package software.amazon.awssdk.services.elasticsearch.auth.scheme.internal;

import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.exception.SdkException;
import software.amazon.awssdk.core.interceptor.Context;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.MetricUtils;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeProvider;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.identity.spi.Identity;
import software.amazon.awssdk.identity.spi.IdentityProvider;
import software.amazon.awssdk.identity.spi.IdentityProviders;
import software.amazon.awssdk.identity.spi.ResolveIdentityRequest;
import software.amazon.awssdk.identity.spi.TokenIdentity;
import software.amazon.awssdk.metrics.MetricCollector;
import software.amazon.awssdk.metrics.SdkMetric;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.elasticsearch.auth.scheme.ElasticsearchAuthSchemeParams;
import software.amazon.awssdk.services.elasticsearch.auth.scheme.ElasticsearchAuthSchemeProvider;
import software.amazon.awssdk.services.elasticsearch.endpoints.internal.AuthSchemeUtils;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.Validate;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/elasticsearch/auth/scheme/internal/ElasticsearchAuthSchemeInterceptor.class */
public final class ElasticsearchAuthSchemeInterceptor implements ExecutionInterceptor {
    private static Logger LOG = Logger.loggerFor(ElasticsearchAuthSchemeInterceptor.class);

    public void beforeExecution(Context.BeforeExecution beforeExecution, ExecutionAttributes executionAttributes) {
        AuthSchemeUtils.putSelectedAuthScheme(executionAttributes, selectAuthScheme(resolveAuthOptions(beforeExecution, executionAttributes), executionAttributes));
    }

    private List<AuthSchemeOption> resolveAuthOptions(Context.BeforeExecution beforeExecution, ExecutionAttributes executionAttributes) {
        return ((ElasticsearchAuthSchemeProvider) Validate.isInstanceOf(ElasticsearchAuthSchemeProvider.class, (AuthSchemeProvider) executionAttributes.getAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER), "Expected an instance of ElasticsearchAuthSchemeProvider", new Object[0])).resolveAuthScheme(authSchemeParams(beforeExecution.request(), executionAttributes));
    }

    private SelectedAuthScheme<? extends Identity> selectAuthScheme(List<AuthSchemeOption> list, ExecutionAttributes executionAttributes) {
        MetricCollector metricCollector = (MetricCollector) executionAttributes.getAttribute(SdkExecutionAttribute.API_CALL_METRIC_COLLECTOR);
        Map map = (Map) executionAttributes.getAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES);
        IdentityProviders identityProviders = (IdentityProviders) executionAttributes.getAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS);
        ArrayList arrayList = new ArrayList();
        for (AuthSchemeOption authSchemeOption : list) {
            SelectedAuthScheme<? extends Identity> trySelectAuthScheme = trySelectAuthScheme(authSchemeOption, (AuthScheme) map.get(authSchemeOption.schemeId()), identityProviders, arrayList, metricCollector);
            if (trySelectAuthScheme != null) {
                if (!arrayList.isEmpty()) {
                    LOG.debug(() -> {
                        return String.format("%s auth will be used, discarded: '%s'", authSchemeOption.schemeId(), arrayList.stream().map((v0) -> {
                            return v0.get();
                        }).collect(Collectors.joining(", ")));
                    });
                }
                return trySelectAuthScheme;
            }
        }
        throw SdkException.builder().message("Failed to determine how to authenticate the user: " + ((String) arrayList.stream().map((v0) -> {
            return v0.get();
        }).collect(Collectors.joining(", ")))).build();
    }

    private ElasticsearchAuthSchemeParams authSchemeParams(SdkRequest sdkRequest, ExecutionAttributes executionAttributes) {
        String str = (String) executionAttributes.getAttribute(SdkExecutionAttribute.OPERATION_NAME);
        return ElasticsearchAuthSchemeParams.builder().operation(str).region((Region) executionAttributes.getAttribute(AwsExecutionAttribute.AWS_REGION)).mo21build();
    }

    private <T extends Identity> SelectedAuthScheme<T> trySelectAuthScheme(AuthSchemeOption authSchemeOption, AuthScheme<T> authScheme, IdentityProviders identityProviders, List<Supplier<String>> list, MetricCollector metricCollector) {
        if (authScheme == null) {
            list.add(() -> {
                return String.format("'%s' is not enabled for this request.", authSchemeOption.schemeId());
            });
            return null;
        }
        IdentityProvider<?> identityProvider = authScheme.identityProvider(identityProviders);
        if (identityProvider == null) {
            list.add(() -> {
                return String.format("'%s' does not have an identity provider configured.", authSchemeOption.schemeId());
            });
            return null;
        }
        ResolveIdentityRequest.Builder builder = ResolveIdentityRequest.builder();
        Objects.requireNonNull(builder);
        authSchemeOption.forEachIdentityProperty(builder::putProperty);
        SdkMetric<Duration> identityMetric = getIdentityMetric(identityProvider);
        return new SelectedAuthScheme<>(identityMetric == null ? identityProvider.resolveIdentity((ResolveIdentityRequest) builder.build()) : MetricUtils.reportDuration(() -> {
            return identityProvider.resolveIdentity((ResolveIdentityRequest) builder.build());
        }, metricCollector, identityMetric), authScheme.signer(), authSchemeOption);
    }

    private SdkMetric<Duration> getIdentityMetric(IdentityProvider<?> identityProvider) {
        Class identityType = identityProvider.identityType();
        if (identityType == AwsCredentialsIdentity.class) {
            return CoreMetric.CREDENTIALS_FETCH_DURATION;
        }
        if (identityType == TokenIdentity.class) {
            return CoreMetric.TOKEN_FETCH_DURATION;
        }
        return null;
    }
}
