package org.apache.iceberg.aws;

import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
import org.apache.iceberg.util.PropertyUtil;
import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
import software.amazon.awssdk.awscore.client.builder.AwsSyncClientBuilder;
import software.amazon.awssdk.core.client.builder.SdkSyncClientBuilder;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
import software.amazon.awssdk.services.glue.GlueClient;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Tag;

/* loaded from: input_file:org/apache/iceberg/aws/AssumeRoleAwsClientFactory.class */
public class AssumeRoleAwsClientFactory implements AwsClientFactory {
    private String roleArn;
    private String externalId;
    private Set<Tag> tags;
    private int timeout;
    private String region;
    private String s3Endpoint;
    private boolean s3UseArnRegionEnabled;
    private String dynamoDbEndpoint;
    private String httpClientType;

    @Override // org.apache.iceberg.aws.AwsClientFactory
    public S3Client s3() {
        return (S3Client) S3Client.builder().applyMutation((v1) -> {
            configure(v1);
        }).applyMutation(s3ClientBuilder -> {
            AwsClientFactories.configureEndpoint(s3ClientBuilder, this.s3Endpoint);
        }).serviceConfiguration(builder -> {
        }).build();
    }

    @Override // org.apache.iceberg.aws.AwsClientFactory
    public GlueClient glue() {
        return (GlueClient) GlueClient.builder().applyMutation((v1) -> {
            configure(v1);
        }).build();
    }

    @Override // org.apache.iceberg.aws.AwsClientFactory
    public KmsClient kms() {
        return (KmsClient) KmsClient.builder().applyMutation((v1) -> {
            configure(v1);
        }).build();
    }

    @Override // org.apache.iceberg.aws.AwsClientFactory
    public DynamoDbClient dynamo() {
        return (DynamoDbClient) DynamoDbClient.builder().applyMutation((v1) -> {
            configure(v1);
        }).applyMutation(dynamoDbClientBuilder -> {
            AwsClientFactories.configureEndpoint(dynamoDbClientBuilder, this.dynamoDbEndpoint);
        }).build();
    }

    @Override // org.apache.iceberg.aws.AwsClientFactory
    public void initialize(Map<String, String> map) {
        this.roleArn = map.get(AwsProperties.CLIENT_ASSUME_ROLE_ARN);
        Preconditions.checkNotNull(this.roleArn, "Cannot initialize AssumeRoleClientConfigFactory with null role ARN");
        this.timeout = PropertyUtil.propertyAsInt(map, AwsProperties.CLIENT_ASSUME_ROLE_TIMEOUT_SEC, AwsProperties.CLIENT_ASSUME_ROLE_TIMEOUT_SEC_DEFAULT);
        this.externalId = map.get(AwsProperties.CLIENT_ASSUME_ROLE_EXTERNAL_ID);
        this.region = map.get(AwsProperties.CLIENT_ASSUME_ROLE_REGION);
        Preconditions.checkNotNull(this.region, "Cannot initialize AssumeRoleClientConfigFactory with null region");
        this.s3Endpoint = map.get(AwsProperties.S3FILEIO_ENDPOINT);
        this.tags = toTags(map);
        this.s3UseArnRegionEnabled = PropertyUtil.propertyAsBoolean(map, AwsProperties.S3_ACCESS_POINTS_PREFIX, false);
        this.dynamoDbEndpoint = map.get(AwsProperties.DYNAMODB_ENDPOINT);
        this.httpClientType = PropertyUtil.propertyAsString(map, AwsProperties.HTTP_CLIENT_TYPE, "urlconnection");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T extends AwsClientBuilder & AwsSyncClientBuilder> T configure(T t) {
        t.credentialsProvider(StsAssumeRoleCredentialsProvider.builder().stsClient(sts()).refreshRequest((AssumeRoleRequest) AssumeRoleRequest.builder().roleArn(this.roleArn).roleSessionName(genSessionName()).durationSeconds(Integer.valueOf(this.timeout)).externalId(this.externalId).tags(this.tags).build()).build());
        t.region(Region.of(this.region));
        ((SdkSyncClientBuilder) t).httpClientBuilder(AwsClientFactories.configureHttpClientBuilder(this.httpClientType));
        return t;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<Tag> tags() {
        return this.tags;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String region() {
        return this.region;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String s3Endpoint() {
        return this.s3Endpoint;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String httpClientType() {
        return this.httpClientType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean s3UseArnRegionEnabled() {
        return this.s3UseArnRegionEnabled;
    }

    private StsClient sts() {
        return (StsClient) StsClient.builder().httpClientBuilder(AwsClientFactories.configureHttpClientBuilder(this.httpClientType)).build();
    }

    private String genSessionName() {
        return String.format("iceberg-aws-%s", UUID.randomUUID());
    }

    private static Set<Tag> toTags(Map<String, String> map) {
        return (Set) PropertyUtil.propertiesWithPrefix(map, AwsProperties.CLIENT_ASSUME_ROLE_TAGS_PREFIX).entrySet().stream().map(entry -> {
            return (Tag) Tag.builder().key((String) entry.getKey()).value((String) entry.getValue()).build();
        }).collect(Collectors.toSet());
    }
}
