package org.duracloud.s3task.streaming;

import com.amazonaws.services.cloudfront.AmazonCloudFrontClient;
import com.amazonaws.services.cloudfront.model.CloudFrontOriginAccessIdentityConfig;
import com.amazonaws.services.cloudfront.model.CloudFrontOriginAccessIdentitySummary;
import com.amazonaws.services.cloudfront.model.CreateCloudFrontOriginAccessIdentityRequest;
import com.amazonaws.services.cloudfront.model.CreateStreamingDistributionRequest;
import com.amazonaws.services.cloudfront.model.GetCloudFrontOriginAccessIdentityRequest;
import com.amazonaws.services.cloudfront.model.ListCloudFrontOriginAccessIdentitiesRequest;
import com.amazonaws.services.cloudfront.model.S3Origin;
import com.amazonaws.services.cloudfront.model.StreamingDistributionConfig;
import com.amazonaws.services.cloudfront.model.StreamingDistributionSummary;
import com.amazonaws.services.cloudfront.model.TrustedSigners;
import com.amazonaws.services.s3.AmazonS3Client;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.duracloud.StorageTaskConstants;
import org.duracloud.s3storage.S3StorageProvider;
import org.duracloud.s3storageprovider.dto.EnableStreamingTaskParameters;
import org.duracloud.s3storageprovider.dto.EnableStreamingTaskResult;
import org.duracloud.s3task.streaming.BaseStreamingTaskRunner;
import org.duracloud.storage.error.UnsupportedTaskException;
import org.duracloud.storage.provider.StorageProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/s3storageprovider-4.1.2.jar:org/duracloud/s3task/streaming/EnableStreamingTaskRunner.class */
public class EnableStreamingTaskRunner extends BaseStreamingTaskRunner {
    private final Logger log = LoggerFactory.getLogger(EnableStreamingTaskRunner.class);
    private static final String TASK_NAME = "enable-streaming";

    public EnableStreamingTaskRunner(StorageProvider storageProvider, S3StorageProvider s3StorageProvider, AmazonS3Client amazonS3Client, AmazonCloudFrontClient amazonCloudFrontClient, String str) {
        this.s3Provider = storageProvider;
        this.unwrappedS3Provider = s3StorageProvider;
        this.s3Client = amazonS3Client;
        this.cfClient = amazonCloudFrontClient;
        this.cfAccountId = str;
    }

    @Override // org.duracloud.s3task.streaming.BaseStreamingTaskRunner, org.duracloud.storage.provider.TaskRunner
    public String getName() {
        return "enable-streaming";
    }

    @Override // org.duracloud.s3task.streaming.BaseStreamingTaskRunner, org.duracloud.storage.provider.TaskRunner
    public String performTask(String str) {
        String domainName;
        EnableStreamingTaskParameters deserialize = EnableStreamingTaskParameters.deserialize(str);
        String spaceId = deserialize.getSpaceId();
        boolean isSecure = deserialize.isSecure();
        this.log.info("Performing enable-streaming task on space " + spaceId + ". Secure streaming set to " + isSecure);
        String bucketName = this.unwrappedS3Provider.getBucketName(spaceId);
        String originAccessId = getOriginAccessId();
        EnableStreamingTaskResult enableStreamingTaskResult = new EnableStreamingTaskResult();
        StreamingDistributionSummary existingDistribution = getExistingDistribution(bucketName);
        if (existingDistribution != null) {
            boolean z = !existingDistribution.getTrustedSigners().getItems().isEmpty();
            if ((isSecure && !z) || (!isSecure && z)) {
                throw new UnsupportedTaskException("enable-streaming", "The space " + spaceId + " is already configured to stream as " + (isSecure ? "OPEN" : "SECURE") + " and cannot be updated to stream as " + (isSecure ? "SECURE" : "OPEN") + ". To do this, you must first execute the " + StorageTaskConstants.DELETE_STREAMING_TASK_NAME + " task.");
            }
            String id = existingDistribution.getId();
            if (!existingDistribution.isEnabled().booleanValue()) {
                setDistributionState(id, true);
            }
            domainName = existingDistribution.getDomainName();
        } else {
            S3Origin s3Origin = new S3Origin(bucketName + BaseStreamingTaskRunner.S3_ORIGIN_SUFFIX, BaseStreamingTaskRunner.S3_ORIGIN_OAI_PREFIX + originAccessId);
            TrustedSigners trustedSigners = new TrustedSigners();
            if (isSecure) {
                trustedSigners.setItems(Collections.singletonList(this.cfAccountId));
                trustedSigners.setEnabled(true);
                trustedSigners.setQuantity(1);
            } else {
                trustedSigners.setEnabled(false);
                trustedSigners.setQuantity(0);
            }
            domainName = this.cfClient.createStreamingDistribution(new CreateStreamingDistributionRequest(new StreamingDistributionConfig().withCallerReference("" + System.currentTimeMillis()).withS3Origin(s3Origin).withEnabled(true).withComment("Streaming space: " + spaceId).withTrustedSigners(trustedSigners))).getStreamingDistribution().getDomainName();
        }
        setBucketAccessPolicy(bucketName, originAccessId);
        Map<String, String> spaceProperties = this.s3Provider.getSpaceProperties(spaceId);
        spaceProperties.put("streaming-host", domainName);
        spaceProperties.put("streaming-type", isSecure ? BaseStreamingTaskRunner.STREAMING_TYPE.SECURE.name() : BaseStreamingTaskRunner.STREAMING_TYPE.OPEN.name());
        this.unwrappedS3Provider.setNewSpaceProperties(spaceId, spaceProperties);
        enableStreamingTaskResult.setResult("Enable Streaming Task completed successfully");
        enableStreamingTaskResult.setStreamingHost(domainName);
        String serialize = enableStreamingTaskResult.serialize();
        this.log.info("Result of enable-streaming task: " + serialize);
        return serialize;
    }

    private String getOriginAccessId() {
        String existingOriginAccessId = getExistingOriginAccessId();
        return existingOriginAccessId != null ? existingOriginAccessId : this.cfClient.createCloudFrontOriginAccessIdentity(new CreateCloudFrontOriginAccessIdentityRequest(new CloudFrontOriginAccessIdentityConfig().withCallerReference("" + System.currentTimeMillis()).withComment("DuraCloud Origin Access ID"))).getCloudFrontOriginAccessIdentity().getId();
    }

    private String getExistingOriginAccessId() {
        List<CloudFrontOriginAccessIdentitySummary> items = this.cfClient.listCloudFrontOriginAccessIdentities(new ListCloudFrontOriginAccessIdentitiesRequest()).getCloudFrontOriginAccessIdentityList().getItems();
        if (items == null || items.size() <= 0) {
            return null;
        }
        return items.iterator().next().getId();
    }

    private void setBucketAccessPolicy(String str, String str2) {
        String s3CanonicalUserId = this.cfClient.getCloudFrontOriginAccessIdentity(new GetCloudFrontOriginAccessIdentityRequest(str2)).getCloudFrontOriginAccessIdentity().getS3CanonicalUserId();
        StringBuilder sb = new StringBuilder();
        sb.append("{\"Version\":\"2012-10-17\",");
        sb.append("\"Id\":\"PolicyForCloudFrontPrivateContent\",");
        sb.append("\"Statement\":[{");
        sb.append("\"Sid\":\"Grant CloudFront access to private content\",");
        sb.append("\"Effect\":\"Allow\",");
        sb.append("\"Principal\":{\"CanonicalUser\":\"" + s3CanonicalUserId + "\"},");
        sb.append("\"Action\":\"s3:GetObject\",");
        sb.append("\"Resource\":\"arn:aws:s3:::" + str + "/*\"");
        sb.append("}]}");
        this.s3Client.setBucketPolicy(str, sb.toString());
    }
}
