package org.apache.james.blob.objectstorage.aws;

import com.google.common.collect.ImmutableList;
import jakarta.annotation.PreDestroy;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.james.lifecycle.api.Startable;
import org.apache.james.metrics.api.GaugeRegistry;
import org.apache.james.metrics.api.MetricFactory;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.http.TlsTrustManagersProvider;
import software.amazon.awssdk.http.nio.netty.NettyNioAsyncHttpClient;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.S3Configuration;

/* loaded from: input_file:org/apache/james/blob/objectstorage/aws/S3ClientFactory.class */
public class S3ClientFactory implements Startable, Closeable {
    private static final TrustManager DUMMY_TRUST_MANAGER = new X509TrustManager() { // from class: org.apache.james.blob.objectstorage.aws.S3ClientFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };
    private static final String S3_METRICS_ENABLED_PROPERTY_KEY = "james.s3.metrics.enabled";
    private static final String S3_METRICS_ENABLED_DEFAULT_VALUE = "true";
    private final S3AsyncClient s3Client;

    @Inject
    @Singleton
    public S3ClientFactory(S3BlobStoreConfiguration s3BlobStoreConfiguration, MetricFactory metricFactory, GaugeRegistry gaugeRegistry) {
        AwsS3AuthConfiguration specificAuthConfiguration = s3BlobStoreConfiguration.getSpecificAuthConfiguration();
        this.s3Client = (S3AsyncClient) S3AsyncClient.builder().credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(specificAuthConfiguration.getAccessKeyId(), specificAuthConfiguration.getSecretKey()))).httpClientBuilder(httpClientBuilder(s3BlobStoreConfiguration)).endpointOverride(specificAuthConfiguration.getEndpoint()).region(s3BlobStoreConfiguration.getRegion().asAws()).serviceConfiguration((S3Configuration) S3Configuration.builder().pathStyleAccessEnabled(true).build()).overrideConfiguration(builder -> {
            if (Boolean.parseBoolean(System.getProperty(S3_METRICS_ENABLED_PROPERTY_KEY, S3_METRICS_ENABLED_DEFAULT_VALUE))) {
                builder.addMetricPublisher(new JamesS3MetricPublisher(metricFactory, gaugeRegistry));
            }
        }).build();
    }

    private NettyNioAsyncHttpClient.Builder httpClientBuilder(S3BlobStoreConfiguration s3BlobStoreConfiguration) {
        NettyNioAsyncHttpClient.Builder maxPendingConnectionAcquires = NettyNioAsyncHttpClient.builder().tlsTrustManagersProvider(getTrustManagerProvider(s3BlobStoreConfiguration.getSpecificAuthConfiguration())).maxConcurrency(Integer.valueOf(s3BlobStoreConfiguration.getHttpConcurrency())).maxPendingConnectionAcquires(10000);
        Optional<Duration> writeTimeout = s3BlobStoreConfiguration.getWriteTimeout();
        Objects.requireNonNull(maxPendingConnectionAcquires);
        writeTimeout.ifPresent(maxPendingConnectionAcquires::writeTimeout);
        Optional<Duration> readTimeout = s3BlobStoreConfiguration.getReadTimeout();
        Objects.requireNonNull(maxPendingConnectionAcquires);
        readTimeout.ifPresent(maxPendingConnectionAcquires::readTimeout);
        Optional<Duration> connectionTimeout = s3BlobStoreConfiguration.getConnectionTimeout();
        Objects.requireNonNull(maxPendingConnectionAcquires);
        connectionTimeout.ifPresent(maxPendingConnectionAcquires::connectionTimeout);
        maxPendingConnectionAcquires.useNonBlockingDnsResolver(true);
        return maxPendingConnectionAcquires;
    }

    private TlsTrustManagersProvider getTrustManagerProvider(AwsS3AuthConfiguration awsS3AuthConfiguration) {
        if (awsS3AuthConfiguration.isTrustAll()) {
            return () -> {
                return (TrustManager[]) ImmutableList.of(DUMMY_TRUST_MANAGER).toArray(new TrustManager[0]);
            };
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(awsS3AuthConfiguration.getTrustStoreAlgorithm().orElse(TrustManagerFactory.getDefaultAlgorithm()));
            trustManagerFactory.init(loadTrustStore(awsS3AuthConfiguration));
            Objects.requireNonNull(trustManagerFactory);
            return trustManagerFactory::getTrustManagers;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore loadTrustStore(AwsS3AuthConfiguration awsS3AuthConfiguration) {
        if (awsS3AuthConfiguration.getTrustStorePath().isEmpty()) {
            return null;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(awsS3AuthConfiguration.getTrustStorePath().get());
            try {
                char[] cArr = (char[]) awsS3AuthConfiguration.getTrustStoreSecret().map((v0) -> {
                    return v0.toCharArray();
                }).orElse(null);
                KeyStore keyStore = KeyStore.getInstance(awsS3AuthConfiguration.getTrustStoreType().orElse(KeyStore.getDefaultType()));
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
                return keyStore;
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public S3AsyncClient get() {
        return this.s3Client;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    @PreDestroy
    public void close() {
        this.s3Client.close();
    }
}
