package software.amazon.awssdk.codegen.poet.auth.scheme;

import com.squareup.javapoet.ClassName;
import com.squareup.javapoet.FieldSpec;
import com.squareup.javapoet.MethodSpec;
import com.squareup.javapoet.ParameterizedTypeName;
import com.squareup.javapoet.TypeName;
import com.squareup.javapoet.TypeSpec;
import com.squareup.javapoet.TypeVariableName;
import com.squareup.javapoet.WildcardTypeName;
import java.lang.reflect.Type;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.lang.model.element.Modifier;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.codegen.model.intermediate.IntermediateModel;
import software.amazon.awssdk.codegen.poet.ClassSpec;
import software.amazon.awssdk.codegen.poet.PoetUtils;
import software.amazon.awssdk.codegen.poet.rules.EndpointRulesSpecUtils;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.exception.SdkException;
import software.amazon.awssdk.core.interceptor.Context;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.MetricUtils;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.identity.spi.Identity;
import software.amazon.awssdk.identity.spi.IdentityProvider;
import software.amazon.awssdk.identity.spi.IdentityProviders;
import software.amazon.awssdk.identity.spi.ResolveIdentityRequest;
import software.amazon.awssdk.identity.spi.TokenIdentity;
import software.amazon.awssdk.metrics.MetricCollector;
import software.amazon.awssdk.metrics.SdkMetric;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.Validate;

/* loaded from: input_file:software/amazon/awssdk/codegen/poet/auth/scheme/AuthSchemeInterceptorSpec.class */
public final class AuthSchemeInterceptorSpec implements ClassSpec {
    private final AuthSchemeSpecUtils authSchemeSpecUtils;
    private final EndpointRulesSpecUtils endpointRulesSpecUtils;

    public AuthSchemeInterceptorSpec(IntermediateModel intermediateModel) {
        this.authSchemeSpecUtils = new AuthSchemeSpecUtils(intermediateModel);
        this.endpointRulesSpecUtils = new EndpointRulesSpecUtils(intermediateModel);
    }

    @Override // software.amazon.awssdk.codegen.poet.ClassSpec
    public ClassName className() {
        return this.authSchemeSpecUtils.authSchemeInterceptor();
    }

    @Override // software.amazon.awssdk.codegen.poet.ClassSpec
    public TypeSpec poetSpec() {
        TypeSpec.Builder addAnnotation = PoetUtils.createClassBuilder(className()).addSuperinterface(ExecutionInterceptor.class).addModifiers(new Modifier[]{Modifier.PUBLIC, Modifier.FINAL}).addAnnotation(SdkInternalApi.class);
        addAnnotation.addField(FieldSpec.builder(Logger.class, "LOG", new Modifier[]{Modifier.PRIVATE, Modifier.STATIC}).initializer("$T.loggerFor($T.class)", new Object[]{Logger.class, className()}).build());
        addAnnotation.addMethod(generateBeforeExecution()).addMethod(generateResolveAuthOptions()).addMethod(generateSelectAuthScheme()).addMethod(generateAuthSchemeParams()).addMethod(generateTrySelectAuthScheme()).addMethod(generateGetIdentityMetric());
        return addAnnotation.build();
    }

    private MethodSpec generateBeforeExecution() {
        MethodSpec.Builder addParameter = MethodSpec.methodBuilder("beforeExecution").addAnnotation(Override.class).addModifiers(new Modifier[]{Modifier.PUBLIC}).addParameter(Context.BeforeExecution.class, "context", new Modifier[0]).addParameter(ExecutionAttributes.class, "executionAttributes", new Modifier[0]);
        addParameter.addStatement("$T authOptions = resolveAuthOptions(context, executionAttributes)", new Object[]{listOf(AuthSchemeOption.class)}).addStatement("$T selectedAuthScheme = selectAuthScheme(authOptions, executionAttributes)", new Object[]{wildcardSelectedAuthScheme()}).addStatement("$T.putSelectedAuthScheme(executionAttributes, selectedAuthScheme)", new Object[]{this.endpointRulesSpecUtils.rulesRuntimeClassName("AuthSchemeUtils")});
        return addParameter.build();
    }

    private MethodSpec generateResolveAuthOptions() {
        MethodSpec.Builder addParameter = MethodSpec.methodBuilder("resolveAuthOptions").addModifiers(new Modifier[]{Modifier.PRIVATE}).returns(listOf(AuthSchemeOption.class)).addParameter(Context.BeforeExecution.class, "context", new Modifier[0]).addParameter(ExecutionAttributes.class, "executionAttributes", new Modifier[0]);
        addParameter.addStatement("$1T authSchemeProvider = $2T.isInstanceOf($1T.class, executionAttributes.getAttribute($3T.AUTH_SCHEME_RESOLVER), $4S)", new Object[]{this.authSchemeSpecUtils.providerInterfaceName(), Validate.class, SdkInternalExecutionAttribute.class, "Expected an instance of " + this.authSchemeSpecUtils.providerInterfaceName().simpleName()});
        addParameter.addStatement("$T params = authSchemeParams(context.request(), executionAttributes)", new Object[]{this.authSchemeSpecUtils.parametersInterfaceName()});
        addParameter.addStatement("return authSchemeProvider.resolveAuthScheme(params)", new Object[0]);
        return addParameter.build();
    }

    private MethodSpec generateAuthSchemeParams() {
        MethodSpec.Builder addParameter = MethodSpec.methodBuilder("authSchemeParams").addModifiers(new Modifier[]{Modifier.PRIVATE}).returns(this.authSchemeSpecUtils.parametersInterfaceName()).addParameter(SdkRequest.class, "request", new Modifier[0]).addParameter(ExecutionAttributes.class, "executionAttributes", new Modifier[0]);
        if (!this.authSchemeSpecUtils.useEndpointBasedAuthProvider()) {
            addParameter.addStatement("$T operation = executionAttributes.getAttribute($T.OPERATION_NAME)", new Object[]{String.class, SdkExecutionAttribute.class});
            if (this.authSchemeSpecUtils.usesSigV4()) {
                addParameter.addStatement("$T region = executionAttributes.getAttribute($T.AWS_REGION)", new Object[]{Region.class, AwsExecutionAttribute.class});
                addParameter.addStatement("return $T.builder().operation(operation).region(region).build()", new Object[]{this.authSchemeSpecUtils.parametersInterfaceName()});
            } else {
                addParameter.addStatement("return $T.builder().operation(operation).build()", new Object[]{this.authSchemeSpecUtils.parametersInterfaceName()});
            }
            return addParameter.build();
        }
        addParameter.addStatement("$T endpointParams = $T.ruleParams(request, executionAttributes)", new Object[]{this.endpointRulesSpecUtils.parametersClassName(), this.endpointRulesSpecUtils.resolverInterceptorName()});
        addParameter.addStatement("$1T.Builder builder = $1T.builder()", new Object[]{this.authSchemeSpecUtils.parametersInterfaceName()});
        boolean z = false;
        for (String str : this.endpointRulesSpecUtils.parameters().keySet()) {
            if (this.authSchemeSpecUtils.includeParamForProvider(str)) {
                z = z || str.equalsIgnoreCase("region");
                addParameter.addStatement("builder.$1N(endpointParams.$1N())", new Object[]{this.endpointRulesSpecUtils.paramMethodName(str)});
            }
        }
        addParameter.addStatement("$T operation = executionAttributes.getAttribute($T.OPERATION_NAME)", new Object[]{String.class, SdkExecutionAttribute.class});
        addParameter.addStatement("builder.operation(operation)", new Object[0]);
        if (this.authSchemeSpecUtils.usesSigV4() && !z) {
            addParameter.addStatement("$T region = executionAttributes.getAttribute($T.AWS_REGION)", new Object[]{Region.class, AwsExecutionAttribute.class});
            addParameter.addStatement("builder.region(region)", new Object[0]);
        }
        addParameter.addStatement("return builder.build()", new Object[0]);
        return addParameter.build();
    }

    private MethodSpec generateSelectAuthScheme() {
        MethodSpec.Builder addParameter = MethodSpec.methodBuilder("selectAuthScheme").addModifiers(new Modifier[]{Modifier.PRIVATE}).returns(wildcardSelectedAuthScheme()).addParameter(listOf(AuthSchemeOption.class), "authOptions", new Modifier[0]).addParameter(ExecutionAttributes.class, "executionAttributes", new Modifier[0]);
        addParameter.addStatement("$T metricCollector = executionAttributes.getAttribute($T.API_CALL_METRIC_COLLECTOR)", new Object[]{MetricCollector.class, SdkExecutionAttribute.class}).addStatement("$T authSchemes = executionAttributes.getAttribute($T.AUTH_SCHEMES)", new Object[]{mapOf(String.class, wildcardAuthScheme()), SdkInternalExecutionAttribute.class}).addStatement("$T identityProviders = executionAttributes.getAttribute($T.IDENTITY_PROVIDERS)", new Object[]{IdentityProviders.class, SdkInternalExecutionAttribute.class}).addStatement("$T discardedReasons = new $T<>()", new Object[]{listOfStringSuppliers(), ArrayList.class});
        addParameter.beginControlFlow("for ($T authOption : authOptions)", new Object[]{AuthSchemeOption.class});
        addParameter.addStatement("$T authScheme = authSchemes.get(authOption.schemeId())", new Object[]{wildcardAuthScheme()}).addStatement("$T selectedAuthScheme = trySelectAuthScheme(authOption, authScheme, identityProviders, discardedReasons, metricCollector)", new Object[]{wildcardSelectedAuthScheme()});
        addParameter.beginControlFlow("if (selectedAuthScheme != null)", new Object[0]);
        addLogDebugDiscardedOptions(addParameter);
        addParameter.addStatement("return selectedAuthScheme", new Object[0]).endControlFlow();
        addParameter.endControlFlow();
        addParameter.addStatement("throw $T.builder().message($S + discardedReasons.stream().map($T::get).collect($T.joining(\", \"))).build()", new Object[]{SdkException.class, "Failed to determine how to authenticate the user: ", Supplier.class, Collectors.class});
        return addParameter.build();
    }

    private MethodSpec generateTrySelectAuthScheme() {
        MethodSpec.Builder addTypeVariable = MethodSpec.methodBuilder("trySelectAuthScheme").addModifiers(new Modifier[]{Modifier.PRIVATE}).returns(namedSelectedAuthScheme()).addParameter(AuthSchemeOption.class, "authOption", new Modifier[0]).addParameter(namedAuthScheme(), "authScheme", new Modifier[0]).addParameter(IdentityProviders.class, "identityProviders", new Modifier[0]).addParameter(listOfStringSuppliers(), "discardedReasons", new Modifier[0]).addParameter(MetricCollector.class, "metricCollector", new Modifier[0]).addTypeVariable(TypeVariableName.get("T", new Type[]{Identity.class}));
        addTypeVariable.beginControlFlow("if (authScheme == null)", new Object[0]);
        addTypeVariable.addStatement("discardedReasons.add(() -> String.format($S, authOption.schemeId()))", new Object[]{"'%s' is not enabled for this request."}).addStatement("return null", new Object[0]).endControlFlow();
        addTypeVariable.addStatement("$T identityProvider = authScheme.identityProvider(identityProviders)", new Object[]{namedIdentityProvider()});
        addTypeVariable.beginControlFlow("if (identityProvider == null)", new Object[0]);
        addTypeVariable.addStatement("discardedReasons.add(() -> String.format($S, authOption.schemeId()))", new Object[]{"'%s' does not have an identity provider configured."}).addStatement("return null", new Object[0]).endControlFlow();
        addTypeVariable.addStatement("$T.Builder identityRequestBuilder = $T.builder()", new Object[]{ResolveIdentityRequest.class, ResolveIdentityRequest.class});
        addTypeVariable.addStatement("authOption.forEachIdentityProperty(identityRequestBuilder::putProperty)", new Object[0]);
        addTypeVariable.addStatement("$T identity", new Object[]{namedIdentityFuture()});
        addTypeVariable.addStatement("$T metric = getIdentityMetric(identityProvider)", new Object[]{durationSdkMetric()});
        addTypeVariable.beginControlFlow("if (metric == null)", new Object[0]).addStatement("identity = identityProvider.resolveIdentity(identityRequestBuilder.build())", new Object[0]).nextControlFlow("else", new Object[0]).addStatement("identity = $T.reportDuration(() -> identityProvider.resolveIdentity(identityRequestBuilder.build()), metricCollector, metric)", new Object[]{MetricUtils.class}).endControlFlow();
        addTypeVariable.addStatement("return new $T<>(identity, authScheme.signer(), authOption)", new Object[]{SelectedAuthScheme.class});
        return addTypeVariable.build();
    }

    private MethodSpec generateGetIdentityMetric() {
        MethodSpec.Builder addParameter = MethodSpec.methodBuilder("getIdentityMetric").addModifiers(new Modifier[]{Modifier.PRIVATE}).returns(durationSdkMetric()).addParameter(wildcardIdentityProvider(), "identityProvider", new Modifier[0]);
        addParameter.addStatement("Class<?> identityType = identityProvider.identityType()", new Object[0]).beginControlFlow("if (identityType == $T.class)", new Object[]{AwsCredentialsIdentity.class}).addStatement("return $T.CREDENTIALS_FETCH_DURATION", new Object[]{CoreMetric.class}).endControlFlow().beginControlFlow("if (identityType == $T.class)", new Object[]{TokenIdentity.class}).addStatement("return $T.TOKEN_FETCH_DURATION", new Object[]{CoreMetric.class}).endControlFlow().addStatement("return null", new Object[0]);
        return addParameter.build();
    }

    private void addLogDebugDiscardedOptions(MethodSpec.Builder builder) {
        builder.beginControlFlow("if (!discardedReasons.isEmpty())", new Object[0]);
        builder.addStatement("LOG.debug(() -> String.format(\"%s auth will be used, discarded: '%s'\", authOption.schemeId(), discardedReasons.stream().map($T::get).collect($T.joining(\", \"))))", new Object[]{Supplier.class, Collectors.class}).endControlFlow();
    }

    private TypeName namedIdentityProvider() {
        return ParameterizedTypeName.get(ClassName.get(IdentityProvider.class), new TypeName[]{TypeVariableName.get("T")});
    }

    private TypeName wildcardIdentityProvider() {
        return ParameterizedTypeName.get(ClassName.get(IdentityProvider.class), new TypeName[]{WildcardTypeName.subtypeOf(Object.class)});
    }

    private TypeName namedIdentityFuture() {
        return ParameterizedTypeName.get(ClassName.get(CompletableFuture.class), new TypeName[]{WildcardTypeName.subtypeOf(TypeVariableName.get("T"))});
    }

    private TypeName namedAuthScheme() {
        return ParameterizedTypeName.get(ClassName.get(AuthScheme.class), new TypeName[]{TypeVariableName.get("T", new Type[]{Identity.class})});
    }

    private TypeName wildcardAuthScheme() {
        return ParameterizedTypeName.get(ClassName.get(AuthScheme.class), new TypeName[]{WildcardTypeName.subtypeOf(Object.class)});
    }

    private TypeName namedSelectedAuthScheme() {
        return ParameterizedTypeName.get(ClassName.get(SelectedAuthScheme.class), new TypeName[]{TypeVariableName.get("T", new Type[]{Identity.class})});
    }

    private TypeName wildcardSelectedAuthScheme() {
        return ParameterizedTypeName.get(ClassName.get(SelectedAuthScheme.class), new TypeName[]{WildcardTypeName.subtypeOf(Identity.class)});
    }

    private TypeName listOfStringSuppliers() {
        return listOf(ParameterizedTypeName.get(Supplier.class, new Type[]{String.class}));
    }

    private TypeName mapOf(Object obj, Object obj2) {
        return ParameterizedTypeName.get(ClassName.get(Map.class), new TypeName[]{toTypeName(obj), toTypeName(obj2)});
    }

    private TypeName listOf(Object obj) {
        return ParameterizedTypeName.get(ClassName.get(List.class), new TypeName[]{toTypeName(obj)});
    }

    private ParameterizedTypeName durationSdkMetric() {
        return ParameterizedTypeName.get(ClassName.get(SdkMetric.class), new TypeName[]{toTypeName(Duration.class)});
    }

    private TypeName toTypeName(Object obj) {
        ClassName className;
        if (obj instanceof Class) {
            className = ClassName.get((Class) obj);
        } else {
            if (!(obj instanceof TypeName)) {
                throw new IllegalArgumentException("Don't know how to convert " + obj + " to TypeName");
            }
            className = (TypeName) obj;
        }
        return className;
    }
}
