastic.configure.field.bucketName.validation.length", Arrays.asList(Integer.valueOf(MIN_BUCKET_NAME_LENGTH), Integer.valueOf(MAX_BUCKET_NAME_LENGTH))));
        }
    }

    private void testOrCreateBucket(ErrorCollection errorCollection, String str, String str2, String str3, @Nullable Region region) {
        BambooAmazonS3Client newAmazonS3Client = this.amazonClientsFactory.newAmazonS3Client(new BasicAWSCredentials(str2, str3));
        if (region != null) {
            newAmazonS3Client.setRegion(region);
        }
        try {
            try {
                try {
                    if (!newAmazonS3Client.doesBucketExist(str)) {
                        newAmazonS3Client.createBucket(str);
                    }
                    String str4 = "BambooS3ArtifactHandlerTest_" + BambooRandomStringUtils.randomAlphabetic(12);
                    newAmazonS3Client.putObject(new PutObjectRequest(str, str4, new StringInputStream(str4), new ObjectMetadata()));
                    try {
                        newAmazonS3Client.deleteObject(new DeleteObjectRequest(str, str4));
                    } catch (AmazonClientException e) {
                        log.info("AWS error while deleting object: ", e);
                    }
                    newAmazonS3Client.shutdown();
                } catch (AmazonClientException e2) {
                    log.error("AWS error", e2);
                    errorCollection.addError(getConfigurationKey(""), this.textProvider.getText("elastic.configure.field.bucketName.validation.creation.error"));
                    newAmazonS3Client.shutdown();
                } catch (UnsupportedEncodingException e3) {
                    log.error("Unexpected error: ", e3);
                    errorCollection.addErrorMessage(this.textProvider.getText("elastic.configure.error.unexpected", Collections.singletonList(e3.getMessage())));
                    newAmazonS3Client.shutdown();
                }
            } catch (AmazonS3Exception e4) {
                log.error("S3 error", e4);
                if (isBucketNameNotAccessibleInSelectedRegion(e4)) {
                    errorCollection.addError(getConfigurationKey(CONF_BUCKET_NAME), this.textProvider.getText("elastic.configure.field.bucketName.validation.region"));
                } else {
                    errorCollection.addError(getConfigurationKey(""), this.textProvider.getText("elastic.configure.field.bucketName.validation.creation.error"));
                }
                newAmazonS3Client.shutdown();
            } catch (Exception e5) {
                log.error("AWS error", e5);
                errorCollection.addErrorMessage(this.textProvider.getText("elastic.configure.error.access", Arrays.asList(str, e5.getMessage())));
                newAmazonS3Client.shutdown();
            }
        } catch (Throwable th) {
            newAmazonS3Client.shutdown();
            throw th;
        }
    }

    private boolean isBucketNameNotAccessibleInSelectedRegion(AmazonS3Exception amazonS3Exception) {
        return amazonS3Exception.getMessage().contains("The bucket you are attempting to access must be addressed");
    }

    @NotNull
    private String generateDefaultBucketName() {
        String str;
        try {
            str = new URL(this.administrationConfigurationAccessor.getAdministrationConfiguration().getBaseUrl()).getHost();
        } catch (MalformedURLException e) {
            str = "host" + String.valueOf(System.currentTimeMillis());
        }
        return StringUtils.left((str + BAMBOO_ARTIFACT_BUCKET_SUFFIX).replace('.', '-').toLowerCase(Locale.US), MAX_BUCKET_NAME_LENGTH);
    }

    private Map<String, String> getConfiguration(@NotNull Map<String, String> map) {
        HashMap hashMap = new HashMap();
        String configurationKey = getConfigurationKey(CONF_ACCESS_KEY_ID);
        if (map.containsKey(configurationKey)) {
            hashMap.put(configurationKey, map.get(configurationKey));
        }
        String configurationKey2 = getConfigurationKey(CONF_SECRET_ACCESS_KEY);
        if (map.containsKey(configurationKey2)) {
            hashMap.put(configurationKey2, map.get(configurationKey2));
        }
        String configurationKey3 = getConfigurationKey(CONF_BUCKET_NAME);
        if (map.containsKey(configurationKey3)) {
            hashMap.put(configurationKey3, map.get(configurationKey3));
        }
        String configurationKey4 = getConfigurationKey(CONF_BUCKET_PATH);
        if (map.containsKey(configurationKey4)) {
            hashMap.put(configurationKey4, map.get(configurationKey4));
        }
        String configurationKey5 = getConfigurationKey(CONF_MAX_ARTIFACT_FILE_COUNT);
        if (map.containsKey(configurationKey5)) {
            hashMap.put(configurationKey5, map.get(configurationKey5));
        }
        return hashMap;
    }

    private boolean isEc2Disabled() {
        ElasticConfiguration elasticConfig = this.administrationConfigurationAccessor.getAdministrationConfiguration().getElasticConfig();
        return elasticConfig == null || !elasticConfig.isEnabled();
    }
}
