package org.projectnessie.catalog.files.s3;

import java.util.Objects;
import java.util.Optional;
import org.projectnessie.catalog.files.api.StorageLocations;
import org.projectnessie.catalog.files.config.S3BucketOptions;
import org.projectnessie.catalog.files.config.S3ClientIam;
import org.projectnessie.catalog.files.config.S3Iam;
import org.projectnessie.catalog.files.config.S3ServerIam;
import org.projectnessie.catalog.secrets.SecretsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Credentials;

/* loaded from: input_file:org/projectnessie/catalog/files/s3/StsCredentialsFetcherImpl.class */
class StsCredentialsFetcherImpl implements StsCredentialsFetcher {
    private final StsClientsPool clientsPool;
    private final SecretsProvider secretsProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StsCredentialsFetcherImpl(StsClientsPool stsClientsPool, SecretsProvider secretsProvider) {
        this.clientsPool = stsClientsPool;
        this.secretsProvider = secretsProvider;
    }

    @Override // org.projectnessie.catalog.files.s3.StsCredentialsFetcher
    public Credentials fetchCredentialsForClient(S3BucketOptions s3BucketOptions, S3ClientIam s3ClientIam, Optional<StorageLocations> optional) {
        AssumeRoleRequest.Builder builder = AssumeRoleRequest.builder();
        optional.ifPresent(storageLocations -> {
            builder.policy(S3IamPolicies.locationDependentPolicy(s3ClientIam, storageLocations));
        });
        return doFetchCredentials(s3BucketOptions, builder, s3ClientIam);
    }

    @Override // org.projectnessie.catalog.files.s3.StsCredentialsFetcher
    public Credentials fetchCredentialsForServer(S3BucketOptions s3BucketOptions, S3ServerIam s3ServerIam) {
        return doFetchCredentials(s3BucketOptions, AssumeRoleRequest.builder(), s3ServerIam);
    }

    private Credentials doFetchCredentials(S3BucketOptions s3BucketOptions, AssumeRoleRequest.Builder builder, S3Iam s3Iam) {
        builder.roleSessionName((String) s3Iam.roleSessionName().orElse("nessie"));
        Optional policy = s3Iam.policy();
        Objects.requireNonNull(builder);
        policy.ifPresent(builder::policy);
        Optional assumeRole = s3Iam.assumeRole();
        Objects.requireNonNull(builder);
        assumeRole.ifPresent(builder::roleArn);
        Optional externalId = s3Iam.externalId();
        Objects.requireNonNull(builder);
        externalId.ifPresent(builder::externalId);
        s3Iam.sessionDuration().ifPresent(duration -> {
            builder.durationSeconds(Integer.valueOf((int) duration.toSeconds()));
        });
        builder.overrideConfiguration(builder2 -> {
            builder2.credentialsProvider(S3Utils.newCredentialsProvider(s3BucketOptions.effectiveAuthType(), s3BucketOptions, this.secretsProvider));
        });
        return this.clientsPool.stsClientForBucket(s3BucketOptions).assumeRole((AssumeRoleRequest) builder.build()).credentials();
    }
}
