package com.atlassian.bamboo.maven.plugins.aws;

import com.amazonaws.services.s3.AmazonS3;
import com.atlassian.aws.ec2.awssdk.AwsSupportConstants;
import com.atlassian.aws.ec2.configuration.ImageData;
import com.atlassian.bamboo.maven.plugins.aws.files.IpRangesFileDao;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:com/atlassian/bamboo/maven/plugins/aws/SetupBucketsMojo.class */
public class SetupBucketsMojo extends AbstractAwsMojo {
    private static final String USER_PUBLIC_AGENT_ASSEMBLY_ACCESS = "121852097033:user/PublicAgentAssemblyAccess";
    private String[] regionalisedBuckets;

    public void execute() throws MojoExecutionException, MojoFailureException {
        try {
            Map<AwsSupportConstants.Region, Iterable<String>> read = IpRangesFileDao.read(getLog(), "src/main/aws-ip-ranges.txt");
            LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap(AwsSupportConstants.LOCATION_CONSTRAINT_TO_REGION);
            newLinkedHashMap.remove("cn-north-1");
            for (Map.Entry entry : newLinkedHashMap.entrySet()) {
                String str = (String) entry.getKey();
                AwsSupportConstants.Region region = (AwsSupportConstants.Region) entry.getValue();
                getLog().info("=== Setting up buckets for " + region + ", location constraint: " + str + " ===");
                for (String str2 : this.regionalisedBuckets) {
                    setupBucket(str2, read.get(region), str, region);
                }
            }
        } catch (IOException e) {
            throw new MojoExecutionException("Unable to read IP ranges file", e);
        }
    }

    private void setupBucket(String str, Iterable<String> iterable, String str2, AwsSupportConstants.Region region) throws MojoExecutionException {
        String nameForRegion = ImageData.getNameForRegion(str, region);
        AmazonS3 amazonS3 = (AmazonS3) this.awsS3Client.get();
        getLog().debug("Checking for existence of " + nameForRegion);
        if (!amazonS3.doesBucketExist(nameForRegion)) {
            getLog().info("Creting bucket for region " + nameForRegion);
            if (str2.equals("US")) {
                str2 = null;
            }
            amazonS3.createBucket(nameForRegion, str2);
        } else {
            if (!amazonS3.getBucketLocation(nameForRegion).equals(str2)) {
                throw new MojoExecutionException("Bucket " + nameForRegion + " already exists, but not in the expected location. Please recreate it in a correct location: " + str2);
            }
            getLog().debug("Bucket " + nameForRegion + " is already available in the proper location.");
        }
        getLog().info("Setting up policy for bucket " + nameForRegion);
        String generatePolicy = generatePolicy(nameForRegion, iterable);
        getLog().debug(generatePolicy);
        amazonS3.setBucketPolicy(nameForRegion, generatePolicy);
    }

    private String generatePolicy(String str, Iterable<String> iterable) {
        return "{\n  \"Statement\": [\n    {\n      \"Effect\": \"Deny\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::121852097033:user/PublicAgentAssemblyAccess\"\n      },\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": \"arn:aws:s3:::" + str + "\",\n      \"Condition\": {\n        \"NotIpAddress\": {\n          \"aws:SourceIp\": " + ("[\"" + StringUtils.join(iterable.iterator(), "\", \"") + "\"]") + "\n        }\n      }\n    },\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::" + USER_PUBLIC_AGENT_ASSEMBLY_ACCESS + "\"\n      },\n      \"Action\": \"s3:ListBucket\",\n      \"Resource\": \"arn:aws:s3:::" + str + "\"\n    },\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::" + USER_PUBLIC_AGENT_ASSEMBLY_ACCESS + "\"\n      },\n      \"Action\": \"s3:GetObject\",\n      \"Resource\": \"arn:aws:s3:::" + str + "/*\"\n    }\n  ]\n}";
    }
}
