package io.trino.plugin.hive.s3select;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.DefaultAwsRegionProviderChain;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Builder;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.google.common.base.Strings;
import com.google.common.base.Verify;
import com.google.inject.Inject;
import io.airlift.log.Logger;
import io.airlift.units.Duration;
import io.trino.hdfs.s3.AwsCurrentRegionHolder;
import io.trino.hdfs.s3.HiveS3Config;
import io.trino.hdfs.s3.TrinoS3FileSystem;
import io.trino.plugin.hive.HiveConfig;
import java.net.URI;
import java.util.Optional;
import javax.annotation.concurrent.GuardedBy;
import org.apache.hadoop.conf.Configuration;

/* loaded from: input_file:io/trino/plugin/hive/s3select/TrinoS3ClientFactory.class */
public class TrinoS3ClientFactory {
    private static final Logger log = Logger.get(TrinoS3ClientFactory.class);
    private static final String S3_SELECT_PUSHDOWN_MAX_CONNECTIONS = "hive.s3select-pushdown.max-connections";
    private final boolean enabled;
    private final int defaultMaxConnections;

    @GuardedBy("this")
    private AmazonS3 s3Client;

    @Inject
    public TrinoS3ClientFactory(HiveConfig hiveConfig) {
        this.enabled = hiveConfig.isS3SelectPushdownEnabled();
        this.defaultMaxConnections = hiveConfig.getS3SelectPushdownMaxConnections();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized AmazonS3 getS3Client(Configuration configuration) {
        if (this.s3Client == null) {
            this.s3Client = createS3Client(configuration);
        }
        return this.s3Client;
    }

    private AmazonS3 createS3Client(Configuration configuration) {
        HiveS3Config hiveS3Config = new HiveS3Config();
        ClientConfiguration withUserAgentSuffix = new ClientConfiguration().withMaxErrorRetry(configuration.getInt("trino.s3.max-error-retries", hiveS3Config.getS3MaxErrorRetries())).withProtocol(configuration.getBoolean("trino.s3.ssl.enabled", hiveS3Config.isS3SslEnabled()) ? Protocol.HTTPS : Protocol.HTTP).withConnectionTimeout(Math.toIntExact(Duration.valueOf(configuration.get("trino.s3.connect-timeout", hiveS3Config.getS3ConnectTimeout().toString())).toMillis())).withSocketTimeout(Math.toIntExact(Duration.valueOf(configuration.get("trino.s3.socket-timeout", hiveS3Config.getS3SocketTimeout().toString())).toMillis())).withMaxConnections(configuration.getInt(S3_SELECT_PUSHDOWN_MAX_CONNECTIONS, this.defaultMaxConnections)).withUserAgentPrefix(configuration.get("trino.s3.user-agent-prefix", hiveS3Config.getS3UserAgentPrefix())).withUserAgentSuffix(this.enabled ? "Trino-select" : "Trino");
        String str = configuration.get("trino.s3.connect-ttl");
        if (!Strings.isNullOrEmpty(str)) {
            withUserAgentSuffix.setConnectionTTL(Duration.valueOf(str).toMillis());
        }
        AmazonS3Builder enablePathStyleAccess = AmazonS3Client.builder().withCredentials(getAwsCredentialsProvider(configuration)).withClientConfiguration(withUserAgentSuffix).withMetricsCollector(TrinoS3FileSystem.getFileSystemStats().newRequestMetricCollector()).enablePathStyleAccess();
        boolean z = false;
        String str2 = configuration.get("trino.s3.endpoint");
        boolean z2 = configuration.getBoolean("trino.s3.pin-client-to-current-region", hiveS3Config.isPinS3ClientToCurrentRegion());
        Verify.verify(!z2 || str2 == null, "Invalid configuration: either endpoint can be set or S3 client can be pinned to the current region", new Object[0]);
        if (z2) {
            enablePathStyleAccess.setRegion(AwsCurrentRegionHolder.getCurrentRegionFromEC2Metadata().getName());
            z = true;
        }
        if (!Strings.isNullOrEmpty(str2)) {
            enablePathStyleAccess.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(str2, (String) null));
            z = true;
        }
        if (!z) {
            enablePathStyleAccess.withRegion(Regions.US_EAST_1);
            enablePathStyleAccess.setForceGlobalBucketAccessEnabled(true);
        }
        return (AmazonS3) enablePathStyleAccess.build();
    }

    private static AWSCredentialsProvider getAwsCredentialsProvider(Configuration configuration) {
        String name;
        Optional<AWSCredentials> awsCredentials = getAwsCredentials(configuration);
        if (awsCredentials.isPresent()) {
            return new AWSStaticCredentialsProvider(awsCredentials.get());
        }
        String str = configuration.get("trino.s3.credentials-provider");
        if (!Strings.isNullOrEmpty(str)) {
            return getCustomAWSCredentialsProvider(configuration, str);
        }
        AWSCredentialsProvider aWSCredentialsProvider = (AWSCredentialsProvider) getAwsCredentials(configuration).map(aWSCredentials -> {
            return new AWSStaticCredentialsProvider(aWSCredentials);
        }).orElseGet(DefaultAWSCredentialsProviderChain::getInstance);
        String str2 = configuration.get("trino.s3.iam-role");
        if (str2 != null) {
            String str3 = configuration.get("trino.s3.sts.endpoint");
            String str4 = configuration.get("trino.s3.sts.region");
            String str5 = configuration.get("trino.s3.role-session-name");
            String str6 = configuration.get("trino.s3.external-id");
            AWSSecurityTokenServiceClientBuilder withCredentials = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSCredentialsProvider);
            if (Strings.isNullOrEmpty(str4)) {
                try {
                    name = new DefaultAwsRegionProviderChain().getRegion();
                } catch (SdkClientException e) {
                    log.warn("Falling back to default AWS region %s", new Object[]{Regions.US_EAST_1});
                    name = Regions.US_EAST_1.getName();
                }
            } else {
                name = str4;
            }
            if (Strings.isNullOrEmpty(str3)) {
                withCredentials.withRegion(name);
            } else {
                withCredentials.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(str3, name));
            }
            aWSCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(str2, str5).withExternalId(str6).withStsClient((AWSSecurityTokenService) withCredentials.build()).build();
        }
        return aWSCredentialsProvider;
    }

    private static AWSCredentialsProvider getCustomAWSCredentialsProvider(Configuration configuration, String str) {
        try {
            return (AWSCredentialsProvider) configuration.getClassByName(str).asSubclass(AWSCredentialsProvider.class).getConstructor(URI.class, Configuration.class).newInstance(null, configuration);
        } catch (ReflectiveOperationException e) {
            throw new RuntimeException(String.format("Error creating an instance of %s", str), e);
        }
    }

    private static Optional<AWSCredentials> getAwsCredentials(Configuration configuration) {
        String str = configuration.get("trino.s3.access-key");
        String str2 = configuration.get("trino.s3.secret-key");
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
            return Optional.empty();
        }
        String str3 = configuration.get("trino.s3.session-token");
        return !Strings.isNullOrEmpty(str3) ? Optional.of(new BasicSessionCredentials(str, str2, str3)) : Optional.of(new BasicAWSCredentials(str, str2));
    }
}
