package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.configuration.ConnectionParameters;
import com.amazon.athena.jdbc.support.EndpointHelper;
import com.amazon.athena.jdbc.support.ProxyHelper;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.profiles.ProfileProperty;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/JwtCredentialsProviderFactory.class */
public class JwtCredentialsProviderFactory implements CredentialsProviderFactory {
    public static final ConnectionParameter<String> JWT_WEB_IDENTITY_TOKEN_PARAMETER = ConnectionParameter.builder().name("JwtWebIdentityToken").deprecatedAlias("web_identity_token").build();
    public static final ConnectionParameter<String> JWT_ROLE_ARN_PARAMETER = ConnectionParameter.builder().name("JwtRoleArn").deprecatedAlias(ProfileProperty.ROLE_ARN).build();
    public static final ConnectionParameter<String> JWT_ROLE_SESSION_NAME_PARAMETER = ConnectionParameter.builder().name("JwtRoleSessionName").deprecatedAlias(ProfileProperty.ROLE_SESSION_NAME).build();
    private static final List<ConnectionParameter<?>> REQUIRED_PARAMETERS = Arrays.asList(JWT_WEB_IDENTITY_TOKEN_PARAMETER, JWT_ROLE_ARN_PARAMETER, JWT_ROLE_SESSION_NAME_PARAMETER);
    private final Supplier<StsClientBuilder> stsClientBuilderFactory;
    private final Supplier<ApacheHttpClient.Builder> httpClientBuilderFactory;

    public JwtCredentialsProviderFactory() {
        this(StsClient::builder, ApacheHttpClient::builder);
    }

    JwtCredentialsProviderFactory(Supplier<StsClientBuilder> supplier, Supplier<ApacheHttpClient.Builder> supplier2) {
        this.stsClientBuilderFactory = supplier;
        this.httpClientBuilderFactory = supplier2;
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public String name() {
        return "JWT";
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public AwsCredentialsProvider create(Map<ConnectionParameter<?>, String> map) {
        validateParameters(map);
        return new JwtCredentialsProvider(JWT_WEB_IDENTITY_TOKEN_PARAMETER.findValue(map).get(), JWT_ROLE_ARN_PARAMETER.findValue(map).get(), JWT_ROLE_SESSION_NAME_PARAMETER.findValue(map).get(), ConnectionParameters.ROLE_SESSION_DURATION_PARAMETER.findValue(map).orElse(null), createStsClient(ConnectionParameters.REGION_PARAMETER.findValue(map).orElse(null), ProxyHelper.getSyncProxyConfiguration(map).orElse(null), (URI) ConnectionParameters.STS_ENDPOINT_PARAMETER.findValue(map).map(str -> {
            return EndpointHelper.constructEndpointUri(str, "STS");
        }).orElse(null)));
    }

    private void validateParameters(Map<ConnectionParameter<?>, String> map) {
        String str = (String) REQUIRED_PARAMETERS.stream().filter(connectionParameter -> {
            return !connectionParameter.findValue(map).isPresent();
        }).map(connectionParameter2 -> {
            return String.format("The %s parameter must be specified when using the %s credentials provider", connectionParameter2.name(), name());
        }).collect(Collectors.joining("; "));
        if (!str.isEmpty()) {
            throw new IllegalArgumentException(str);
        }
    }

    private StsClient createStsClient(Region region, ProxyConfiguration proxyConfiguration, URI uri) {
        StsClientBuilder stsClientBuilder = this.stsClientBuilderFactory.get();
        if (proxyConfiguration != null) {
            stsClientBuilder.httpClientBuilder(this.httpClientBuilderFactory.get().proxyConfiguration(proxyConfiguration));
        }
        if (uri != null) {
            stsClientBuilder.endpointOverride(uri);
        }
        return ((StsClientBuilder) ((StsClientBuilder) stsClientBuilder.region(region)).credentialsProvider((AwsCredentialsProvider) AnonymousCredentialsProvider.create())).mo1373build();
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public Collection<ConnectionParameter<?>> connectionParameters() {
        return Arrays.asList(ConnectionParameters.REGION_PARAMETER, ConnectionParameters.ROLE_SESSION_DURATION_PARAMETER, JWT_ROLE_ARN_PARAMETER, JWT_ROLE_SESSION_NAME_PARAMETER, JWT_WEB_IDENTITY_TOKEN_PARAMETER);
    }
}
