package org.apache.hadoop.fs.s3a;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.handlers.RequestHandler2;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Builder;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.AmazonS3EncryptionClientV2Builder;
import com.amazonaws.services.s3.S3ClientOptions;
import com.amazonaws.services.s3.internal.ServiceUtils;
import com.amazonaws.services.s3.model.CryptoConfigurationV2;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.CryptoRangeGetMode;
import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider;
import com.amazonaws.util.AwsHostNameUtils;
import com.amazonaws.util.RuntimeHttpUtils;
import java.io.IOException;
import java.net.URI;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.fs.s3a.S3ClientFactory;
import org.apache.hadoop.fs.s3a.statistics.impl.AwsStatisticsCollector;
import org.apache.hadoop.fs.store.LogExactlyOnce;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Unstable
/* loaded from: input_file:paimon-plugin-s3.jar:org/apache/hadoop/fs/s3a/DefaultS3ClientFactory.class */
public class DefaultS3ClientFactory extends Configured implements S3ClientFactory {
    private static final String S3_SERVICE_NAME = "s3";
    private static final String SDK_REGION_CHAIN_IN_USE = "S3A filesystem client is using the SDK region resolution chain.";
    private String bucket;
    protected static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultS3ClientFactory.class);
    private static final LogExactlyOnce WARN_OF_DEFAULT_REGION_CHAIN = new LogExactlyOnce(LOG);
    private static final LogExactlyOnce IGNORE_CSE_WARN = new LogExactlyOnce(LOG);

    @Override // org.apache.hadoop.fs.s3a.S3ClientFactory
    public AmazonS3 createS3Client(URI uri, S3ClientFactory.S3ClientCreationParameters s3ClientCreationParameters) throws IOException {
        Configuration conf = getConf();
        this.bucket = uri.getHost();
        ClientConfiguration createAwsConf = S3AUtils.createAwsConf(conf, this.bucket, Constants.AWS_SERVICE_IDENTIFIER_S3);
        s3ClientCreationParameters.getHeaders().forEach((str, str2) -> {
            createAwsConf.addHeader(str, str2);
        });
        createAwsConf.setUseThrottleRetries(conf.getBoolean(Constants.EXPERIMENTAL_AWS_INTERNAL_THROTTLING, true));
        if (!StringUtils.isEmpty(s3ClientCreationParameters.getUserAgentSuffix())) {
            createAwsConf.setUserAgentSuffix(s3ClientCreationParameters.getUserAgentSuffix());
        }
        try {
            return S3AEncryptionMethods.CSE_KMS.getMethod().equals(S3AUtils.getEncryptionAlgorithm(this.bucket, conf).getMethod()) ? buildAmazonS3EncryptionClient(createAwsConf, s3ClientCreationParameters) : buildAmazonS3Client(createAwsConf, s3ClientCreationParameters);
        } catch (SdkClientException e) {
            throw S3AUtils.translateException("creating AWS S3 client", uri.toString(), e);
        }
    }

    protected AmazonS3 buildAmazonS3EncryptionClient(ClientConfiguration clientConfiguration, S3ClientFactory.S3ClientCreationParameters s3ClientCreationParameters) throws IOException {
        AmazonS3EncryptionClientV2Builder amazonS3EncryptionClientV2Builder = new AmazonS3EncryptionClientV2Builder();
        String s3EncryptionKey = S3AUtils.getS3EncryptionKey(this.bucket, getConf(), true);
        Preconditions.checkArgument(!StringUtils.isBlank(s3EncryptionKey), "CSE-KMS method requires KMS key ID. Use fs.s3a.encryption.key property to set it. ");
        amazonS3EncryptionClientV2Builder.withEncryptionMaterialsProvider(new KMSEncryptionMaterialsProvider(s3EncryptionKey));
        configureBasicParams(amazonS3EncryptionClientV2Builder, clientConfiguration, s3ClientCreationParameters);
        AwsClientBuilder.EndpointConfiguration createEndpointConfiguration = createEndpointConfiguration(s3ClientCreationParameters.getEndpoint(), clientConfiguration, getConf().getTrimmed(Constants.AWS_REGION));
        configureEndpoint(amazonS3EncryptionClientV2Builder, createEndpointConfiguration);
        CryptoConfigurationV2 withRangeGetMode = new CryptoConfigurationV2(CryptoMode.AuthenticatedEncryption).withRangeGetMode(CryptoRangeGetMode.ALL);
        if (createEndpointConfiguration != null) {
            withRangeGetMode.withAwsKmsRegion(RegionUtils.getRegion(createEndpointConfiguration.getSigningRegion()));
            LOG.debug("KMS region used: {}", withRangeGetMode.getAwsKmsRegion());
        }
        amazonS3EncryptionClientV2Builder.withCryptoConfiguration(withRangeGetMode);
        AmazonS3 amazonS3 = (AmazonS3) amazonS3EncryptionClientV2Builder.build();
        IGNORE_CSE_WARN.info("S3 client-side encryption enabled: Ignore S3-CSE Warnings.", new Object[0]);
        return amazonS3;
    }

    protected AmazonS3 buildAmazonS3Client(ClientConfiguration clientConfiguration, S3ClientFactory.S3ClientCreationParameters s3ClientCreationParameters) {
        AmazonS3ClientBuilder builder = AmazonS3Client.builder();
        configureBasicParams(builder, clientConfiguration, s3ClientCreationParameters);
        configureEndpoint(builder, createEndpointConfiguration(s3ClientCreationParameters.getEndpoint(), clientConfiguration, getConf().getTrimmed(Constants.AWS_REGION)));
        return (AmazonS3) builder.build();
    }

    private void configureBasicParams(AmazonS3Builder amazonS3Builder, ClientConfiguration clientConfiguration, S3ClientFactory.S3ClientCreationParameters s3ClientCreationParameters) {
        amazonS3Builder.withCredentials(s3ClientCreationParameters.getCredentialSet());
        amazonS3Builder.withClientConfiguration(clientConfiguration);
        amazonS3Builder.withPathStyleAccessEnabled(Boolean.valueOf(s3ClientCreationParameters.isPathStyleAccess()));
        if (s3ClientCreationParameters.getMetrics() != null) {
            amazonS3Builder.withMetricsCollector(new AwsStatisticsCollector(s3ClientCreationParameters.getMetrics()));
        }
        if (s3ClientCreationParameters.getRequestHandlers() != null) {
            amazonS3Builder.withRequestHandlers((RequestHandler2[]) s3ClientCreationParameters.getRequestHandlers().toArray(new RequestHandler2[0]));
        }
        if (s3ClientCreationParameters.getMonitoringListener() != null) {
            amazonS3Builder.withMonitoringListener(s3ClientCreationParameters.getMonitoringListener());
        }
    }

    private void configureEndpoint(AmazonS3Builder amazonS3Builder, AwsClientBuilder.EndpointConfiguration endpointConfiguration) {
        if (endpointConfiguration != null) {
            amazonS3Builder.withEndpointConfiguration(endpointConfiguration);
            return;
        }
        amazonS3Builder.withForceGlobalBucketAccessEnabled(true);
        String trimmed = getConf().getTrimmed(Constants.AWS_REGION, Constants.AWS_S3_CENTRAL_REGION);
        LOG.debug("fs.s3a.endpoint.region=\"{}\"", trimmed);
        if (trimmed.isEmpty()) {
            WARN_OF_DEFAULT_REGION_CHAIN.warn(SDK_REGION_CHAIN_IN_USE, new Object[0]);
            LOG.debug(SDK_REGION_CHAIN_IN_USE);
        } else {
            LOG.debug("Using default endpoint; setting region to {}", trimmed);
            amazonS3Builder.setRegion(trimmed);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AmazonS3 configureAmazonS3Client(AmazonS3 amazonS3, String str, boolean z) throws IllegalArgumentException {
        if (!str.isEmpty()) {
            try {
                amazonS3.setEndpoint(str);
            } catch (IllegalArgumentException e) {
                String str2 = "Incorrect endpoint: " + e.getMessage();
                LOG.error(str2);
                throw new IllegalArgumentException(str2, e);
            }
        }
        if (z) {
            LOG.debug("Enabling path style access!");
            amazonS3.setS3ClientOptions(S3ClientOptions.builder().setPathStyleAccess(true).build());
        }
        return amazonS3;
    }

    @VisibleForTesting
    public static AwsClientBuilder.EndpointConfiguration createEndpointConfiguration(String str, ClientConfiguration clientConfiguration, String str2) {
        LOG.debug("Creating endpoint configuration for \"{}\"", str);
        if (str == null || str.isEmpty()) {
            LOG.debug("Using default endpoint -no need to generate a configuration");
            return null;
        }
        URI uri = RuntimeHttpUtils.toUri(str, clientConfiguration);
        LOG.debug("Endpoint URI = {}", uri);
        String str3 = str2;
        if (StringUtils.isBlank(str3)) {
            if (ServiceUtils.isS3USStandardEndpoint(str)) {
                LOG.debug("Endpoint {} is the standard one; declare region as null", uri);
                str3 = null;
            } else {
                LOG.debug("Endpoint {} is not the default; parsing", uri);
                str3 = AwsHostNameUtils.parseRegion(uri.getHost(), "s3");
            }
        }
        LOG.debug("Region for endpoint {}, URI {} is determined as {}", str, uri, str3);
        return new AwsClientBuilder.EndpointConfiguration(str, str3);
    }
}
