package com.google.scp.shared.clients.configclient.aws;

import com.google.inject.AbstractModule;
import com.google.inject.BindingAnnotation;
import com.google.inject.Provides;
import com.google.inject.Singleton;
import com.google.scp.shared.clients.configclient.Annotations;
import io.github.resilience4j.core.IntervalFunction;
import io.github.resilience4j.retry.RetryConfig;
import io.github.resilience4j.retry.RetryRegistry;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.time.Duration;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.core.SdkSystemSetting;
import software.amazon.awssdk.core.retry.RetryPolicy;
import software.amazon.awssdk.core.retry.backoff.EqualJitterBackoffStrategy;
import software.amazon.awssdk.regions.internal.util.EC2MetadataUtils;

/* loaded from: input_file:com/google/scp/shared/clients/configclient/aws/AwsClientConfigModule.class */
public class AwsClientConfigModule extends AbstractModule {
    public static final int CLIENT_NUM_RETRIES = 5;
    public static final Duration CLIENT_MAX_BACKOFF_TIME = Duration.ofSeconds(30);
    public static final Duration CLIENT_BASE_DELAY = Duration.ofSeconds(2);

    @Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
    @BindingAnnotation
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:com/google/scp/shared/clients/configclient/aws/AwsClientConfigModule$AwsCredentialAccessKey.class */
    public @interface AwsCredentialAccessKey {
    }

    @Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
    @BindingAnnotation
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:com/google/scp/shared/clients/configclient/aws/AwsClientConfigModule$AwsCredentialSecretKey.class */
    public @interface AwsCredentialSecretKey {
    }

    @Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
    @BindingAnnotation
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:com/google/scp/shared/clients/configclient/aws/AwsClientConfigModule$AwsEc2MetadataEndpointOverride.class */
    public @interface AwsEc2MetadataEndpointOverride {
    }

    @Provides
    RetryPolicy provideRetryPolicy() {
        return RetryPolicy.builder().numRetries(5).backoffStrategy(EqualJitterBackoffStrategy.builder().maxBackoffTime(CLIENT_MAX_BACKOFF_TIME).baseDelay(CLIENT_BASE_DELAY).mo12755build()).mo12755build();
    }

    @Singleton
    @Provides
    AwsCredentialsProvider provideCredentialsProvider(@AwsCredentialAccessKey String str, @AwsCredentialSecretKey String str2, @AwsEc2MetadataEndpointOverride String str3) {
        if (!str.isEmpty() && !str2.isEmpty()) {
            return StaticCredentialsProvider.create(AwsBasicCredentials.create(str, str2));
        }
        if (str3.isEmpty()) {
            return DefaultCredentialsProvider.create();
        }
        System.setProperty(SdkSystemSetting.AWS_EC2_METADATA_SERVICE_ENDPOINT.property(), str3);
        return InstanceProfileCredentialsWithRetryProvider.builder().endpoint(str3).retryConfig(RetryRegistry.of(RetryConfig.custom().maxAttempts(4).intervalFunction(IntervalFunction.ofExponentialBackoff(Duration.ofMillis(100L), 2.0d)).retryExceptions(RuntimeException.class).build()).retry("credentialsRetryConfig")).mo12755build();
    }

    @Singleton
    @Annotations.ApplicationRegionBinding
    @Provides
    String provideApplicationRegion(@Annotations.ApplicationRegionBindingOverride String str) {
        return str.isEmpty() ? EC2MetadataUtils.getEC2InstanceRegion() : str;
    }
}
