package co.kuali.coeus.s3.api;

import co.kuali.coeus.s3.impl.S3FileServiceimpl;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.AmazonS3EncryptionClientBuilder;
import com.amazonaws.services.s3.internal.BucketNameUtils;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
import java.io.IOException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.core.io.Resource;
import org.springframework.util.StreamUtils;

/* loaded from: input_file:co/kuali/coeus/s3/api/EncryptedS3FileServiceFactoryBean.class */
public class EncryptedS3FileServiceFactoryBean implements FactoryBean<S3FileService>, InitializingBean {
    private static final String ENCRYPTION_ALGORITHM = "AES";
    private String bucketName;
    private String region;
    private String accessKey;
    private String secretKey;
    private Resource encryptionKey;
    private boolean replicationBucket = true;
    private boolean singleton = true;

    /* renamed from: getObject, reason: merged with bridge method [inline-methods] */
    public S3FileService m0getObject() {
        AWSStaticCredentialsProvider aWSStaticCredentialsProvider = this.accessKey != null && !"".equals(this.accessKey.trim()) && this.secretKey != null && !"".equals(this.secretKey) ? new AWSStaticCredentialsProvider(new BasicAWSCredentials(this.accessKey, this.secretKey)) : InstanceProfileCredentialsProvider.getInstance();
        AmazonS3 amazonS3 = (this.encryptionKey == null || !this.encryptionKey.exists()) ? (AmazonS3) AmazonS3ClientBuilder.standard().withCredentials(aWSStaticCredentialsProvider).withRegion(Regions.fromName(getRegion())).build() : (AmazonS3) AmazonS3EncryptionClientBuilder.standard().withCredentials(aWSStaticCredentialsProvider).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(loadSymmetricAESKey()))).withRegion(getRegion()).build();
        S3FileServiceimpl s3FileServiceimpl = new S3FileServiceimpl();
        s3FileServiceimpl.setAmazonS3(amazonS3);
        s3FileServiceimpl.setBucketName(this.bucketName);
        if (this.replicationBucket) {
            s3FileServiceimpl.setReplicationBucketName(toReplicationBucket(this.bucketName));
        }
        return s3FileServiceimpl;
    }

    protected SecretKey loadSymmetricAESKey() {
        try {
            return new SecretKeySpec(StreamUtils.copyToByteArray(this.encryptionKey.getInputStream()), ENCRYPTION_ALGORITHM);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public Class<?> getObjectType() {
        return S3FileService.class;
    }

    public boolean isSingleton() {
        return this.singleton;
    }

    public void setSingleton(boolean z) {
        this.singleton = z;
    }

    public String getBucketName() {
        return this.bucketName;
    }

    @Required
    public void setBucketName(String str) {
        this.bucketName = str;
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public void setAccessKey(String str) {
        this.accessKey = str;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public void setSecretKey(String str) {
        this.secretKey = str;
    }

    public Resource getEncryptionKey() {
        return this.encryptionKey;
    }

    public void setEncryptionKey(Resource resource) {
        this.encryptionKey = resource;
    }

    public String getRegion() {
        return this.region;
    }

    @Required
    public void setRegion(String str) {
        this.region = str;
    }

    public boolean isReplicationBucket() {
        return this.replicationBucket;
    }

    public void setReplicationBucket(boolean z) {
        this.replicationBucket = z;
    }

    private String toReplicationBucket(String str) {
        return str + "-r";
    }

    public void afterPropertiesSet() throws Exception {
        if (!BucketNameUtils.isValidV2BucketName(this.bucketName)) {
            throw new IllegalStateException("bucket name: " + this.bucketName + " does not conform to proper S3 naming conventions");
        }
        if (this.replicationBucket && !BucketNameUtils.isValidV2BucketName(toReplicationBucket(this.bucketName))) {
            throw new IllegalStateException("replication bucket name: " + toReplicationBucket(this.bucketName) + " does not conform to proper S3 naming conventions");
        }
    }
}
