package software.amazon.awssdk.s3accessgrants.plugin;

import java.util.List;
import java.util.stream.Collectors;
import software.amazon.awssdk.annotations.NotNull;
import software.amazon.awssdk.core.exception.SdkServiceException;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.s3accessgrants.cache.S3AccessGrantsCachedBucketRegionResolver;
import software.amazon.awssdk.s3accessgrants.plugin.internal.S3AccessGrantsOperationToPermissionMapper;
import software.amazon.awssdk.s3accessgrants.plugin.internal.S3AccessGrantsStaticOperationToPermissionMapper;
import software.amazon.awssdk.s3accessgrants.plugin.internal.S3AccessGrantsUtils;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeParams;
import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeProvider;
import software.amazon.awssdk.services.s3control.model.Permission;

/* loaded from: input_file:software/amazon/awssdk/s3accessgrants/plugin/S3AccessGrantsAuthSchemeProvider.class */
public class S3AccessGrantsAuthSchemeProvider implements S3AuthSchemeProvider {
    private final S3AuthSchemeProvider authSchemeProvider;
    private final S3Client s3Client;
    private final Boolean isCrossRegionAccessEnabled;
    private final S3AccessGrantsOperationToPermissionMapper permissionMapper;
    private final S3AccessGrantsCachedBucketRegionResolver bucketRegionCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    public S3AccessGrantsAuthSchemeProvider(@NotNull S3AuthSchemeProvider s3AuthSchemeProvider, S3Client s3Client, Boolean bool) {
        S3AccessGrantsUtils.argumentNotNull(s3AuthSchemeProvider, "Expecting an Auth Scheme Provider to be specified while configuring S3Clients!");
        S3AccessGrantsUtils.argumentNotNull(s3Client, String.format(S3AccessGrantsUtils.CONTACT_TEAM_MESSAGE_TEMPLATE, "S3 Client", "Plugin"));
        this.authSchemeProvider = s3AuthSchemeProvider;
        this.s3Client = s3Client;
        this.isCrossRegionAccessEnabled = bool == null ? S3AccessGrantsUtils.DEFAULT_CROSS_REGION_ACCESS_SETTING : bool;
        this.permissionMapper = new S3AccessGrantsStaticOperationToPermissionMapper();
        this.bucketRegionCache = S3AccessGrantsCachedBucketRegionResolver.builder().s3Client(s3Client).build();
    }

    public List<AuthSchemeOption> resolveAuthScheme(@NotNull S3AuthSchemeParams s3AuthSchemeParams) {
        S3AccessGrantsUtils.argumentNotNull(s3AuthSchemeParams, "An internal exception has occurred. Valid auth scheme params were not passed to the Auth Scheme Provider. Please contact the S3 Access Grants plugin team!");
        List resolveAuthScheme = this.authSchemeProvider.resolveAuthScheme(s3AuthSchemeParams);
        try {
            S3AccessGrantsUtils.logger.debug(() -> {
                return "operation : " + s3AuthSchemeParams.operation();
            });
            Permission permission = this.permissionMapper.getPermission(s3AuthSchemeParams.operation());
            S3AccessGrantsUtils.argumentNotNull(s3AuthSchemeParams.bucket(), "Please specify a valid bucket name for the operation!");
            Region bucketLocation = getBucketLocation(s3AuthSchemeParams.bucket());
            S3AccessGrantsUtils.logger.debug(() -> {
                return "Access Grants requests will be sent to the region " + bucketLocation;
            });
            String str = "s3://" + s3AuthSchemeParams.bucket() + "/" + getKeyIfExists(s3AuthSchemeParams);
            return (List) resolveAuthScheme.stream().map(authSchemeOption -> {
                return (AuthSchemeOption) authSchemeOption.toBuilder().putIdentityProperty(S3AccessGrantsUtils.PREFIX_PROPERTY, str).putIdentityProperty(S3AccessGrantsUtils.BUCKET_LOCATION_PROPERTY, bucketLocation).putIdentityProperty(S3AccessGrantsUtils.PERMISSION_PROPERTY, permission).build();
            }).collect(Collectors.toList());
        } catch (SdkServiceException e) {
            return (List) resolveAuthScheme.stream().map(authSchemeOption2 -> {
                return (AuthSchemeOption) authSchemeOption2.toBuilder().putIdentityProperty(S3AccessGrantsUtils.AUTH_EXCEPTIONS_PROPERTY, e).build();
            }).collect(Collectors.toList());
        }
    }

    private String getKeyIfExists(S3AuthSchemeParams s3AuthSchemeParams) {
        Boolean valueOf = Boolean.valueOf((s3AuthSchemeParams.key() == null || s3AuthSchemeParams.key().isEmpty()) && (s3AuthSchemeParams.prefix() == null || s3AuthSchemeParams.prefix().isEmpty()));
        String prefix = (s3AuthSchemeParams.key() == null || s3AuthSchemeParams.key().isEmpty()) ? (s3AuthSchemeParams.prefix() == null || s3AuthSchemeParams.prefix().isEmpty()) ? null : s3AuthSchemeParams.prefix() : s3AuthSchemeParams.key();
        if (valueOf.booleanValue()) {
            S3AccessGrantsUtils.logger.debug(() -> {
                return "no object key was specified for the operation!";
            });
        }
        return valueOf.booleanValue() ? "*" : prefix;
    }

    private Region getBucketLocation(String str) {
        if (this.isCrossRegionAccessEnabled.booleanValue()) {
            return this.bucketRegionCache.resolve(str);
        }
        S3AccessGrantsUtils.argumentNotNull(this.s3Client.serviceClientConfiguration().region(), "Expecting a region to be configured on the S3Clients!");
        return this.s3Client.serviceClientConfiguration().region();
    }
}
