package org.duracloud.s3task.streaming;

import com.amazonaws.services.cloudfront.AmazonCloudFrontClient;
import com.amazonaws.services.cloudfront.CloudFrontUrlSigner;
import com.amazonaws.services.cloudfront.model.StreamingDistributionSummary;
import java.io.File;
import java.io.IOException;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import org.duracloud.common.util.IOUtil;
import org.duracloud.s3storage.S3ProviderUtil;
import org.duracloud.s3storage.S3StorageProvider;
import org.duracloud.s3storageprovider.dto.GetSignedUrlTaskParameters;
import org.duracloud.s3storageprovider.dto.GetSignedUrlTaskResult;
import org.duracloud.storage.error.UnsupportedTaskException;
import org.duracloud.storage.provider.StorageProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/s3storageprovider-4.2.0.jar:org/duracloud/s3task/streaming/GetSignedUrlTaskRunner.class */
public class GetSignedUrlTaskRunner extends BaseStreamingTaskRunner {
    public static final int DEFAULT_MINUTES_TO_EXPIRE = 480;
    private final Logger log = LoggerFactory.getLogger(GetSignedUrlTaskRunner.class);
    private static final String TASK_NAME = "get-signed-url";

    public GetSignedUrlTaskRunner(StorageProvider storageProvider, S3StorageProvider s3StorageProvider, AmazonCloudFrontClient amazonCloudFrontClient, String str, String str2) {
        this.s3Provider = storageProvider;
        this.unwrappedS3Provider = s3StorageProvider;
        this.cfClient = amazonCloudFrontClient;
        this.cfKeyId = str;
        this.cfKeyPath = str2.trim();
    }

    @Override // org.duracloud.s3task.streaming.BaseStreamingTaskRunner, org.duracloud.storage.provider.TaskRunner
    public String getName() {
        return "get-signed-url";
    }

    @Override // org.duracloud.s3task.streaming.BaseStreamingTaskRunner, org.duracloud.storage.provider.TaskRunner
    public String performTask(String str) {
        GetSignedUrlTaskParameters deserialize = GetSignedUrlTaskParameters.deserialize(str);
        String spaceId = deserialize.getSpaceId();
        String contentId = deserialize.getContentId();
        String resourcePrefix = deserialize.getResourcePrefix();
        String ipAddress = deserialize.getIpAddress();
        int minutesToExpire = deserialize.getMinutesToExpire();
        if (minutesToExpire <= 0) {
            minutesToExpire = 480;
        }
        this.log.info("Performing get-signed-url task with parameters: spaceId=" + spaceId + ", contentId=" + contentId + ", resourcePrefix=" + resourcePrefix + ", minutesToExpire=" + minutesToExpire + ", ipAddress=" + ipAddress);
        String bucketName = this.unwrappedS3Provider.getBucketName(spaceId);
        GetSignedUrlTaskResult getSignedUrlTaskResult = new GetSignedUrlTaskResult();
        checkThatStreamingServiceIsEnabled(this.s3Provider, spaceId, "get-signed-url");
        StreamingDistributionSummary existingDistribution = getExistingDistribution(bucketName);
        if (null == existingDistribution) {
            throw new UnsupportedTaskException("get-signed-url", "The get-signed-url task can only be used after a space has been configured to enable secure streaming. Use enable-streaming to enable secure streaming on this space.");
        }
        String domainName = existingDistribution.getDomainName();
        if (existingDistribution.getTrustedSigners().getItems().isEmpty()) {
            throw new UnsupportedTaskException("get-signed-url", "The get-signed-url task cannot be used to request a stream from an open distribution. Use get-url instead.");
        }
        if (null == resourcePrefix) {
            resourcePrefix = "";
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, minutesToExpire);
        try {
            getSignedUrlTaskResult.setSignedUrl("rtmp://" + domainName + "/cfx/st/" + resourcePrefix + CloudFrontUrlSigner.getSignedURLWithCustomPolicy(CloudFrontUrlSigner.Protocol.rtmp, domainName, getCfKeyPathFile(this.cfKeyPath), contentId, this.cfKeyId, calendar.getTime(), null, ipAddress));
            String serialize = getSignedUrlTaskResult.serialize();
            this.log.info("Result of get-signed-url task: " + serialize);
            return serialize;
        } catch (IOException | InvalidKeySpecException e) {
            throw new RuntimeException("Error encountered attempting to sign URL for task get-signed-url: " + e.getMessage(), e);
        }
    }

    private File getCfKeyPathFile(String str) throws IOException {
        if (!this.cfKeyPath.startsWith("s3://")) {
            return new File(this.cfKeyPath);
        }
        File file = new File(System.getProperty("java.io.tmpdir"), "cloudfront-key.der");
        if (!file.exists()) {
            IOUtil.writeStreamToFile(S3ProviderUtil.getS3ObjectByUrl(this.cfKeyPath).getInputStream()).renameTo(file);
            file.deleteOnExit();
        }
        return file;
    }
}
