package io.jenkins.plugins.artifact_manager_jclouds.s3;

import com.amazonaws.HttpMethod;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;
import com.google.common.base.Supplier;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider;
import io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProviderDescriptor;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Date;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import org.apache.commons.lang.StringUtils;
import org.jclouds.ContextBuilder;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.aws.s3.AWSS3ProviderMetadata;
import org.jclouds.blobstore.BlobStoreContext;
import org.jclouds.blobstore.domain.Blob;
import org.jclouds.location.reference.LocationConstants;
import org.jclouds.osgi.ProviderRegistry;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/artifact-manager-s3.jar:io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStore.class */
public class S3BlobStore extends BlobStoreProvider {
    private static final Logger LOGGER;
    private static final long serialVersionUID = -8864075675579867370L;
    static boolean BREAK_CREDS;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/artifact-manager-s3.jar:io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStore$DescriptorImpl.class */
    public static final class DescriptorImpl extends BlobStoreProviderDescriptor {
        public String getDisplayName() {
            return "Amazon S3";
        }
    }

    @DataBoundConstructor
    public S3BlobStore() {
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public String getPrefix() {
        return getConfiguration().getPrefix();
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public String getContainer() {
        return getConfiguration().getContainer();
    }

    public String getRegion() {
        return getConfiguration().getRegion();
    }

    public S3BlobStoreConfig getConfiguration() {
        return S3BlobStoreConfig.get();
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public boolean isDeleteArtifacts() {
        return getConfiguration().isDeleteArtifacts();
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public boolean isDeleteStashes() {
        return getConfiguration().isDeleteStashes();
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public BlobStoreContext getContext() throws IOException {
        LOGGER.log(Level.FINEST, "Building context");
        ProviderRegistry.registerProvider(AWSS3ProviderMetadata.builder().build());
        try {
            Properties properties = new Properties();
            if (StringUtils.isNotBlank(getRegion())) {
                properties.setProperty(LocationConstants.PROPERTY_REGIONS, getRegion());
            }
            return (BlobStoreContext) ContextBuilder.newBuilder("aws-s3").credentialsSupplier(getCredentialsSupplier()).overrides(properties).buildView(BlobStoreContext.class);
        } catch (NoSuchElementException e) {
            throw new IOException(e);
        }
    }

    private AWSSessionCredentials sessionCredentialsFromKeyAndSecret() {
        AWSSessionCredentials credentials = getConfiguration().getCredentials().getCredentials();
        if (credentials instanceof AWSSessionCredentials) {
            return credentials;
        }
        Credentials credentials2 = ((AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withRegion(getRegion()).withCredentials(new AWSStaticCredentialsProvider(credentials)).build()).getSessionToken(new GetSessionTokenRequest().withDurationSeconds(Integer.valueOf(getConfiguration().getSessionDuration()))).getCredentials();
        return new BasicSessionCredentials(credentials2.getAccessKeyId(), credentials2.getSecretAccessKey(), credentials2.getSessionToken());
    }

    private AWSSessionCredentials sessionCredentialsFromInstanceProfile() throws IOException {
        AWSSessionCredentials credentials = getAmazonS3ClientBuilder().getCredentials().getCredentials();
        if (credentials == null) {
            throw new IOException("Unable to get credentials from environment");
        }
        if (credentials instanceof AWSSessionCredentials) {
            return credentials;
        }
        throw new IOException("No valid session credentials");
    }

    private boolean hasCredentialsConfigured() {
        return StringUtils.isNotBlank(getConfiguration().getCredentialsId()) && getConfiguration().getCredentials() != null;
    }

    private Supplier<org.jclouds.domain.Credentials> getCredentialsSupplier() throws IOException {
        AWSSessionCredentials sessionCredentials = sessionCredentials();
        String sessionToken = sessionCredentials.getSessionToken();
        if (BREAK_CREDS) {
            sessionToken = "<broken>";
        }
        SessionCredentials build = SessionCredentials.builder().accessKeyId(sessionCredentials.getAWSAccessKeyId()).secretAccessKey(sessionCredentials.getAWSSecretKey()).sessionToken(sessionToken).build();
        return () -> {
            return build;
        };
    }

    private AWSSessionCredentials sessionCredentials() throws IOException {
        return hasCredentialsConfigured() ? sessionCredentialsFromKeyAndSecret() : sessionCredentialsFromInstanceProfile();
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    @Nonnull
    public URI toURI(@NonNull String str, @NonNull String str2) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        try {
            return new URI(String.format("https://%s.s3.amazonaws.com/%s", str, URLEncoder.encode(str2, "UTF-8").replaceAll("%2F", "/").replaceAll("%3A", ":")));
        } catch (UnsupportedEncodingException | URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider
    public URL toExternalURL(@NonNull Blob blob, @NonNull BlobStoreProvider.HttpMethod httpMethod) throws IOException {
        HttpMethod httpMethod2;
        if (!$assertionsDisabled && blob == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && httpMethod == null) {
            throw new AssertionError();
        }
        AmazonS3ClientBuilder withCredentials = getAmazonS3ClientBuilder().withCredentials(new AWSStaticCredentialsProvider(sessionCredentials()));
        Date date = new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1L));
        String container = blob.getMetadata().getContainer();
        String name = blob.getMetadata().getName();
        LOGGER.log(Level.FINE, "Generating presigned URL for {0} / {1} for method {2}", new Object[]{container, name, httpMethod});
        switch (httpMethod) {
            case PUT:
                httpMethod2 = HttpMethod.PUT;
                break;
            case GET:
                httpMethod2 = HttpMethod.GET;
                break;
            default:
                throw new IOException("HTTP Method " + httpMethod + " not supported for S3");
        }
        return ((AmazonS3) withCredentials.build()).generatePresignedUrl(container, name, date, httpMethod2);
    }

    private AmazonS3ClientBuilder getAmazonS3ClientBuilder() {
        return StringUtils.isNotBlank(getRegion()) ? (AmazonS3ClientBuilder) AmazonS3ClientBuilder.standard().withRegion(getRegion()) : AmazonS3ClientBuilder.standard().withForceGlobalBucketAccessEnabled(true);
    }

    public boolean isConfigured() {
        return StringUtils.isNotBlank(getContainer());
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("S3BlobStore{");
        sb.append("container='").append(getContainer()).append('\'');
        sb.append(", prefix='").append(getPrefix()).append('\'');
        sb.append(", region='").append(getRegion()).append('\'');
        sb.append(", deleteArtifacts='").append(isDeleteArtifacts()).append('\'');
        sb.append(", deleteStashes='").append(isDeleteStashes()).append('\'');
        sb.append('}');
        return sb.toString();
    }

    static {
        $assertionsDisabled = !S3BlobStore.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(S3BlobStore.class.getName());
    }
}
