package org.opensearch.discovery.ec2;

import java.net.URI;
import java.net.URISyntaxException;
import java.time.Duration;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchException;
import org.opensearch.common.SuppressForbidden;
import org.opensearch.common.util.LazyInitializable;
import org.opensearch.core.common.Strings;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.exception.SdkException;
import software.amazon.awssdk.core.retry.RetryPolicy;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.ec2.Ec2Client;
import software.amazon.awssdk.services.ec2.Ec2ClientBuilder;

/* loaded from: input_file:org/opensearch/discovery/ec2/AwsEc2ServiceImpl.class */
class AwsEc2ServiceImpl implements AwsEc2Service {
    private static final Logger logger = LogManager.getLogger(AwsEc2ServiceImpl.class);
    private final AtomicReference<LazyInitializable<AmazonEc2ClientReference, OpenSearchException>> lazyClientReference = new AtomicReference<>();

    private Ec2Client buildClient(Ec2ClientSettings ec2ClientSettings) {
        SocketAccess.doPrivilegedVoid(AwsEc2ServiceImpl::setDefaultAwsProfilePath);
        return buildClient(buildCredentials(logger, ec2ClientSettings), (ProxyConfiguration) SocketAccess.doPrivileged(() -> {
            return buildProxyConfiguration(logger, ec2ClientSettings);
        }), buildOverrideConfiguration(logger, ec2ClientSettings), ec2ClientSettings.endpoint, ec2ClientSettings.region, ec2ClientSettings.readTimeoutMillis);
    }

    protected Ec2Client buildClient(AwsCredentialsProvider awsCredentialsProvider, ProxyConfiguration proxyConfiguration, ClientOverrideConfiguration clientOverrideConfiguration, String str, String str2, long j) {
        Ec2ClientBuilder credentialsProvider = Ec2Client.builder().overrideConfiguration(clientOverrideConfiguration).httpClientBuilder(ApacheHttpClient.builder().proxyConfiguration(proxyConfiguration).socketTimeout(Duration.ofMillis(j))).credentialsProvider(awsCredentialsProvider);
        if (Strings.hasText(str)) {
            logger.debug("using explicit ec2 endpoint [{}]", str);
            credentialsProvider.endpointOverride(URI.create(getFullEndpoint(str)));
        }
        if (Strings.hasText(str2)) {
            logger.debug("using explicit ec2 region [{}]", str2);
            credentialsProvider.region(Region.of(str2));
        }
        Objects.requireNonNull(credentialsProvider);
        return (Ec2Client) SocketAccess.doPrivileged(credentialsProvider::build);
    }

    protected String getFullEndpoint(String str) {
        if (!Strings.hasText(str)) {
            return null;
        }
        if (str.startsWith("http://") || str.startsWith("https://")) {
            return str;
        }
        logger.debug("no scheme found in endpoint [{}], defaulting to https", str);
        return "https://" + str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ProxyConfiguration buildProxyConfiguration(Logger logger2, Ec2ClientSettings ec2ClientSettings) {
        if (!Strings.hasText(ec2ClientSettings.proxyHost)) {
            return (ProxyConfiguration) ProxyConfiguration.builder().build();
        }
        try {
            return (ProxyConfiguration) ProxyConfiguration.builder().endpoint(new URI(ec2ClientSettings.protocol.toString(), null, ec2ClientSettings.proxyHost, ec2ClientSettings.proxyPort, null, null, null)).username(ec2ClientSettings.proxyUsername).password(ec2ClientSettings.proxyPassword).build();
        } catch (URISyntaxException e) {
            throw SdkException.create("Invalid proxy URL", e);
        }
    }

    static ClientOverrideConfiguration buildOverrideConfiguration(Logger logger2, Ec2ClientSettings ec2ClientSettings) {
        return (ClientOverrideConfiguration) ClientOverrideConfiguration.builder().retryPolicy(buildRetryPolicy(logger2, ec2ClientSettings)).build();
    }

    static RetryPolicy buildRetryPolicy(Logger logger2, Ec2ClientSettings ec2ClientSettings) {
        return RetryPolicy.builder().numRetries(10).build();
    }

    static AwsCredentialsProvider buildCredentials(Logger logger2, Ec2ClientSettings ec2ClientSettings) {
        AwsCredentials awsCredentials = ec2ClientSettings.credentials;
        if (awsCredentials == null) {
            logger2.debug("Using default credentials provider");
            return DefaultCredentialsProvider.create();
        }
        logger2.debug("Using basic key/secret credentials");
        return StaticCredentialsProvider.create(awsCredentials);
    }

    @Override // org.opensearch.discovery.ec2.AwsEc2Service
    public AmazonEc2ClientReference client() {
        LazyInitializable<AmazonEc2ClientReference, OpenSearchException> lazyInitializable = this.lazyClientReference.get();
        if (lazyInitializable == null) {
            throw new IllegalStateException("Missing ec2 client configs");
        }
        return (AmazonEc2ClientReference) lazyInitializable.getOrCompute();
    }

    @Override // org.opensearch.discovery.ec2.AwsEc2Service
    public void refreshAndClearCache(Ec2ClientSettings ec2ClientSettings) {
        LazyInitializable<AmazonEc2ClientReference, OpenSearchException> andSet = this.lazyClientReference.getAndSet(new LazyInitializable<>(() -> {
            return new AmazonEc2ClientReference(buildClient(ec2ClientSettings));
        }, amazonEc2ClientReference -> {
            amazonEc2ClientReference.incRef();
        }, amazonEc2ClientReference2 -> {
            amazonEc2ClientReference2.decRef();
        }));
        if (andSet != null) {
            andSet.reset();
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        LazyInitializable<AmazonEc2ClientReference, OpenSearchException> andSet = this.lazyClientReference.getAndSet(null);
        if (andSet != null) {
            andSet.reset();
        }
    }

    @SuppressForbidden(reason = "Prevent AWS SDK v2 from using ~/.aws/config and ~/.aws/credentials.")
    static void setDefaultAwsProfilePath() {
        if (ProfileFileSystemSetting.AWS_SHARED_CREDENTIALS_FILE.getStringValue().isEmpty()) {
            logger.info("setting aws.sharedCredentialsFile={}", System.getProperty("opensearch.path.conf"));
            System.setProperty(ProfileFileSystemSetting.AWS_SHARED_CREDENTIALS_FILE.property(), System.getProperty("opensearch.path.conf"));
        }
        if (ProfileFileSystemSetting.AWS_CONFIG_FILE.getStringValue().isEmpty()) {
            logger.info("setting aws.sharedCredentialsFile={}", System.getProperty("opensearch.path.conf"));
            System.setProperty(ProfileFileSystemSetting.AWS_CONFIG_FILE.property(), System.getProperty("opensearch.path.conf"));
        }
    }
}
