package com.google.aggregate.adtech.worker.selector;

import com.google.auth.oauth2.GoogleCredentials;
import com.google.inject.AbstractModule;
import com.google.inject.Module;
import com.google.inject.Provides;
import com.google.inject.Singleton;
import com.google.scp.operator.cpio.configclient.Annotations;
import com.google.scp.operator.cpio.configclient.aws.Annotations;
import com.google.scp.operator.cpio.configclient.common.ConfigClientUtil;
import com.google.scp.operator.cpio.configclient.gcp.Annotations;
import com.google.scp.shared.api.util.HttpClientWrapper;
import com.google.scp.shared.aws.credsprovider.AwsSessionCredentialsProvider;
import com.google.scp.shared.aws.credsprovider.StsAwsSessionCredentialsProvider;
import com.google.scp.shared.aws.util.AwsRequestSigner;
import com.google.scp.shared.clients.configclient.ParameterClient;
import com.google.scp.shared.clients.configclient.aws.AwsClientConfigModule;
import com.google.scp.shared.clients.configclient.gcp.CredentialsHelper;
import com.google.scp.shared.clients.configclient.gcp.GcpClientConfigModule;
import com.google.scp.shared.clients.configclient.gcp.GcpOperatorClientConfig;
import com.google.scp.shared.clients.configclient.model.ErrorReason;
import com.google.scp.shared.clients.configclient.model.WorkerParameter;
import com.google.scp.shared.gcp.util.GcpHttpInterceptorUtil;
import java.io.IOException;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;

/* loaded from: input_file:com/google/aggregate/adtech/worker/selector/ClientConfigSelector.class */
public enum ClientConfigSelector {
    AWS(new AbstractModule() { // from class: com.google.scp.operator.cpio.configclient.aws.AwsOperatorClientConfigModule
        private static final String SESSION_NAME = "enclave_worker";

        @Override // com.google.inject.AbstractModule
        protected void configure() {
            install(new AwsClientConfigModule());
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorAHttpClient
        public HttpClientWrapper provideCoordinatorAHttpClient(@AwsClientConfigModule.AwsCredentialAccessKey String str, @AwsClientConfigModule.AwsCredentialSecretKey String str2, @Annotations.CoordinatorARegionBinding Region region, @Annotations.CoordinatorACredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return (str.isEmpty() || str2.isEmpty()) ? getHttpClientWrapper(region, awsSessionCredentialsProvider) : HttpClientWrapper.createDefault();
        }

        @Annotations.CoordinatorBHttpClient
        @Singleton
        @Provides
        public HttpClientWrapper provideCoordinatorBHttpClient(@AwsClientConfigModule.AwsCredentialAccessKey String str, @AwsClientConfigModule.AwsCredentialSecretKey String str2, @Annotations.CoordinatorBRegionBinding Region region, @Annotations.CoordinatorBCredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return (str.isEmpty() || str2.isEmpty()) ? getHttpClientWrapper(region, awsSessionCredentialsProvider) : HttpClientWrapper.createDefault();
        }

        @Singleton
        @Provides
        public HttpClientWrapper provideCoordinatorHttpClient(@Annotations.CoordinatorAHttpClient HttpClientWrapper httpClientWrapper) {
            return httpClientWrapper;
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorACredentialsProvider
        AwsSessionCredentialsProvider provideCoordinatorACredentialsProvider(StsClient stsClient, @Annotations.CoordinatorARoleArn String str) {
            return new StsAwsSessionCredentialsProvider(stsClient, str, SESSION_NAME);
        }

        @Singleton
        @Annotations.CoordinatorBCredentialsProvider
        @Provides
        AwsSessionCredentialsProvider provideCoordinatorBCredentialsProvider(StsClient stsClient, @Annotations.CoordinatorBRoleArn String str) {
            return new StsAwsSessionCredentialsProvider(stsClient, str, SESSION_NAME);
        }

        @Singleton
        @Provides
        AwsSessionCredentialsProvider provideCredentialsProvider(@Annotations.CoordinatorACredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return awsSessionCredentialsProvider;
        }

        @Annotations.CoordinatorARoleArn
        @Provides
        String provideCoordinatorARoleArn(ParameterClient parameterClient) throws ParameterClient.ParameterClientException {
            return parameterClient.getParameter(WorkerParameter.COORDINATOR_A_ROLE.name()).orElseThrow(() -> {
                return new ParameterClient.ParameterClientException("Could not get coordinator A assume role ARN from the parameter client.", ErrorReason.MISSING_REQUIRED_PARAMETER);
            });
        }

        @Provides
        @Annotations.CoordinatorBRoleArn
        String provideCoordinatorBRoleArn(ParameterClient parameterClient) throws ParameterClient.ParameterClientException {
            return parameterClient.getParameter(WorkerParameter.COORDINATOR_B_ROLE.name()).orElseThrow(() -> {
                return new ParameterClient.ParameterClientException("Could not get coordinator B assume role ARN from the parameter client.", ErrorReason.MISSING_REQUIRED_PARAMETER);
            });
        }

        @Singleton
        @Annotations.CoordinatorARegionBinding
        @Provides
        public Region provideCoordinatorARegion(@Annotations.CoordinatorARegionBindingOverride String str) {
            return Region.of(str);
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorBRegionBinding
        public Region provideCoordinatorBRegion(@Annotations.CoordinatorBRegionBindingOverride String str) {
            return Region.of(str);
        }

        private static HttpClientWrapper getHttpClientWrapper(Region region, AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return HttpClientWrapper.builder().setInterceptor(AwsRequestSigner.createRequestSignerInterceptor(region, awsSessionCredentialsProvider)).setExponentialBackoff(ConfigClientUtil.COORDINATOR_HTTPCLIENT_RETRY_INITIAL_INTERVAL, 3.0d, 6).build();
        }
    }),
    GCP(new AbstractModule() { // from class: com.google.scp.operator.cpio.configclient.gcp.GcpOperatorClientConfigModule
        @Annotations.AttestedCredentials
        @Singleton
        @Provides
        GoogleCredentials provideCredentials(@Annotations.CoordinatorACredentials GoogleCredentials googleCredentials) {
            return googleCredentials;
        }

        @Annotations.CoordinatorACredentials
        @Singleton
        @Provides
        GoogleCredentials provideCoordinatorACredentials(GcpOperatorClientConfig gcpOperatorClientConfig) throws IOException {
            return gcpOperatorClientConfig.useLocalCredentials() ? GoogleCredentials.getApplicationDefault() : CredentialsHelper.getAttestedCredentials(gcpOperatorClientConfig.coordinatorAWipProvider(), gcpOperatorClientConfig.coordinatorAServiceAccountToImpersonate());
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorBCredentials
        GoogleCredentials provideCoordinatorBCredentials(GcpOperatorClientConfig gcpOperatorClientConfig) throws IOException {
            return (gcpOperatorClientConfig.useLocalCredentials() || gcpOperatorClientConfig.coordinatorBWipProvider().isEmpty()) ? GoogleCredentials.getApplicationDefault() : CredentialsHelper.getAttestedCredentials(gcpOperatorClientConfig.coordinatorBWipProvider().get(), gcpOperatorClientConfig.coordinatorBServiceAccountToImpersonate().get());
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorAHttpClient
        public HttpClientWrapper provideCoordinatorAHttpClient(GcpOperatorClientConfig gcpOperatorClientConfig) {
            return getHttpClientWrapper(gcpOperatorClientConfig.coordinatorAEncryptionKeyServiceCloudfunctionUrl().orElse(gcpOperatorClientConfig.coordinatorAEncryptionKeyServiceBaseUrl()));
        }

        @Annotations.CoordinatorBHttpClient
        @Singleton
        @Provides
        public HttpClientWrapper provideCoordinatorBHttpClient(GcpOperatorClientConfig gcpOperatorClientConfig) {
            return gcpOperatorClientConfig.coordinatorBEncryptionKeyServiceBaseUrl().isPresent() ? getHttpClientWrapper(gcpOperatorClientConfig.coordinatorBEncryptionKeyServiceCloudfunctionUrl().orElse(gcpOperatorClientConfig.coordinatorBEncryptionKeyServiceBaseUrl().get())) : HttpClientWrapper.createDefault();
        }

        @Override // com.google.inject.AbstractModule
        protected void configure() {
            install(new GcpClientConfigModule());
        }

        private static HttpClientWrapper getHttpClientWrapper(String str) {
            return HttpClientWrapper.builder().setInterceptor(GcpHttpInterceptorUtil.createHttpInterceptor(str)).setExponentialBackoff(ConfigClientUtil.COORDINATOR_HTTPCLIENT_RETRY_INITIAL_INTERVAL, 3.0d, 6).build();
        }
    });

    private final Module clientConfigGuiceModule;

    ClientConfigSelector(Module module) {
        this.clientConfigGuiceModule = module;
    }

    public Module getClientConfigGuiceModule() {
        return this.clientConfigGuiceModule;
    }
}
