package io.trino.plugin.iceberg.catalog.rest;

import io.trino.plugin.iceberg.IcebergErrorCode;
import io.trino.spi.TrinoException;
import java.net.URI;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.identity.spi.ResolveIdentityRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;

/* loaded from: input_file:io/trino/plugin/iceberg/catalog/rest/SigV4AwsCredentialProvider.class */
public class SigV4AwsCredentialProvider implements AwsCredentialsProvider {
    static final String AWS_STS_ACCESS_KEY_ID = "aws_sts_access_key_id";
    static final String AWS_STS_SECRET_ACCESS_KEY = "aws_sts_secret_access_key";
    static final String AWS_STS_SIGNER_REGION = "aws_sts_signer_region";
    static final String AWS_STS_REGION = "aws_sts_region";
    static final String AWS_STS_ENDPOINT = "aws_sts_endpoint";
    static final String AWS_IAM_ROLE = "aws_iam_role";
    static final String AWS_ROLE_EXTERNAL_ID = "aws_external_id";
    static final String AWS_IAM_ROLE_SESSION_NAME = "aws_iam_role_session_name";
    private final AwsCredentialsProvider delegate;

    public SigV4AwsCredentialProvider(AwsCredentialsProvider awsCredentialsProvider) {
        this.delegate = (AwsCredentialsProvider) Objects.requireNonNull(awsCredentialsProvider, "delegate is null");
    }

    public static SigV4AwsCredentialProvider create(Map<String, String> map) {
        if (!map.containsKey(AWS_IAM_ROLE)) {
            throw new TrinoException(IcebergErrorCode.ICEBERG_CATALOG_ERROR, "IAM role configs are not configured");
        }
        return new SigV4AwsCredentialProvider(StsAssumeRoleCredentialsProvider.builder().refreshRequest(builder -> {
            builder.roleArn((String) map.get(AWS_IAM_ROLE)).roleSessionName(AWS_IAM_ROLE_SESSION_NAME).externalId((String) map.get(AWS_ROLE_EXTERNAL_ID));
        }).stsClient(createStsClient(map.get(AWS_STS_ENDPOINT), map.get(AWS_STS_REGION), map.get(AWS_STS_SIGNER_REGION), createStaticCredentialsProvider(map.get(AWS_STS_ACCESS_KEY_ID), map.get(AWS_STS_SECRET_ACCESS_KEY)))).asyncCredentialUpdateEnabled(true).build());
    }

    public CompletableFuture<? extends AwsCredentialsIdentity> resolveIdentity(Consumer<ResolveIdentityRequest.Builder> consumer) {
        return this.delegate.resolveIdentity(consumer);
    }

    public CompletableFuture<? extends AwsCredentialsIdentity> resolveIdentity() {
        return this.delegate.resolveIdentity();
    }

    public AwsCredentials resolveCredentials() {
        return this.delegate.resolveCredentials();
    }

    public Class<AwsCredentialsIdentity> identityType() {
        return this.delegate.identityType();
    }

    public CompletableFuture<AwsCredentialsIdentity> resolveIdentity(ResolveIdentityRequest resolveIdentityRequest) {
        return this.delegate.resolveIdentity(resolveIdentityRequest);
    }

    private static Optional<AwsCredentialsProvider> createStaticCredentialsProvider(String str, String str2) {
        return (str == null && str2 == null) ? Optional.empty() : Optional.of(StaticCredentialsProvider.create(AwsBasicCredentials.create(str, str2)));
    }

    private static StsClient createStsClient(String str, String str2, String str3, Optional<AwsCredentialsProvider> optional) {
        StsClientBuilder builder = StsClient.builder();
        Optional map = Optional.ofNullable(str).map(URI::create);
        Objects.requireNonNull(builder);
        map.ifPresent(builder::endpointOverride);
        Optional map2 = Optional.ofNullable(str2).or(() -> {
            return Optional.ofNullable(str3);
        }).map(Region::of);
        Objects.requireNonNull(builder);
        map2.ifPresent(builder::region);
        Objects.requireNonNull(builder);
        optional.ifPresent(builder::credentialsProvider);
        return (StsClient) builder.build();
    }
}
