package org.eclipse.edc.aws.s3;

import java.net.URI;
import java.util.Optional;
import org.eclipse.edc.aws.s3.AwsClientProviderConfiguration;
import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Inject;
import org.eclipse.edc.runtime.metamodel.annotation.Provider;
import org.eclipse.edc.runtime.metamodel.annotation.Setting;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.security.Vault;
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;
import org.jetbrains.annotations.NotNull;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;

@Extension(S3CoreExtension.NAME)
/* loaded from: input_file:org/eclipse/edc/aws/s3/S3CoreExtension.class */
public class S3CoreExtension implements ServiceExtension {
    public static final String NAME = "S3";

    @Setting("The key of the secret where the AWS Access Key Id is stored")
    private static final String AWS_ACCESS_KEY = "edc.aws.access.key";

    @Setting("The key of the secret where the AWS Secret Access Key is stored")
    private static final String AWS_SECRET_KEY = "edc.aws.secret.access.key";

    @Setting("If valued, the AWS clients will point to the specified endpoint")
    private static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override";

    @Setting("The size of the thread pool used for the async clients")
    private static final String AWS_ASYNC_CLIENT_THREAD_POOL_SIZE = "edc.aws.client.async.thread-pool-size";

    @Inject
    private Vault vault;

    @Inject
    private Monitor monitor;

    public String name() {
        return NAME;
    }

    @Provider
    public AwsClientProvider awsClientProvider(ServiceExtensionContext serviceExtensionContext) {
        URI uri = (URI) Optional.of(AWS_ENDPOINT_OVERRIDE).map(str -> {
            return serviceExtensionContext.getSetting(str, (String) null);
        }).map(URI::create).orElse(null);
        return new AwsClientProviderImpl(AwsClientProviderConfiguration.Builder.newInstance().credentialsProvider(createCredentialsProvider(serviceExtensionContext)).endpointOverride(uri).threadPoolSize(serviceExtensionContext.getSetting(AWS_ASYNC_CLIENT_THREAD_POOL_SIZE, 50)).build());
    }

    @NotNull
    private AwsCredentialsProvider createCredentialsProvider(ServiceExtensionContext serviceExtensionContext) {
        String resolveSecret = this.vault.resolveSecret(serviceExtensionContext.getSetting(AWS_ACCESS_KEY, AWS_ACCESS_KEY));
        String resolveSecret2 = this.vault.resolveSecret(serviceExtensionContext.getSetting(AWS_SECRET_KEY, AWS_SECRET_KEY));
        if (resolveSecret != null && resolveSecret2 != null) {
            return () -> {
                return AwsBasicCredentials.create(resolveSecret, resolveSecret2);
            };
        }
        this.monitor.info(String.format("S3: %s and %s were not found in the vault, DefaultCredentialsProvider will be used", AWS_ACCESS_KEY, AWS_SECRET_KEY), new Throwable[0]);
        return DefaultCredentialsProvider.create();
    }
}
