package org.elasticsearch.cloud.aws;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSCredentialsProviderChain;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.retry.RetryPolicy;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.AmazonEC2Client;
import java.util.Locale;
import java.util.Random;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.cloud.aws.AwsEc2Service;
import org.elasticsearch.cloud.aws.AwsS3Service;
import org.elasticsearch.cloud.aws.AwsService;
import org.elasticsearch.cloud.aws.network.Ec2NameResolver;
import org.elasticsearch.cloud.aws.node.Ec2CustomNodeAttributes;
import org.elasticsearch.cluster.node.DiscoveryNodeService;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;

/* loaded from: input_file:org/elasticsearch/cloud/aws/AwsEc2ServiceImpl.class */
public class AwsEc2ServiceImpl extends AbstractLifecycleComponent<AwsEc2Service> implements AwsEc2Service {
    public static final String EC2_METADATA_URL = "http://169.254.169.254/latest/meta-data/";
    private AmazonEC2Client client;

    @Inject
    public AwsEc2ServiceImpl(Settings settings, SettingsFilter settingsFilter, NetworkService networkService, DiscoveryNodeService discoveryNodeService) {
        super(settings);
        settingsFilter.addFilter(AwsService.CLOUD_AWS.KEY);
        settingsFilter.addFilter(AwsService.CLOUD_AWS.SECRET);
        settingsFilter.addFilter(AwsService.CLOUD_AWS.PROXY_PASSWORD);
        settingsFilter.addFilter(AwsEc2Service.CLOUD_EC2.KEY);
        settingsFilter.addFilter(AwsEc2Service.CLOUD_EC2.SECRET);
        settingsFilter.addFilter(AwsEc2Service.CLOUD_EC2.PROXY_PASSWORD);
        settingsFilter.addFilter("access_key");
        settingsFilter.addFilter("secret_key");
        settingsFilter.addFilter(AwsS3Service.CLOUD_S3.KEY);
        settingsFilter.addFilter(AwsS3Service.CLOUD_S3.SECRET);
        settingsFilter.addFilter(AwsS3Service.CLOUD_S3.PROXY_PASSWORD);
        networkService.addCustomNameResolver(new Ec2NameResolver(settings));
        discoveryNodeService.addCustomAttributeProvider(new Ec2CustomNodeAttributes(settings));
    }

    @Override // org.elasticsearch.cloud.aws.AwsEc2Service
    public synchronized AmazonEC2 client() {
        String str;
        if (this.client != null) {
            return this.client;
        }
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setResponseMetadataCacheSize(0);
        String lowerCase = this.settings.get(AwsEc2Service.CLOUD_EC2.PROTOCOL, this.settings.get(AwsService.CLOUD_AWS.PROTOCOL, "https").toLowerCase(Locale.ROOT)).toLowerCase(Locale.ROOT);
        if ("http".equals(lowerCase)) {
            clientConfiguration.setProtocol(Protocol.HTTP);
        } else {
            if (!"https".equals(lowerCase)) {
                throw new IllegalArgumentException("No protocol supported [" + lowerCase + "], can either be [http] or [https]");
            }
            clientConfiguration.setProtocol(Protocol.HTTPS);
        }
        String str2 = this.settings.get(AwsEc2Service.CLOUD_EC2.PROXY_HOST, this.settings.get(AwsEc2Service.CLOUD_EC2.DEPRECATED_PROXY_HOST, this.settings.get(AwsService.CLOUD_AWS.PROXY_HOST, this.settings.get(AwsService.CLOUD_AWS.DEPRECATED_PROXY_HOST))));
        if (str2 != null) {
            String str3 = this.settings.get(AwsEc2Service.CLOUD_EC2.PROXY_PORT, this.settings.get(AwsEc2Service.CLOUD_EC2.DEPRECATED_PROXY_PORT, this.settings.get(AwsService.CLOUD_AWS.PROXY_PORT, this.settings.get(AwsService.CLOUD_AWS.DEPRECATED_PROXY_PORT, "80"))));
            try {
                clientConfiguration.withProxyHost(str2).withProxyPort(Integer.valueOf(Integer.parseInt(str3, 10)).intValue()).withProxyUsername(this.settings.get(AwsEc2Service.CLOUD_EC2.PROXY_USERNAME, this.settings.get(AwsService.CLOUD_AWS.PROXY_USERNAME))).withProxyPassword(this.settings.get(AwsEc2Service.CLOUD_EC2.PROXY_PASSWORD, this.settings.get(AwsService.CLOUD_AWS.PROXY_PASSWORD)));
            } catch (NumberFormatException e) {
                throw new IllegalArgumentException("The configured proxy port value [" + str3 + "] is invalid", e);
            }
        }
        String str4 = this.settings.get(AwsEc2Service.CLOUD_EC2.SIGNER, this.settings.get(AwsService.CLOUD_AWS.SIGNER));
        if (str4 != null) {
            this.logger.debug("using AWS API signer [{}]", new Object[]{str4});
            try {
                AwsSigner.configureSigner(str4, clientConfiguration);
            } catch (IllegalArgumentException e2) {
                this.logger.warn("wrong signer set for [{}] or [{}]: [{}]", new Object[]{AwsEc2Service.CLOUD_EC2.SIGNER, AwsService.CLOUD_AWS.SIGNER, str4});
            }
        }
        final Random random = new Random();
        clientConfiguration.setRetryPolicy(new RetryPolicy(RetryPolicy.RetryCondition.NO_RETRY_CONDITION, new RetryPolicy.BackoffStrategy() { // from class: org.elasticsearch.cloud.aws.AwsEc2ServiceImpl.1
            public long delayBeforeNextRetry(AmazonWebServiceRequest amazonWebServiceRequest, AmazonClientException amazonClientException, int i) {
                AwsEc2ServiceImpl.this.logger.warn("EC2 API request failed, retry again. Reason was:", amazonClientException, new Object[0]);
                return 1000 * ((long) (10.0d * Math.pow(2.0d, i / 2.0d) * (1.0d + random.nextDouble())));
            }
        }, 10, false));
        this.client = new AmazonEC2Client(buildCredentials(this.settings), clientConfiguration);
        if (this.settings.get(AwsEc2Service.CLOUD_EC2.ENDPOINT) != null) {
            String str5 = this.settings.get(AwsEc2Service.CLOUD_EC2.ENDPOINT);
            this.logger.debug("using explicit ec2 endpoint [{}]", new Object[]{str5});
            this.client.setEndpoint(str5);
        } else if (this.settings.get(AwsService.CLOUD_AWS.REGION) != null) {
            String lowerCase2 = this.settings.get(AwsService.CLOUD_AWS.REGION).toLowerCase(Locale.ROOT);
            if (lowerCase2.equals("us-east-1") || lowerCase2.equals("us-east")) {
                str = "ec2.us-east-1.amazonaws.com";
            } else if (lowerCase2.equals("us-west") || lowerCase2.equals("us-west-1")) {
                str = "ec2.us-west-1.amazonaws.com";
            } else if (lowerCase2.equals("us-west-2")) {
                str = "ec2.us-west-2.amazonaws.com";
            } else if (lowerCase2.equals("us-gov-west") || lowerCase2.equals("us-gov-west-1")) {
                str = "ec2.us-gov-west-1.amazonaws.com";
            } else if (lowerCase2.equals("ap-southeast") || lowerCase2.equals("ap-southeast-1")) {
                str = "ec2.ap-southeast-1.amazonaws.com";
            } else if (lowerCase2.equals("ap-southeast-2")) {
                str = "ec2.ap-southeast-2.amazonaws.com";
            } else if (lowerCase2.equals("ap-northeast") || lowerCase2.equals("ap-northeast-1")) {
                str = "ec2.ap-northeast-1.amazonaws.com";
            } else if (lowerCase2.equals("ap-northeast-2")) {
                str = "ec2.ap-northeast-2.amazonaws.com";
            } else if (lowerCase2.equals("eu-west") || lowerCase2.equals("eu-west-1")) {
                str = "ec2.eu-west-1.amazonaws.com";
            } else if (lowerCase2.equals("eu-central") || lowerCase2.equals("eu-central-1")) {
                str = "ec2.eu-central-1.amazonaws.com";
            } else if (lowerCase2.equals("sa-east") || lowerCase2.equals("sa-east-1")) {
                str = "ec2.sa-east-1.amazonaws.com";
            } else {
                if (!lowerCase2.equals("cn-north") && !lowerCase2.equals("cn-north-1")) {
                    throw new IllegalArgumentException("No automatic endpoint could be derived from region [" + lowerCase2 + "]");
                }
                str = "ec2.cn-north-1.amazonaws.com.cn";
            }
            this.logger.debug("using ec2 region [{}], with endpoint [{}]", new Object[]{lowerCase2, str});
            this.client.setEndpoint(str);
        }
        return this.client;
    }

    public static AWSCredentialsProvider buildCredentials(Settings settings) {
        String str = settings.get(AwsEc2Service.CLOUD_EC2.KEY, settings.get(AwsService.CLOUD_AWS.KEY));
        String str2 = settings.get(AwsEc2Service.CLOUD_EC2.SECRET, settings.get(AwsService.CLOUD_AWS.SECRET));
        return (str == null && str2 == null) ? new AWSCredentialsProviderChain(new AWSCredentialsProvider[]{new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new InstanceProfileCredentialsProvider()}) : new AWSCredentialsProviderChain(new AWSCredentialsProvider[]{new StaticCredentialsProvider(new BasicAWSCredentials(str, str2))});
    }

    protected void doStart() throws ElasticsearchException {
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
        if (this.client != null) {
            this.client.shutdown();
        }
    }
}
