package org.apache.ranger.raz.s3.lib.utils;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.servicequotas.model.IllegalArgumentException;
import com.amazonaws.util.EC2MetadataUtils;
import com.google.common.annotations.VisibleForTesting;
import java.util.Locale;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/raz/s3/lib/utils/S3RegionUtils.class */
public class S3RegionUtils {
    private static final Logger LOG = LoggerFactory.getLogger(S3RegionUtils.class);
    private static final String US_EAST_1 = "us-east-1";
    private static final String US_GOV_WEST_1 = "us-gov-west-1";
    private static final String GS_REGION = "gs-region";
    private static final String GS_STORAGE_ENDPOINT = "https://storage.googleapis.com";
    private static final String DETERMINED_REGION_FOR_S3_CLIENT;

    public static String lookupRegion(String str, AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration, String str2) throws SdkClientException, AmazonServiceException {
        if (!StringUtils.isBlank(str2) && str2.toUpperCase(Locale.US).equals("GS")) {
            LOG.debug("Force bucket region lookup using google's service endpoint");
            return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, GS_REGION);
        }
        if (StringUtils.isBlank(str2) && DETERMINED_REGION_FOR_S3_CLIENT != null) {
            LOG.debug("Determined region used for bucket region lookup : {}", DETERMINED_REGION_FOR_S3_CLIENT);
            return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, DETERMINED_REGION_FOR_S3_CLIENT);
        }
        LOG.info("Using Fallback region lookup with forceLookup value: {}", str2);
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException(String.format("Please set 'ranger.raz.force.s3.region.lookup' property to a valid value, one of 'GOV', 'NON-GOV', or 'FALLBACK'. Current value: %s", str2));
        }
        String upperCase = str2.toUpperCase(Locale.US);
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1454007986:
                if (upperCase.equals("NON-GOV")) {
                    z = true;
                    break;
                }
                break;
            case 70766:
                if (upperCase.equals("GOV")) {
                    z = false;
                    break;
                }
                break;
            case 1543870178:
                if (upperCase.equals("FALLBACK")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                LOG.debug("Force bucket region lookup using us-gov-west-1");
                return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_GOV_WEST_1);
            case true:
                LOG.debug("Force bucket region lookup using us-east-1");
                return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_EAST_1);
            case true:
                LOG.debug("Force bucket region lookup using fallback mechanism");
                return getBucketLocationUsingFallback(str, aWSCredentialsProvider, clientConfiguration);
            default:
                throw new IllegalArgumentException(String.format("Please set 'ranger.raz.force.s3.region.lookup' property to a valid value, one of 'GOV', 'NON-GOV', or 'FALLBACK'. Current value: %s", str2));
        }
    }

    private static String getBucketLocationUsingFallback(String str, AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration) {
        LOG.debug("Determined Region for S3 client to lookup bucket region: {}", DETERMINED_REGION_FOR_S3_CLIENT);
        if (DETERMINED_REGION_FOR_S3_CLIENT == null || !DETERMINED_REGION_FOR_S3_CLIENT.equals(US_GOV_WEST_1)) {
            try {
                return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_EAST_1);
            } catch (AmazonServiceException e) {
                LOG.error("Exception caught while getBucketLocation call with us-east-1", e);
                LOG.info("Fallback Region lookup failed for us-east-1, trying with us-gov-west-1..");
                try {
                    return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_GOV_WEST_1);
                } catch (AmazonServiceException e2) {
                    throwAmazonS3ExceptionIfBothFailed(e, e2);
                    return "";
                }
            }
        }
        try {
            return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_GOV_WEST_1);
        } catch (AmazonServiceException e3) {
            LOG.error("Exception caught while getBucketLocation call with us-gov-west-1", e3);
            LOG.info("Fallback Region lookup failed for us-gov-west-1, trying with us-east-1..");
            try {
                return getBucketLocationFromAWS(str, aWSCredentialsProvider, clientConfiguration, US_EAST_1);
            } catch (AmazonServiceException e4) {
                throwAmazonS3ExceptionIfBothFailed(e3, e4);
                return "";
            }
        }
    }

    private static void throwAmazonS3ExceptionIfBothFailed(AmazonServiceException amazonServiceException, AmazonServiceException amazonServiceException2) {
        LOG.error(String.format("Region lookup failed for both GOV and NON-GOV regions, \n reason for lookup failure for non-gov %s \n reason for lookup failure for gov %s", amazonServiceException.getMessage(), amazonServiceException2.getMessage()));
        if (!amazonServiceException.getClass().equals(AmazonS3Exception.class)) {
            throw amazonServiceException2;
        }
        throw amazonServiceException;
    }

    @VisibleForTesting
    static boolean getIsGovFromInstanceProfile(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        String[] split = str.split(":");
        if (split.length > 1) {
            return split[1].contains("gov");
        }
        LOG.warn("Couldn't parse instance profile :{} to figure the cloud type", str);
        return false;
    }

    @VisibleForTesting
    static String getBucketLocationFromAWS(String str, AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration, String str2) {
        String bucketLocation = getS3Client(aWSCredentialsProvider, clientConfiguration, str2).getBucketLocation(str);
        if (bucketLocation.equals("US")) {
            bucketLocation = US_EAST_1;
        }
        S3Utils.updateBucketToRegionCache(str, bucketLocation);
        LOG.info("Region for bucket {}={}", str, bucketLocation);
        return bucketLocation;
    }

    @VisibleForTesting
    static AmazonS3 getS3Client(AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration, String str) {
        AmazonS3ClientBuilder withClientConfiguration = AmazonS3ClientBuilder.standard().withCredentials(aWSCredentialsProvider).withForceGlobalBucketAccessEnabled(true).withClientConfiguration(clientConfiguration);
        if (str.equals(GS_REGION)) {
            withClientConfiguration.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(GS_STORAGE_ENDPOINT, US_EAST_1));
        } else {
            withClientConfiguration.withRegion(str);
        }
        return (AmazonS3) withClientConfiguration.build();
    }

    static {
        try {
            try {
                EC2MetadataUtils.IAMInfo iAMInstanceProfileInfo = EC2MetadataUtils.getIAMInstanceProfileInfo();
                if (iAMInstanceProfileInfo == null) {
                    throw new SdkClientException("No EC2MetadataUtils info could be found");
                }
                DETERMINED_REGION_FOR_S3_CLIENT = getIsGovFromInstanceProfile(iAMInstanceProfileInfo.instanceProfileArn) ? US_GOV_WEST_1 : US_EAST_1;
            } catch (Exception e) {
                LOG.error("Exception caught while trying to identify cloud type using EC2MetadataUtils : {}", e.getMessage());
                LOG.debug("Underlying cause: ", e);
                DETERMINED_REGION_FOR_S3_CLIENT = null;
            }
        } catch (Throwable th) {
            DETERMINED_REGION_FOR_S3_CLIENT = null;
            throw th;
        }
    }
}
