package org.apache.iceberg.aws;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
import org.apache.iceberg.rest.HTTPHeaders;
import org.apache.iceberg.rest.HTTPRequest;
import org.apache.iceberg.rest.ImmutableHTTPHeaders;
import org.apache.iceberg.rest.ImmutableHTTPRequest;
import org.apache.iceberg.rest.auth.AuthSession;
import org.apache.iceberg.shaded.org.apache.hc.core5.http.HttpHeaders;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
import software.amazon.awssdk.auth.signer.params.SignerChecksumParams;
import software.amazon.awssdk.core.checksums.Algorithm;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.regions.Region;

/* loaded from: input_file:org/apache/iceberg/aws/RESTSigV4AuthSession.class */
public class RESTSigV4AuthSession implements AuthSession {
    static final String EMPTY_BODY_SHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
    static final String RELOCATED_HEADER_PREFIX = "Original-";
    private final Aws4Signer signer;
    private final AuthSession delegate;
    private final Region signingRegion;
    private final String signingName;
    private final AwsCredentialsProvider credentialsProvider;

    public RESTSigV4AuthSession(Aws4Signer aws4Signer, AuthSession authSession, AwsProperties awsProperties) {
        this.signer = (Aws4Signer) Preconditions.checkNotNull(aws4Signer, "Invalid signer: null");
        this.delegate = (AuthSession) Preconditions.checkNotNull(authSession, "Invalid delegate: null");
        Preconditions.checkNotNull(awsProperties, "Invalid AWS properties: null");
        this.signingRegion = awsProperties.restSigningRegion();
        this.signingName = awsProperties.restSigningName();
        this.credentialsProvider = awsProperties.restCredentialsProvider();
    }

    @Override // org.apache.iceberg.rest.auth.AuthSession
    public HTTPRequest authenticate(HTTPRequest hTTPRequest) {
        return sign(this.delegate.authenticate(hTTPRequest));
    }

    @Override // org.apache.iceberg.rest.auth.AuthSession, java.lang.AutoCloseable
    public void close() {
        this.delegate.close();
    }

    private HTTPRequest sign(HTTPRequest hTTPRequest) {
        Aws4SignerParams build = Aws4SignerParams.builder().signingName(this.signingName).signingRegion(this.signingRegion).awsCredentials(this.credentialsProvider.resolveCredentials()).checksumParams(SignerChecksumParams.builder().algorithm(Algorithm.SHA256).isStreamingRequest(false).checksumHeaderName("x-amz-content-sha256").build()).build();
        SdkHttpFullRequest.Builder builder = SdkHttpFullRequest.builder();
        URI requestUri = hTTPRequest.requestUri();
        builder.method(SdkHttpMethod.fromValue(hTTPRequest.method().name())).protocol(requestUri.getScheme()).uri(requestUri).headers(convertHeaders(hTTPRequest.headers()));
        String encodedBody = hTTPRequest.encodedBody();
        if (encodedBody == null) {
            builder.putHeader("x-amz-content-sha256", EMPTY_BODY_SHA256);
        } else {
            builder.contentStreamProvider(() -> {
                return IOUtils.toInputStream(encodedBody, StandardCharsets.UTF_8);
            });
        }
        return ImmutableHTTPRequest.builder().from(hTTPRequest).headers(updateRequestHeaders(hTTPRequest.headers(), this.signer.sign(builder.build(), build).headers())).build();
    }

    private Map<String, List<String>> convertHeaders(HTTPHeaders hTTPHeaders) {
        return (Map) hTTPHeaders.entries().stream().collect(Collectors.groupingBy(hTTPHeader -> {
            return hTTPHeader.name().equalsIgnoreCase(HttpHeaders.AUTHORIZATION) ? "Original-" + hTTPHeader.name() : hTTPHeader.name();
        }, Collectors.mapping((v0) -> {
            return v0.value();
        }, Collectors.toList())));
    }

    private HTTPHeaders updateRequestHeaders(HTTPHeaders hTTPHeaders, Map<String, List<String>> map) {
        ImmutableHTTPHeaders.Builder builder = ImmutableHTTPHeaders.builder();
        map.forEach((str, list) -> {
            if (hTTPHeaders.contains(str)) {
                for (HTTPHeaders.HTTPHeader hTTPHeader : hTTPHeaders.entries(str)) {
                    if (!list.contains(hTTPHeader.value())) {
                        builder.addEntry(HTTPHeaders.HTTPHeader.of("Original-" + str, hTTPHeader.value()));
                    }
                }
            }
            list.forEach(str -> {
                builder.addEntry(HTTPHeaders.HTTPHeader.of(str, str));
            });
        });
        return builder.build();
    }
}
