package com.netflix.spinnaker.kork.pubsub.aws;

import com.amazonaws.auth.policy.Action;
import com.amazonaws.auth.policy.Condition;
import com.amazonaws.auth.policy.Policy;
import com.amazonaws.auth.policy.Principal;
import com.amazonaws.auth.policy.Resource;
import com.amazonaws.auth.policy.Statement;
import com.amazonaws.auth.policy.actions.SNSActions;
import com.amazonaws.auth.policy.actions.SQSActions;
import com.amazonaws.services.sns.AmazonSNS;
import com.amazonaws.services.sns.model.SetTopicAttributesRequest;
import com.amazonaws.services.sqs.AmazonSQS;
import com.amazonaws.services.sqs.model.QueueDoesNotExistException;
import com.netflix.spinnaker.kork.aws.ARN;
import com.netflix.spinnaker.kork.core.RetrySupport;
import com.netflix.spinnaker.kork.discovery.DiscoveryStatusListener;
import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService;
import com.netflix.spinnaker.kork.pubsub.aws.config.AmazonPubsubProperties;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/netflix/spinnaker/kork/pubsub/aws/PubSubUtils.class */
public class PubSubUtils {
    private static final int MAX_RETRIES = 5;
    private static final boolean EXPONENTIAL = true;
    private static final Logger log = LoggerFactory.getLogger(PubSubUtils.class);
    private static final RetrySupport retrySupport = new RetrySupport();
    private static final Duration RETRY_BACKOFF = Duration.ofSeconds(1);

    /* JADX INFO: Access modifiers changed from: private */
    public static String getQueueUrl(AmazonSQS amazonSQS, ARN arn) {
        String queueUrl;
        try {
            queueUrl = amazonSQS.getQueueUrl(arn.getName()).getQueueUrl();
            log.debug("Reusing existing queue {}", queueUrl);
        } catch (QueueDoesNotExistException e) {
            queueUrl = amazonSQS.createQueue(arn.getName()).getQueueUrl();
            log.debug("Created queue {}", queueUrl);
        }
        return queueUrl;
    }

    public static String ensureQueueExists(AmazonSQS amazonSQS, ARN arn, ARN arn2, int i) {
        String str = (String) retrySupport.retry(() -> {
            return getQueueUrl(amazonSQS, arn);
        }, MAX_RETRIES, RETRY_BACKOFF, true);
        HashMap hashMap = new HashMap();
        hashMap.put("Policy", buildSQSPolicy(arn, arn2).toJson());
        hashMap.put("MessageRetentionPeriod", Integer.toString(i));
        amazonSQS.setQueueAttributes(str, hashMap);
        return str;
    }

    public static String subscribeToTopic(AmazonSNS amazonSNS, ARN arn, ARN arn2) {
        return (String) retrySupport.retry(() -> {
            return amazonSNS.subscribe(arn.getArn(), "sqs", arn2.getArn()).getSubscriptionArn();
        }, MAX_RETRIES, RETRY_BACKOFF, true);
    }

    public static Policy buildSQSPolicy(ARN arn, ARN arn2) {
        Statement withActions = new Statement(Statement.Effect.Allow).withActions(new Action[]{SQSActions.SendMessage});
        withActions.setPrincipals(new Principal[]{Principal.All});
        withActions.setResources(Collections.singletonList(new Resource(arn.getArn())));
        withActions.setConditions(Collections.singletonList(new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(new String[]{arn2.getArn()})));
        return new Policy("allow-sns-send", Collections.singletonList(withActions));
    }

    public static String ensureTopicExists(AmazonSNS amazonSNS, ARN arn, AmazonPubsubProperties.AmazonPubsubSubscription amazonPubsubSubscription) {
        String str = (String) retrySupport.retry(() -> {
            return amazonSNS.createTopic(arn.getName()).getTopicArn();
        }, MAX_RETRIES, RETRY_BACKOFF, true);
        log.debug(str.equals(arn.getArn()) ? "Reusing existing topic {}" : "Created topic {}", str);
        if (!amazonPubsubSubscription.getAccountIds().isEmpty()) {
            amazonSNS.setTopicAttributes(new SetTopicAttributesRequest().withTopicArn(str).withAttributeName("Policy").withAttributeValue(buildSNSPolicy(new ARN(str), amazonPubsubSubscription.getAccountIds()).toJson()));
        }
        return str;
    }

    public static Supplier<Boolean> getEnabledSupplier(DynamicConfigService dynamicConfigService, AmazonPubsubProperties.AmazonPubsubSubscription amazonPubsubSubscription, DiscoveryStatusListener discoveryStatusListener) {
        return () -> {
            return Boolean.valueOf(dynamicConfigService.isEnabled("pubsub", false) && dynamicConfigService.isEnabled("pubsub.amazon", false) && dynamicConfigService.isEnabled("pubsub.amazon." + amazonPubsubSubscription.getName(), false) && discoveryStatusListener.isEnabled());
        };
    }

    public static Policy buildSNSPolicy(ARN arn, List<String> list) {
        Statement withActions = new Statement(Statement.Effect.Allow).withActions(new Action[]{SNSActions.Publish});
        withActions.setPrincipals((Collection) list.stream().map(Principal::new).collect(Collectors.toList()));
        withActions.setResources(Collections.singletonList(new Resource(arn.getArn())));
        return new Policy("allow-remote-account-send", Collections.singletonList(withActions));
    }
}
