package org.apache.iceberg.aws;

import java.io.Serializable;
import java.net.URI;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.iceberg.common.DynClasses;
import org.apache.iceberg.common.DynMethods;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
import org.apache.iceberg.relocated.com.google.common.base.Strings;
import org.apache.iceberg.relocated.com.google.common.collect.Sets;
import org.apache.iceberg.util.PropertyUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.core.client.builder.SdkClientBuilder;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
import software.amazon.awssdk.services.dynamodb.DynamoDbClientBuilder;
import software.amazon.awssdk.services.glue.GlueClientBuilder;
import software.amazon.awssdk.services.sts.model.Tag;

/* loaded from: input_file:org/apache/iceberg/aws/AwsProperties.class */
public class AwsProperties implements Serializable {
    private static final Logger LOG = LoggerFactory.getLogger(AwsProperties.class);
    public static final String GLUE_CATALOG_ID = "glue.id";
    public static final String GLUE_ACCOUNT_ID = "glue.account-id";
    public static final String GLUE_CATALOG_SKIP_ARCHIVE = "glue.skip-archive";
    public static final boolean GLUE_CATALOG_SKIP_ARCHIVE_DEFAULT = true;
    public static final String GLUE_CATALOG_SKIP_NAME_VALIDATION = "glue.skip-name-validation";
    public static final boolean GLUE_CATALOG_SKIP_NAME_VALIDATION_DEFAULT = false;
    public static final String GLUE_LAKEFORMATION_ENABLED = "glue.lakeformation-enabled";
    public static final boolean GLUE_LAKEFORMATION_ENABLED_DEFAULT = false;
    public static final String GLUE_CATALOG_ENDPOINT = "glue.endpoint";
    public static final String DYNAMODB_ENDPOINT = "dynamodb.endpoint";
    public static final String DYNAMODB_TABLE_NAME = "dynamodb.table-name";
    public static final String DYNAMODB_TABLE_NAME_DEFAULT = "iceberg";
    public static final String CLIENT_FACTORY = "client.factory";
    public static final String CLIENT_ASSUME_ROLE_ARN = "client.assume-role.arn";
    public static final String CLIENT_ASSUME_ROLE_TAGS_PREFIX = "client.assume-role.tags.";
    public static final String CLIENT_ASSUME_ROLE_TIMEOUT_SEC = "client.assume-role.timeout-sec";
    public static final int CLIENT_ASSUME_ROLE_TIMEOUT_SEC_DEFAULT = 3600;
    public static final String CLIENT_ASSUME_ROLE_EXTERNAL_ID = "client.assume-role.external-id";
    public static final String CLIENT_ASSUME_ROLE_REGION = "client.assume-role.region";
    public static final String CLIENT_ASSUME_ROLE_SESSION_NAME = "client.assume-role.session-name";
    public static final String LAKE_FORMATION_TABLE_NAME = "lakeformation.table-name";
    public static final String LAKE_FORMATION_DB_NAME = "lakeformation.db-name";
    public static final String REST_SIGNER_REGION = "rest.signing-region";
    public static final String REST_SIGNING_NAME = "rest.signing-name";
    public static final String REST_SIGNING_NAME_DEFAULT = "execute-api";
    public static final String REST_ACCESS_KEY_ID = "rest.access-key-id";
    public static final String REST_SECRET_ACCESS_KEY = "rest.secret-access-key";
    public static final String REST_SESSION_TOKEN = "rest.session-token";
    private static final String HTTP_CLIENT_PREFIX = "http-client.";
    private final Set<Tag> stsClientAssumeRoleTags;
    private String clientAssumeRoleArn;
    private String clientAssumeRoleExternalId;
    private int clientAssumeRoleTimeoutSec;
    private String clientAssumeRoleRegion;
    private String clientAssumeRoleSessionName;
    private String clientCredentialsProvider;
    private final Map<String, String> clientCredentialsProviderProperties;
    private String glueEndpoint;
    private String glueCatalogId;
    private boolean glueCatalogSkipArchive;
    private boolean glueCatalogSkipNameValidation;
    private boolean glueLakeFormationEnabled;
    private String dynamoDbTableName;
    private String dynamoDbEndpoint;
    private String restSigningRegion;
    private String restSigningName;
    private String restAccessKeyId;
    private String restSecretAccessKey;
    private String restSessionToken;

    public AwsProperties() {
        this.stsClientAssumeRoleTags = Sets.newHashSet();
        this.clientAssumeRoleArn = null;
        this.clientAssumeRoleTimeoutSec = CLIENT_ASSUME_ROLE_TIMEOUT_SEC_DEFAULT;
        this.clientAssumeRoleExternalId = null;
        this.clientAssumeRoleRegion = null;
        this.clientAssumeRoleSessionName = null;
        this.clientCredentialsProvider = null;
        this.clientCredentialsProviderProperties = null;
        this.glueCatalogId = null;
        this.glueEndpoint = null;
        this.glueCatalogSkipArchive = true;
        this.glueCatalogSkipNameValidation = false;
        this.glueLakeFormationEnabled = false;
        this.dynamoDbEndpoint = null;
        this.dynamoDbTableName = "iceberg";
        this.restSigningName = REST_SIGNING_NAME_DEFAULT;
    }

    public AwsProperties(Map<String, String> map) {
        this.stsClientAssumeRoleTags = toStsTags(map, CLIENT_ASSUME_ROLE_TAGS_PREFIX);
        this.clientAssumeRoleArn = map.get(CLIENT_ASSUME_ROLE_ARN);
        this.clientAssumeRoleTimeoutSec = PropertyUtil.propertyAsInt(map, CLIENT_ASSUME_ROLE_TIMEOUT_SEC, CLIENT_ASSUME_ROLE_TIMEOUT_SEC_DEFAULT);
        this.clientAssumeRoleExternalId = map.get(CLIENT_ASSUME_ROLE_EXTERNAL_ID);
        this.clientAssumeRoleRegion = map.get(CLIENT_ASSUME_ROLE_REGION);
        this.clientAssumeRoleSessionName = map.get(CLIENT_ASSUME_ROLE_SESSION_NAME);
        this.clientCredentialsProvider = map.get(AwsClientProperties.CLIENT_CREDENTIALS_PROVIDER);
        this.clientCredentialsProviderProperties = PropertyUtil.propertiesWithPrefix(map, "client.credentials-provider.");
        this.glueEndpoint = map.get(GLUE_CATALOG_ENDPOINT);
        this.glueCatalogId = map.get(GLUE_CATALOG_ID);
        this.glueCatalogSkipArchive = PropertyUtil.propertyAsBoolean(map, GLUE_CATALOG_SKIP_ARCHIVE, true);
        this.glueCatalogSkipNameValidation = PropertyUtil.propertyAsBoolean(map, GLUE_CATALOG_SKIP_NAME_VALIDATION, false);
        this.glueLakeFormationEnabled = PropertyUtil.propertyAsBoolean(map, GLUE_LAKEFORMATION_ENABLED, false);
        this.dynamoDbEndpoint = map.get(DYNAMODB_ENDPOINT);
        this.dynamoDbTableName = PropertyUtil.propertyAsString(map, DYNAMODB_TABLE_NAME, "iceberg");
        this.restSigningRegion = map.get(REST_SIGNER_REGION);
        this.restSigningName = map.getOrDefault(REST_SIGNING_NAME, REST_SIGNING_NAME_DEFAULT);
        this.restAccessKeyId = map.get(REST_ACCESS_KEY_ID);
        this.restSecretAccessKey = map.get(REST_SECRET_ACCESS_KEY);
        this.restSessionToken = map.get(REST_SESSION_TOKEN);
    }

    public Set<Tag> stsClientAssumeRoleTags() {
        return this.stsClientAssumeRoleTags;
    }

    public String clientAssumeRoleArn() {
        return this.clientAssumeRoleArn;
    }

    public int clientAssumeRoleTimeoutSec() {
        return this.clientAssumeRoleTimeoutSec;
    }

    public String clientAssumeRoleExternalId() {
        return this.clientAssumeRoleExternalId;
    }

    public String clientAssumeRoleRegion() {
        return this.clientAssumeRoleRegion;
    }

    public String clientAssumeRoleSessionName() {
        return this.clientAssumeRoleSessionName;
    }

    public String glueCatalogId() {
        return this.glueCatalogId;
    }

    public void setGlueCatalogId(String str) {
        this.glueCatalogId = str;
    }

    public boolean glueCatalogSkipArchive() {
        return this.glueCatalogSkipArchive;
    }

    public void setGlueCatalogSkipArchive(boolean z) {
        this.glueCatalogSkipArchive = z;
    }

    public boolean glueCatalogSkipNameValidation() {
        return this.glueCatalogSkipNameValidation;
    }

    public void setGlueCatalogSkipNameValidation(boolean z) {
        this.glueCatalogSkipNameValidation = z;
    }

    public boolean glueLakeFormationEnabled() {
        return this.glueLakeFormationEnabled;
    }

    public void setGlueLakeFormationEnabled(boolean z) {
        this.glueLakeFormationEnabled = z;
    }

    public String dynamoDbTableName() {
        return this.dynamoDbTableName;
    }

    public void setDynamoDbTableName(String str) {
        this.dynamoDbTableName = str;
    }

    public <T extends GlueClientBuilder> void applyGlueEndpointConfigurations(T t) {
        configureEndpoint(t, this.glueEndpoint);
    }

    public <T extends DynamoDbClientBuilder> void applyDynamoDbEndpointConfigurations(T t) {
        configureEndpoint(t, this.dynamoDbEndpoint);
    }

    public Region restSigningRegion() {
        if (this.restSigningRegion == null) {
            this.restSigningRegion = DefaultAwsRegionProviderChain.builder().build().getRegion().id();
        }
        return Region.of(this.restSigningRegion);
    }

    public String restSigningName() {
        return this.restSigningName;
    }

    public AwsCredentialsProvider restCredentialsProvider() {
        return credentialsProvider(this.restAccessKeyId, this.restSecretAccessKey, this.restSessionToken);
    }

    private Set<Tag> toStsTags(Map<String, String> map, String str) {
        return (Set) PropertyUtil.propertiesWithPrefix(map, str).entrySet().stream().map(entry -> {
            return (Tag) Tag.builder().key((String) entry.getKey()).value((String) entry.getValue()).build();
        }).collect(Collectors.toSet());
    }

    private AwsCredentialsProvider credentialsProvider(String str, String str2, String str3) {
        return str != null ? str3 == null ? StaticCredentialsProvider.create(AwsBasicCredentials.create(str, str2)) : StaticCredentialsProvider.create(AwsSessionCredentials.create(str, str2, str3)) : !Strings.isNullOrEmpty(this.clientCredentialsProvider) ? credentialsProvider(this.clientCredentialsProvider) : DefaultCredentialsProvider.builder().build();
    }

    private AwsCredentialsProvider credentialsProvider(String str) {
        AwsCredentialsProvider awsCredentialsProvider;
        try {
            Class<?> buildChecked = DynClasses.builder().impl(str).buildChecked();
            Preconditions.checkArgument(AwsCredentialsProvider.class.isAssignableFrom(buildChecked), String.format("Cannot initialize %s, it does not implement %s.", str, AwsCredentialsProvider.class.getName()));
            try {
                try {
                    awsCredentialsProvider = (AwsCredentialsProvider) DynMethods.builder("create").hiddenImpl(buildChecked, Map.class).buildStaticChecked().invoke(this.clientCredentialsProviderProperties);
                } catch (NoSuchMethodException e) {
                    awsCredentialsProvider = (AwsCredentialsProvider) DynMethods.builder("create").hiddenImpl(buildChecked, new Class[0]).buildStaticChecked().invoke(new Object[0]);
                }
                return awsCredentialsProvider;
            } catch (NoSuchMethodException e2) {
                throw new IllegalArgumentException(String.format("Cannot create an instance of %s, it does not contain a static 'create' or 'create(Map<String, String>)' method", str), e2);
            }
        } catch (ClassNotFoundException e3) {
            throw new IllegalArgumentException(String.format("Cannot load class %s, it does not exist in the classpath", str), e3);
        }
    }

    private <T extends SdkClientBuilder> void configureEndpoint(T t, String str) {
        if (str != null) {
            t.endpointOverride(URI.create(str));
        }
    }
}
