package io.guise.mummy.deploy.aws;

import com.globalmentor.collections.DecoratorReverseMap;
import com.globalmentor.collections.ReverseMap;
import com.globalmentor.java.CharSequences;
import com.globalmentor.java.Conditions;
import com.globalmentor.net.DomainName;
import com.globalmentor.net.URIPath;
import com.globalmentor.text.StringTemplate;
import io.clogr.Clogged;
import io.confound.config.Configuration;
import io.confound.config.ConfigurationException;
import io.guise.mummy.Artifact;
import io.guise.mummy.CompositeArtifact;
import io.guise.mummy.DirectoryArtifact;
import io.guise.mummy.GuiseMummy;
import io.guise.mummy.MummyContext;
import io.guise.mummy.deploy.DeployTarget;
import io.urf.vocab.content.Content;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.core.exception.SdkException;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.S3ClientBuilder;
import software.amazon.awssdk.services.s3.model.ListObjectsV2Request;
import software.amazon.awssdk.services.s3.model.ListObjectsV2Response;
import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.services.s3.model.S3Object;

/* loaded from: input_file:io/guise/mummy/deploy/aws/S3.class */
public class S3 implements DeployTarget, Clogged {
    public static final String CONFIG_KEY_REGION = "region";
    public static final String CONFIG_KEY_BUCKET = "bucket";
    protected static final String POLICY_STATEMENT_CONTENT_PUBLIC_READ_GET_OBJECT = "\"Sid\":\"PublicReadGetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"],";
    protected static final StringTemplate POLICY_TEMPLATE_PUBLIC_READ_GET_OBJECT = StringTemplate.builder().text("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"PublicReadGetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::").parameter(StringTemplate.STRING_PARAMETER).text("/*\"]}]}").build();
    protected static final StringTemplate POLICY_TEMPLATE_CONDITIONAL_PUBLIC_READ_GET_OBJECT = StringTemplate.builder().text("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"PublicReadGetObject\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::").parameter(StringTemplate.STRING_PARAMETER).text("/*\"],\"Condition\":").parameter(StringTemplate.STRING_PARAMETER).text("}]}").build();
    protected static final StringTemplate POLICY_HEADER_CONDITION_CLAUSE_TEMPLATE_PUBLIC_READ_GET_OBJECT = StringTemplate.builder().text("{\"StringEquals\":{\"aws:UserAgent\":[").parameter(StringTemplate.STRING_PARAMETER).text("]}}").build();
    private final String profile;
    private final Region region;
    private final String bucket;
    private final DomainName siteDomain;
    private final S3Client s3Client;
    private final ReverseMap<Artifact, String> artifactKeys;

    public static String policyPublicReadGetForBucket(@Nonnull String str) {
        return POLICY_TEMPLATE_PUBLIC_READ_GET_OBJECT.apply(new Object[]{str});
    }

    public static String policyPublicReadGetForBucketRequiringAnyUserAgentOf(@Nonnull String str, @Nonnull Iterable<String> iterable) {
        return POLICY_TEMPLATE_CONDITIONAL_PUBLIC_READ_GET_OBJECT.apply(new Object[]{str, policyConditionRequiringAnyUserAgentOf(iterable)});
    }

    public static String policyConditionRequiringAnyUserAgentOf(@Nonnull Iterable<String> iterable) {
        return POLICY_HEADER_CONDITION_CLAUSE_TEMPLATE_PUBLIC_READ_GET_OBJECT.apply(new Object[]{(String) StreamSupport.stream(iterable.spliterator(), false).map(str -> {
            Conditions.checkArgument(!CharSequences.contains(str, '\"'), "User agent `%s` cannot contain a quote `\"` character.", new Object[]{str});
            return str;
        }).map(str2 -> {
            return "\"" + str2 + "\"";
        }).collect(Collectors.joining(","))});
    }

    public final Optional<String> getProfile() {
        return Optional.ofNullable(this.profile);
    }

    public Region getRegion() {
        return this.region;
    }

    public String getBucket() {
        return this.bucket;
    }

    public Stream<String> buckets() {
        return Stream.of(getBucket());
    }

    public Optional<DomainName> getSiteDomain() {
        return Optional.ofNullable(this.siteDomain);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public S3Client getS3Client() {
        return this.s3Client;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ReverseMap<Artifact, String> getArtifactKeys() {
        return this.artifactKeys;
    }

    public S3(@Nonnull MummyContext mummyContext, @Nonnull Configuration configuration) {
        this((String) mummyContext.getConfiguration().findString(AWS.CONFIG_KEY_DEPLOY_AWS_PROFILE).orElse(null), Region.of(configuration.getString(CONFIG_KEY_REGION)), getConfiguredBucket(mummyContext.getConfiguration(), configuration), GuiseMummy.findConfiguredSiteDomain(mummyContext.getConfiguration()).orElse(null));
    }

    public S3(@Nullable String str, @Nonnull Region region, @Nonnull String str2, @Nullable DomainName domainName) {
        this.artifactKeys = new DecoratorReverseMap(new LinkedHashMap(), new HashMap());
        this.profile = str;
        this.region = (Region) Objects.requireNonNull(region);
        this.bucket = (String) Objects.requireNonNull(str2);
        if (domainName != null) {
            domainName.checkArgumentAbsolute();
        }
        this.siteDomain = domainName;
        S3ClientBuilder region2 = S3Client.builder().region(region);
        if (str != null) {
            region2.credentialsProvider(ProfileCredentialsProvider.create(str));
        }
        this.s3Client = (S3Client) region2.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getConfiguredBucket(@Nonnull Configuration configuration, @Nonnull Configuration configuration2) throws ConfigurationException {
        return (String) configuration2.findString(CONFIG_KEY_BUCKET).or(() -> {
            Optional<DomainName> findConfiguredSiteDomain = GuiseMummy.findConfiguredSiteDomain(configuration);
            DomainName domainName = DomainName.ROOT;
            Objects.requireNonNull(domainName);
            return findConfiguredSiteDomain.map(domainName::relativize).map((v0) -> {
                return v0.toString();
            });
        }).orElseThrow(() -> {
            return new ConfigurationException("No configured S3 bucket could be determined.");
        });
    }

    @Override // io.guise.mummy.deploy.DeployTarget
    public void prepare(MummyContext mummyContext) throws IOException {
        boolean z;
        getProfile().ifPresent(str -> {
            getLogger().info("Using AWS S3 credentials profile `{}`.", str);
        });
        S3Client s3Client = getS3Client();
        try {
            String bucket = getBucket();
            Region region = getRegion();
            getLogger().info("Preparing AWS S3 bucket `{}` in region `{}` for deployment.", bucket, region);
            boolean bucketExists = bucketExists(bucket);
            getLogger().debug("Bucket `{}` exists? {}.", bucket, Boolean.valueOf(bucketExists));
            if (bucketExists) {
                z = bucketHasPolicy(bucket);
            } else {
                getLogger().info("Creating S3 bucket `{}` in AWS region `{}`.", bucket, region);
                s3Client.createBucket(builder -> {
                    builder.bucket(bucket).createBucketConfiguration(builder -> {
                        builder.locationConstraint(region.id());
                    });
                });
                z = false;
            }
            setBucketPolicy(mummyContext, bucket, z);
        } catch (SdkException e) {
            throw new IOException((Throwable) e);
        }
    }

    protected void setBucketPolicy(@Nonnull MummyContext mummyContext, @Nonnull String str, boolean z) throws IOException {
    }

    @Override // io.guise.mummy.deploy.DeployTarget
    public Optional<URI> deploy(@Nonnull MummyContext mummyContext, @Nonnull Artifact artifact) throws IOException {
        getLogger().info("Deploying to AWS region `{}` S3 bucket `{}`.", getRegion(), getBucket());
        plan(mummyContext, artifact);
        put(mummyContext);
        prune(mummyContext);
        return Optional.empty();
    }

    protected void plan(@Nonnull MummyContext mummyContext, @Nonnull Artifact artifact) throws IOException {
        plan(mummyContext, artifact, artifact);
    }

    protected void plan(@Nonnull MummyContext mummyContext, @Nonnull Artifact artifact, @Nonnull Artifact artifact2) throws IOException {
        planResource(mummyContext, artifact, artifact2, mummyContext.relativizeTargetReference(artifact, artifact2));
        if (artifact2 instanceof CompositeArtifact) {
            Stream<Artifact> comprisedArtifacts = ((CompositeArtifact) artifact2).comprisedArtifacts();
            Objects.requireNonNull(comprisedArtifacts);
            Iterable iterable = comprisedArtifacts::iterator;
            Iterator it = iterable.iterator();
            while (it.hasNext()) {
                plan(mummyContext, artifact, (Artifact) it.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void planResource(@Nonnull MummyContext mummyContext, @Nonnull Artifact artifact, @Nonnull Artifact artifact2, @Nonnull URIPath uRIPath) throws IOException {
        String uRIPath2 = uRIPath.toString();
        getLogger().debug("Planning deployment for artifact {}, S3 key `{}`.", artifact2, uRIPath2);
        getArtifactKeys().put(artifact2, uRIPath2);
    }

    protected void put(@Nonnull MummyContext mummyContext) throws IOException {
        try {
            S3Client s3Client = getS3Client();
            String bucket = getBucket();
            for (Map.Entry entry : getArtifactKeys().entrySet()) {
                Artifact artifact = (Artifact) entry.getKey();
                if (!(artifact instanceof DirectoryArtifact)) {
                    String str = (String) entry.getValue();
                    getLogger().info("Deploying artifact to S3 key `{}`.", str);
                    PutObjectRequest.Builder key = PutObjectRequest.builder().bucket(bucket).key(str);
                    Optional map = Content.findContentType(artifact.getResourceDescription()).map((v0) -> {
                        return v0.toString();
                    });
                    Objects.requireNonNull(key);
                    map.ifPresent(key::contentType);
                    s3Client.putObject((PutObjectRequest) key.build(), RequestBody.fromFile(artifact.getTargetPath()));
                }
            }
        } catch (SdkException e) {
            throw new IOException((Throwable) e);
        }
    }

    protected void prune(@Nonnull MummyContext mummyContext) throws IOException {
        ListObjectsV2Response listObjectsV2;
        try {
            S3Client s3Client = getS3Client();
            String bucket = getBucket();
            ReverseMap<Artifact, String> artifactKeys = getArtifactKeys();
            ListObjectsV2Request listObjectsV2Request = (ListObjectsV2Request) ListObjectsV2Request.builder().bucket(bucket).build();
            do {
                listObjectsV2 = s3Client.listObjectsV2(listObjectsV2Request);
                Iterator it = listObjectsV2.contents().iterator();
                while (it.hasNext()) {
                    String key = ((S3Object) it.next()).key();
                    if (!artifactKeys.containsValue(key)) {
                        getLogger().info("Pruning S3 object `{}`.", key);
                        s3Client.deleteObject(builder -> {
                            builder.bucket(bucket).key(key);
                        });
                    }
                }
                listObjectsV2Request = (ListObjectsV2Request) ListObjectsV2Request.builder().bucket(bucket).continuationToken(listObjectsV2.nextContinuationToken()).build();
            } while (listObjectsV2.isTruncated().booleanValue());
        } catch (SdkException e) {
            throw new IOException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean bucketExists(@Nonnull String str) throws SdkException {
        try {
            getS3Client().headBucket(builder -> {
                builder.bucket(str);
            });
            return true;
        } catch (NoSuchBucketException e) {
            return false;
        }
    }

    protected boolean bucketHasPolicy(@Nonnull String str) throws SdkException {
        try {
            getS3Client().getBucketPolicy(builder -> {
                builder.bucket(str);
            });
            return true;
        } catch (S3Exception e) {
            if (e.statusCode() == 404) {
                return false;
            }
            throw e;
        }
    }

    protected boolean bucketHasWebsiteConfiguration(@Nonnull String str) throws SdkException {
        try {
            getS3Client().getBucketWebsite(builder -> {
                builder.bucket(str);
            });
            return true;
        } catch (S3Exception e) {
            if (e.statusCode() == 404) {
                return false;
            }
            throw e;
        }
    }
}
