package io.trino.plugin.iceberg.catalog.rest;

import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.trino.filesystem.s3.S3FileSystemConfig;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:io/trino/plugin/iceberg/catalog/rest/SigV4AwsProperties.class */
public class SigV4AwsProperties implements AwsProperties {
    private static final String CLIENT_CREDENTIAL_PROVIDER_PREFIX = "client.credentials-provider.";
    private static final String CLIENT_CREDENTIAL_AWS_ACCESS_KEY_ID = "client.credentials-provider.aws_sts_access_key_id";
    private static final String CLIENT_CREDENTIAL_AWS_SECRET_ACCESS_KEY = "client.credentials-provider.aws_sts_secret_access_key";
    private static final String CLIENT_CREDENTIAL_AWS_SIGNER_REGION = "client.credentials-provider.aws_sts_signer_region";
    private static final String CLIENT_CREDENTIAL_AWS_STS_REGION = "client.credentials-provider.aws_sts_region";
    private static final String CLIENT_CREDENTIAL_AWS_STS_ENDPOINT = "client.credentials-provider.aws_sts_endpoint";
    private static final String CLIENT_CREDENTIAL_AWS_IAM_ROLE = "client.credentials-provider.aws_iam_role";
    private static final String CLIENT_CREDENTIAL_AWS_ROLE_EXTERNAL_ID = "client.credentials-provider.aws_external_id";
    private static final String CLIENT_CREDENTIAL_AWS_IAM_ROLE_SESSION_NAME = "client.credentials-provider.aws_iam_role_session_name";
    private final Map<String, String> properties;

    @Inject
    public SigV4AwsProperties(IcebergRestCatalogSigV4Config icebergRestCatalogSigV4Config, S3FileSystemConfig s3FileSystemConfig) {
        ImmutableMap.Builder put = ImmutableMap.builder().put("rest.sigv4-enabled", "true").put("rest.signing-name", icebergRestCatalogSigV4Config.getSigningName()).put("rest.signing-region", (String) Objects.requireNonNull(s3FileSystemConfig.getRegion(), "s3.region is null")).put("rest-metrics-reporting-enabled", "false");
        if (s3FileSystemConfig.getIamRole() != null) {
            put.put("client.credentials-provider", SigV4AwsCredentialProvider.class.getName()).put(CLIENT_CREDENTIAL_AWS_IAM_ROLE, s3FileSystemConfig.getIamRole()).put(CLIENT_CREDENTIAL_AWS_IAM_ROLE_SESSION_NAME, "trino-iceberg-rest-catalog").put(CLIENT_CREDENTIAL_AWS_SIGNER_REGION, s3FileSystemConfig.getRegion());
            Optional.ofNullable(s3FileSystemConfig.getExternalId()).ifPresent(str -> {
                put.put(CLIENT_CREDENTIAL_AWS_ROLE_EXTERNAL_ID, str);
            });
            Optional.ofNullable(s3FileSystemConfig.getStsRegion()).ifPresent(str2 -> {
                put.put(CLIENT_CREDENTIAL_AWS_STS_REGION, str2);
            });
            Optional.ofNullable(s3FileSystemConfig.getAwsAccessKey()).ifPresent(str3 -> {
                put.put(CLIENT_CREDENTIAL_AWS_ACCESS_KEY_ID, str3);
            });
            Optional.ofNullable(s3FileSystemConfig.getAwsSecretKey()).ifPresent(str4 -> {
                put.put(CLIENT_CREDENTIAL_AWS_SECRET_ACCESS_KEY, str4);
            });
            Optional.ofNullable(s3FileSystemConfig.getStsEndpoint()).ifPresent(str5 -> {
                put.put(CLIENT_CREDENTIAL_AWS_STS_ENDPOINT, str5);
            });
        } else {
            put.put("rest.access-key-id", (String) Objects.requireNonNull(s3FileSystemConfig.getAwsAccessKey(), "s3.aws-access-key is null")).put("rest.secret-access-key", (String) Objects.requireNonNull(s3FileSystemConfig.getAwsSecretKey(), "s3.aws-secret-key is null"));
        }
        this.properties = put.buildOrThrow();
    }

    @Override // io.trino.plugin.iceberg.catalog.rest.AwsProperties
    public Map<String, String> get() {
        return this.properties;
    }
}
