package com.adobe.cq.assetcompute.impl.bulkimport.aws;

import com.adobe.cq.assetcompute.api.bulkimport.AbstractImportService;
import com.adobe.cq.assetcompute.api.bulkimport.ImportAsset;
import com.adobe.cq.assetcompute.api.bulkimport.ImportConfig;
import com.adobe.cq.assetcompute.api.bulkimport.ImportService;
import com.adobe.cq.assetcompute.api.bulkimport.PagedImportResult;
import com.adobe.cq.assetcompute.impl.bulkimport.aws.auth.AWS4SignerBase;
import com.adobe.cq.assetcompute.impl.bulkimport.aws.auth.AWS4SignerForAuthorizationHeader;
import com.adobe.cq.assetcompute.impl.bulkimport.aws.auth.AWS4SignerForQueryParameterAuth;
import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.mime.MimeTypeService;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

@Component(service = {ImportService.class}, immediate = true)
/* loaded from: input_file:com/adobe/cq/assetcompute/impl/bulkimport/aws/AwsImportService.class */
public class AwsImportService extends AbstractImportService {
    private static final Logger LOG = LoggerFactory.getLogger(AwsImportService.class);
    public static final String SOURCE_TYPE = "AwsS3";
    public static final String SOURCE_TYPE_DESCRIPTION = "Amazon Simple Storage Service (S3)";
    private static final int DEFAULT_MAX_LIMIT = 1000;
    private static final int CONNECT_TIMEOUT = 30000;
    private static final int SOCKET_TIMEOUT = 30000;

    @Reference
    private MimeTypeService mimeTypeService;

    @Reference
    private CryptoSupport cryptoSupport;
    private CloseableHttpClient httpClient;
    private RequestConfig config;

    @Activate
    protected void activate() {
        LOG.info("Activating {}", getClass().getName());
        this.httpClient = getHttpClient();
        this.config = RequestConfig.custom().setConnectTimeout(30000).setConnectionRequestTimeout(30000).setSocketTimeout(30000).build();
    }

    @Deactivate
    protected void deactivate() {
        LOG.info("Deactivating {}", getClass().getName());
        try {
            this.httpClient.close();
        } catch (IOException e) {
            LOG.warn("Error closing HTTPClient", e);
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public String getSourceType() {
        return SOURCE_TYPE;
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public PagedImportResult getPagedImportAssetsResult(ResourceResolver resourceResolver, String str, String str2, int i) {
        PagedImportResult pagedImportResult = new PagedImportResult();
        if (i <= 0 || i > 1000) {
            i = 1000;
        }
        try {
            AwsImportConfig awsImportConfig = (AwsImportConfig) resolveImportConfig(resourceResolver, str);
            String blobListXml = getBlobListXml(awsImportConfig, str2, i);
            if (StringUtils.isNotEmpty(blobListXml)) {
                pagedImportResult = resolveResult(blobListXml, awsImportConfig, resourceResolver);
                pagedImportResult.setCurrentPosition(str2);
                if (!pagedImportResult.isFailed()) {
                    LOG.info("Resolved {} assets for importing", Integer.valueOf(pagedImportResult.getImportSourceAssetList().size()));
                }
            } else {
                pagedImportResult.setFailed(true);
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_GENERIC);
                LOG.error("Failure to get blob list for import asset");
            }
        } catch (Exception e) {
            pagedImportResult.setFailed(true);
            if (e instanceof ClientProtocolException) {
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_AWS_BUCKET);
            } else {
                pagedImportResult.setErrorType(PagedImportResult.ErrorType.WRONG_AWS_REGION);
            }
            LOG.error("Failure to get blob list for import asset", e);
        }
        return pagedImportResult;
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public ImportConfig resolveImportConfig(ResourceResolver resourceResolver, String str) {
        try {
            AwsImportConfig awsImportConfig = new AwsImportConfig(resolveBaseImportConfig(resourceResolver, str));
            ValueMap valueMap = resourceResolver.getResource(str).getChild("jcr:content").getValueMap();
            if (!valueMap.containsKey("awsRegion") || !valueMap.containsKey("awsBucket") || !valueMap.containsKey("awsAccessKey") || !valueMap.containsKey("awsAccessSecret")) {
                throw new Exception("The awsRegion, awsBucket, awsAccessKey and awsAccessSecret are required");
            }
            awsImportConfig.setRegion((String) valueMap.get("awsRegion"));
            awsImportConfig.setBucket((String) valueMap.get("awsBucket"));
            awsImportConfig.setAccessKey((String) valueMap.get("awsAccessKey"));
            awsImportConfig.setAccessSecret(this.cryptoSupport.unprotect((String) valueMap.get("awsAccessSecret")));
            return awsImportConfig;
        } catch (Exception e) {
            LOG.error("Failure to get blob list for import asset", e);
            return null;
        }
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public void saveImportConfig(ResourceResolver resourceResolver, String str, Map<String, Object> map) throws JSONException, IOException, CryptoException {
        sanitizeInputFormData(map);
        updateAwsSecrets(map);
        ResourceUtil.getOrCreateResource(resourceResolver, str + "/jcr:content", map, "nt:unstructured", false);
        resourceResolver.commit();
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public void updateImportConfig(ResourceResolver resourceResolver, String str, Map<String, Object> map) throws CryptoException, PersistenceException {
        ModifiableValueMap existingImportConfig = getExistingImportConfig(resourceResolver, str, map);
        if (existingImportConfig == null) {
            throw new IllegalArgumentException("No properties found for configPath: " + str);
        }
        updateAwsSecrets(existingImportConfig);
        resourceResolver.commit();
    }

    private void updateAwsSecrets(Map<String, Object> map) throws CryptoException {
        String str = (String) map.get("awsAccessSecret");
        String str2 = str;
        if (!this.cryptoSupport.isProtected(str)) {
            str2 = this.cryptoSupport.protect(str);
        }
        map.put("awsAccessSecret", str2);
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public String getDownloadUrl(ImportConfig importConfig, ImportAsset importAsset) {
        return getPresignedUrlToS3Object((AwsImportConfig) importConfig, importAsset.getObjectId());
    }

    @Override // com.adobe.cq.assetcompute.api.bulkimport.ImportService
    public boolean deleteSource(ResourceResolver resourceResolver, ImportConfig importConfig, ImportAsset importAsset) {
        AwsImportConfig awsImportConfig = (AwsImportConfig) importConfig;
        String objectId = importAsset.getObjectId();
        LOG.debug("Start to delete object '{}' from S3 bucket '{}'", objectId, awsImportConfig.getBucket());
        try {
            String endpointUrl = getEndpointUrl(awsImportConfig);
            String urlEncode = AWS4SignerBase.urlEncode(objectId, true);
            HashMap hashMap = new HashMap();
            hashMap.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);
            hashMap.put("Authorization", new AWS4SignerForAuthorizationHeader(new URL(endpointUrl + objectId), "DELETE", "s3", awsImportConfig.getRegion()).computeSignature(hashMap, null, AWS4SignerBase.EMPTY_BODY_SHA256, awsImportConfig.getAccessKey(), awsImportConfig.getAccessSecret()));
            HttpDelete httpDelete = new HttpDelete(endpointUrl + urlEncode);
            httpDelete.setConfig(this.config);
            for (Map.Entry entry : hashMap.entrySet()) {
                httpDelete.setHeader((String) entry.getKey(), (String) entry.getValue());
            }
            try {
                CloseableHttpResponse execute = this.httpClient.execute(httpDelete);
                try {
                    int statusCode = execute.getStatusLine().getStatusCode();
                    EntityUtils.consumeQuietly(execute.getEntity());
                    if (statusCode == 204) {
                        LOG.info("Succeeded to delete object '{}' from S3 bucket '{}'", objectId, awsImportConfig.getBucket());
                        if (execute != null) {
                            execute.close();
                        }
                        return true;
                    }
                    LOG.error("Failed to delete object '{}' from S3 bucket '{}', code '{}'", new Object[]{objectId, awsImportConfig.getBucket(), Integer.valueOf(statusCode)});
                    if (execute != null) {
                        execute.close();
                    }
                    return false;
                } finally {
                }
            } catch (Exception e) {
                LOG.error("Failed to make request for delete object '{}'", objectId, e);
                return false;
            }
        } catch (UnsupportedEncodingException | MalformedURLException e2) {
            LOG.error("Failed to generate delete object request for object '{}'", objectId, e2);
            return false;
        }
    }

    private PagedImportResult resolveResult(String str, AwsImportConfig awsImportConfig, ResourceResolver resourceResolver) throws ParserConfigurationException, IOException, SAXException {
        PagedImportResult pagedImportResult = new PagedImportResult();
        Element parseXmlResponse = parseXmlResponse(str);
        if (parseXmlResponse.getTagName().equalsIgnoreCase("Error")) {
            LOG.error("There is error response from AWS API: {}", str);
            pagedImportResult.setFailed(true);
            pagedImportResult.setErrorType(getErrorType(parseXmlResponse));
            return pagedImportResult;
        }
        ArrayList arrayList = new ArrayList();
        if (parseXmlResponse.hasChildNodes()) {
            NodeList childNodes = parseXmlResponse.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                String nodeName = childNodes.item(i).getNodeName();
                if (nodeName.equalsIgnoreCase("Contents")) {
                    ImportAsset resolveImportAssetFromContentsNode = resolveImportAssetFromContentsNode(awsImportConfig, childNodes.item(i), resourceResolver);
                    if (resolveImportAssetFromContentsNode != null) {
                        arrayList.add(resolveImportAssetFromContentsNode);
                    }
                } else if (nodeName.equalsIgnoreCase("NextContinuationToken")) {
                    pagedImportResult.setNextPosition(childNodes.item(i).getTextContent());
                }
            }
        }
        pagedImportResult.setImportSourceAssetList(arrayList);
        return pagedImportResult;
    }

    private Element parseXmlResponse(String str) throws ParserConfigurationException, IOException, SAXException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalSchema", "");
        Document parse = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
        parse.getDocumentElement().normalize();
        return parse.getDocumentElement();
    }

    private ImportAsset resolveImportAssetFromContentsNode(AwsImportConfig awsImportConfig, Node node, ResourceResolver resourceResolver) {
        String str = "";
        long j = 0;
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            String nodeName = childNodes.item(i).getNodeName();
            String textContent = childNodes.item(i).getTextContent();
            if (nodeName.equals("Key")) {
                str = URLDecoder.decode(textContent, StandardCharsets.UTF_8);
            } else if (nodeName.equals("Size")) {
                j = Long.parseLong(textContent);
            }
        }
        if (StringUtils.isEmpty(str)) {
            LOG.warn("Could not resolve asset for object '{}' as lack of blob key", str);
            return null;
        }
        if (j == 0) {
            LOG.debug("Could not resolve asset for object '{}' as size is 0, it's maybe a folder", str);
            return null;
        }
        String presignedUrlToS3Object = getPresignedUrlToS3Object(awsImportConfig, str);
        if (StringUtils.isEmpty(presignedUrlToS3Object)) {
            LOG.error("Could not generate download url for object '{}'", str);
            return null;
        }
        String join = String.join("/", awsImportConfig.getTargetFolder(), getSanitizedAssetPath(awsImportConfig.getSourceFolder(), str, awsImportConfig.getTargetFolder(), awsImportConfig.getUseLowerCaseFolder(), awsImportConfig.getFolderNameRegex(), resourceResolver));
        String mimeType = this.mimeTypeService.getMimeType(str);
        LOG.debug("Resolved asset for blob: id '{}', size '{}', assetPath '{}'", new Object[]{str, Long.valueOf(j), join});
        return new ImportAsset(str, j, presignedUrlToS3Object, join, mimeType);
    }

    private String getBlobListXml(AwsImportConfig awsImportConfig, String str, int i) throws IOException {
        String str2 = getEndpointUrl(awsImportConfig) + "?list-type=2&encoding-type=url";
        HashMap hashMap = new HashMap();
        hashMap.put("encoding-type", "url");
        hashMap.put("list-type", "2");
        if (StringUtils.isNotEmpty(str)) {
            str2 = str2 + "&continuation-token=" + URLEncoder.encode(str, "UTF-8");
            hashMap.put("continuation-token", str);
        }
        if (StringUtils.isNotEmpty(awsImportConfig.getSourceFolder())) {
            str2 = str2 + "&prefix=" + AWS4SignerBase.urlEncode(awsImportConfig.getSourceFolder(), true);
            hashMap.put("prefix", awsImportConfig.getSourceFolder());
        }
        if (i > 0) {
            str2 = str2 + "&max-keys=" + i;
            hashMap.put("max-keys", i);
        }
        URL url = new URL(str2);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);
        hashMap2.put("Authorization", new AWS4SignerForAuthorizationHeader(url, "GET", "s3", awsImportConfig.getRegion()).computeSignature(hashMap2, hashMap, AWS4SignerBase.EMPTY_BODY_SHA256, awsImportConfig.getAccessKey(), awsImportConfig.getAccessSecret()));
        HttpGet httpGet = new HttpGet(str2);
        httpGet.setConfig(this.config);
        for (Map.Entry entry : hashMap2.entrySet()) {
            httpGet.setHeader((String) entry.getKey(), (String) entry.getValue());
        }
        try {
            CloseableHttpResponse execute = this.httpClient.execute(httpGet);
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity(), "UTF-8");
                EntityUtils.consumeQuietly(execute.getEntity());
                LOG.debug("AWS request: {} {}", hashMap2, entityUtils);
                if (execute != null) {
                    execute.close();
                }
                return entityUtils;
            } finally {
            }
        } catch (IOException e) {
            LOG.error("Failed to make rest API call for getting blob list", e);
            throw e;
        }
    }

    private String getPresignedUrlToS3Object(AwsImportConfig awsImportConfig, String str) {
        try {
            String str2 = getEndpointUrl(awsImportConfig) + AWS4SignerBase.urlEncode(str, true);
            HashMap hashMap = new HashMap();
            hashMap.put("X-Amz-Expires", 36000);
            try {
                String str3 = str2 + "?" + new AWS4SignerForQueryParameterAuth(new URL(str2), "GET", "s3", awsImportConfig.getRegion()).computeSignature(new HashMap(), hashMap, AWS4SignerBase.UNSIGNED_PAYLOAD, awsImportConfig.getAccessKey(), awsImportConfig.getAccessSecret());
                LOG.debug("Computed presigned url for blob '{}': '{}'", str, str3);
                return str3;
            } catch (UnsupportedEncodingException | MalformedURLException e) {
                LOG.error("Failed to generate presigned URL for S3 object {}", str, e);
                return "";
            }
        } catch (UnsupportedEncodingException e2) {
            LOG.error("Unable to parse service endpoint", e2);
            return "";
        }
    }

    private String getEndpointUrl(AwsImportConfig awsImportConfig) {
        return awsImportConfig.getRegion().startsWith("cn-") ? "https://" + awsImportConfig.getBucket() + ".s3." + awsImportConfig.getRegion() + ".amazonaws.com.cn/" : "https://" + awsImportConfig.getBucket() + ".s3." + awsImportConfig.getRegion() + ".amazonaws.com/";
    }

    private PagedImportResult.ErrorType getErrorType(Element element) {
        if (element.hasChildNodes()) {
            NodeList childNodes = element.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                if (childNodes.item(i).getNodeName().equalsIgnoreCase("Code")) {
                    String textContent = childNodes.item(i).getTextContent();
                    return textContent.equalsIgnoreCase("NoSuchBucket") ? PagedImportResult.ErrorType.WRONG_AWS_BUCKET : textContent.equalsIgnoreCase("InvalidAccessKeyId") ? PagedImportResult.ErrorType.WRONG_AWS_ACCESSKEY : textContent.equalsIgnoreCase("SignatureDoesNotMatch") ? PagedImportResult.ErrorType.WRONG_AWS_SECRET : PagedImportResult.ErrorType.WRONG_GENERIC;
                }
            }
        }
        return PagedImportResult.ErrorType.WRONG_GENERIC;
    }
}
