package org.projectnessie.catalog.files.config;

import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import software.amazon.awssdk.policybuilder.iam.IamPolicyReader;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/projectnessie/catalog/files/config/S3IamValidation.class */
public final class S3IamValidation {
    private static final ObjectMapper MAPPER = new ObjectMapper();
    private static final IamPolicyReader IAM_POLICY_READER = IamPolicyReader.create();

    private S3IamValidation() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateIam(S3Iam s3Iam, String str) {
        String str2 = s3Iam instanceof S3ClientIam ? "client-iam" : "server-iam";
        if (s3Iam.policy().isPresent()) {
            try {
                IAM_POLICY_READER.read(s3Iam.policy().get());
            } catch (Exception e) {
                throw new IllegalStateException("The " + str2 + ".policy option for the " + str + " bucket contains an invalid policy", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateClientIam(S3ClientIam s3ClientIam, String str) {
        validateIam(s3ClientIam, str);
        try {
            s3ClientIam.statements().ifPresent(list -> {
                list.forEach(S3IamValidation::parseStatement);
            });
        } catch (Exception e) {
            throw new IllegalStateException("The dynamically constructed iam-policy for the " + str + " bucket results in an invalid policy, check the client-iam.statements option", e);
        }
    }

    private static void parseStatement(String str) {
        try {
            MappingIterator readValues = MAPPER.readerFor(ObjectNode.class).readValues(str);
            try {
                if (readValues.hasNext() && !(readValues.nextValue() instanceof ObjectNode)) {
                    throw new IOException("Invalid statement");
                }
                if (readValues.hasNext()) {
                    throw new IOException("Invalid statement");
                }
                if (readValues != null) {
                    readValues.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
