package de.frachtwerk.essencium.storage.generic.provider.s3;

import de.frachtwerk.essencium.storage.generic.model.AbstractFile;
import de.frachtwerk.essencium.storage.generic.model.AbstractStorageInfo;
import de.frachtwerk.essencium.storage.generic.model.Providers;
import de.frachtwerk.essencium.storage.generic.service.MimeTypeHelper;
import de.frachtwerk.essencium.storage.generic.service.StorageService;
import jakarta.annotation.Nullable;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.InputStreamResource;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.DecryptRequest;
import software.amazon.awssdk.services.kms.model.EncryptRequest;
import software.amazon.awssdk.services.kms.model.EncryptResponse;
import software.amazon.awssdk.services.kms.model.KmsException;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3ClientBuilder;
import software.amazon.awssdk.services.s3.model.Delete;
import software.amazon.awssdk.services.s3.model.DeleteObjectsRequest;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.HeadBucketRequest;
import software.amazon.awssdk.services.s3.model.ListObjectsV2Request;
import software.amazon.awssdk.services.s3.model.ListObjectsV2Response;
import software.amazon.awssdk.services.s3.model.ObjectIdentifier;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;

/* loaded from: input_file:de/frachtwerk/essencium/storage/generic/provider/s3/AbstractS3StorageService.class */
public abstract class AbstractS3StorageService<F extends AbstractFile<F, ID, S>, ID extends Serializable, S extends AbstractStorageInfo<F, ID, S>> implements StorageService<F, ID, S> {
    private final Logger LOG = LoggerFactory.getLogger(AbstractS3StorageService.class);

    @NotNull
    private final S3StorageConfiguration config;
    private final MimeTypeHelper mimeTypeHelper;

    public AbstractS3StorageService(@NotNull S3StorageConfiguration s3StorageConfiguration, MimeTypeHelper mimeTypeHelper) {
        this.config = s3StorageConfiguration;
        this.mimeTypeHelper = mimeTypeHelper;
    }

    private S3Client getClient() {
        S3ClientBuilder region = S3Client.builder().credentialsProvider(getCredentialProvider()).region(getRegion(this.config.getRegion()));
        if (StringUtils.isNotBlank(this.config.getEndpointUrl())) {
            this.LOG.debug("Using custom endpoint: {}", this.config.getEndpointUrl());
            region.endpointOverride(URI.create(this.config.getEndpointUrl())).forcePathStyle(true);
        }
        return (S3Client) region.build();
    }

    private AwsCredentialsProvider getCredentialProvider() {
        if (StringUtils.isNotBlank(this.config.getEndpointUrl()) && StringUtils.isNotBlank(this.config.getAccessKey()) && StringUtils.isNotBlank(this.config.getSecretKey())) {
            this.LOG.debug("Using custom credentials provider");
            return StaticCredentialsProvider.create(AwsBasicCredentials.create(this.config.getAccessKey(), this.config.getSecretKey()));
        }
        this.LOG.debug("Using default credentials provider");
        DefaultCredentialsProvider create = DefaultCredentialsProvider.create();
        this.LOG.debug("DefaultCredentialsProvider, accessKeyId: {}", create.resolveCredentials().accessKeyId());
        return create;
    }

    private KmsClient getKMSClient() {
        return (KmsClient) KmsClient.builder().credentialsProvider(getCredentialProvider()).region(getRegion(this.config.getKmsRegion())).build();
    }

    private Region getRegion(@Nullable String str) {
        return StringUtils.isNotBlank(str) ? Region.of(str) : Region.EU_CENTRAL_1;
    }

    @Override // de.frachtwerk.essencium.storage.generic.service.StorageService
    public final S saveFile(String str, byte[] bArr) throws IOException {
        this.LOG.debug("Saving file {} to S3 (saveFile())", str);
        try {
            S3Client client = getClient();
            try {
                testBucketAccess(client, this.config.getBucketName());
                String newObjectKey = getNewObjectKey(client, this.config.getBucketName());
                if (!StringUtils.isBlank(this.config.getKmsKeyId())) {
                    bArr = encryptWithKmsKey(bArr, this.config.getKmsKeyId());
                }
                this.LOG.debug("S3: PutObjectResponse: {}", client.putObject((PutObjectRequest) PutObjectRequest.builder().bucket(this.config.getBucketName()).key(newObjectKey).contentType(this.mimeTypeHelper.getMimeType(newObjectKey, bArr)).contentLength(Long.valueOf(bArr.length)).build(), RequestBody.fromBytes(bArr)));
                this.LOG.info("S3: {} has been uploaded successfully", newObjectKey);
                S s = (S) getNewAbstractS3StorageInfo(null, newObjectKey);
                s.setContent(new InputStreamResource(new ByteArrayInputStream(bArr)));
                if (client != null) {
                    client.close();
                }
                return s;
            } finally {
            }
        } catch (Exception e) {
            this.LOG.error("Error saving file to S3", e);
            throw e;
        }
    }

    protected abstract <SI extends AbstractS3StorageInfo<F, ID, S>> SI getNewAbstractS3StorageInfo(F f, String str);

    @Override // de.frachtwerk.essencium.storage.generic.service.StorageService
    public final boolean deleteFile(S s) {
        AbstractS3StorageInfo abstractS3StorageInfo = (AbstractS3StorageInfo) s;
        try {
            S3Client client = getClient();
            try {
                testBucketAccess(client, this.config.getBucketName());
                this.LOG.info("S3: Deleting object {}", abstractS3StorageInfo.getS3ObjectKey());
                client.deleteObjects((DeleteObjectsRequest) DeleteObjectsRequest.builder().bucket(this.config.getBucketName()).delete((Delete) Delete.builder().objects(List.of((ObjectIdentifier) ObjectIdentifier.builder().key(abstractS3StorageInfo.getS3ObjectKey()).build())).build()).build());
                this.LOG.info("S3: Object {} has been deleted successfully", abstractS3StorageInfo.getS3ObjectKey());
                if (client != null) {
                    client.close();
                }
                return true;
            } finally {
            }
        } catch (Exception e) {
            this.LOG.error("Error deleting file from S3", e);
            throw e;
        }
    }

    @Override // de.frachtwerk.essencium.storage.generic.service.StorageService
    public final S loadFile(S s) {
        AbstractS3StorageInfo abstractS3StorageInfo = (AbstractS3StorageInfo) s;
        try {
            S3Client client = getClient();
            try {
                testBucketAccess(client, this.config.getBucketName());
                byte[] asByteArray = client.getObjectAsBytes((GetObjectRequest) GetObjectRequest.builder().key(abstractS3StorageInfo.getS3ObjectKey()).bucket(this.config.getBucketName()).build()).asByteArray();
                if (!StringUtils.isBlank(this.config.getKmsKeyId())) {
                    asByteArray = decryptWithKmsKey(asByteArray, this.config.getKmsKeyId());
                }
                abstractS3StorageInfo.setContent(new ByteArrayResource(asByteArray));
                S s2 = (S) abstractS3StorageInfo;
                if (client != null) {
                    client.close();
                }
                return s2;
            } finally {
            }
        } catch (Exception e) {
            this.LOG.error("Error loading file from S3", e);
            throw e;
        }
    }

    @Override // de.frachtwerk.essencium.storage.generic.service.StorageService
    public Providers getType() {
        return Providers.S3;
    }

    public void testBucketAccess(S3Client s3Client, String str) {
        this.LOG.debug("S3: HeadBucketResponse: {}", s3Client.headBucket((HeadBucketRequest) HeadBucketRequest.builder().bucket(str).build()).responseMetadata());
        this.LOG.debug("S3: Bucket {} exists", str);
    }

    private String getNewObjectKey(S3Client s3Client, @NotNull @NotBlank String str) {
        String uuid;
        ListObjectsV2Response listObjectsV2 = s3Client.listObjectsV2((ListObjectsV2Request) ListObjectsV2Request.builder().bucket(str).build());
        this.LOG.debug("S3: Bucket {} contains {} object keys", str, listObjectsV2.keyCount());
        List list = listObjectsV2.contents().stream().map((v0) -> {
            return v0.key();
        }).toList();
        do {
            uuid = UUID.randomUUID().toString();
        } while (list.contains(uuid));
        return uuid;
    }

    private byte[] encryptWithKmsKey(byte[] bArr, String str) {
        try {
            KmsClient kMSClient = getKMSClient();
            try {
                EncryptResponse encrypt = kMSClient.encrypt((EncryptRequest) EncryptRequest.builder().keyId(str).plaintext(SdkBytes.fromByteArray(bArr)).build());
                this.LOG.debug("The encryption algorithm is " + encrypt.encryptionAlgorithm().toString());
                byte[] asByteArray = encrypt.ciphertextBlob().asByteArray();
                if (kMSClient != null) {
                    kMSClient.close();
                }
                return asByteArray;
            } finally {
            }
        } catch (KmsException e) {
            this.LOG.error("Error encrypting data", e);
            throw e;
        }
    }

    private byte[] decryptWithKmsKey(byte[] bArr, String str) {
        try {
            KmsClient kMSClient = getKMSClient();
            try {
                byte[] asByteArray = kMSClient.decrypt((DecryptRequest) DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteArray(bArr)).keyId(str).build()).plaintext().asByteArray();
                if (kMSClient != null) {
                    kMSClient.close();
                }
                return asByteArray;
            } finally {
            }
        } catch (KmsException e) {
            this.LOG.error("Error decrypting data", e);
            throw e;
        }
    }
}
