package net.snowflake.client.core.auth.wif;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import net.snowflake.client.core.SnowflakeJdbcInternalApi;
import net.snowflake.client.jdbc.internal.amazonaws.DefaultRequest;
import net.snowflake.client.jdbc.internal.amazonaws.Request;
import net.snowflake.client.jdbc.internal.amazonaws.auth.AWSCredentials;
import net.snowflake.client.jdbc.internal.amazonaws.http.HttpMethodName;
import net.snowflake.client.jdbc.internal.google.api.gax.tracing.MetricsTracer;
import net.snowflake.client.jdbc.internal.net.minidev.json.JSONObject;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

@SnowflakeJdbcInternalApi
/* loaded from: input_file:net/snowflake/client/core/auth/wif/AwsIdentityAttestationCreator.class */
public class AwsIdentityAttestationCreator implements WorkloadIdentityAttestationCreator {
    private static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) AwsIdentityAttestationCreator.class);
    private final AwsAttestationService attestationService;

    public AwsIdentityAttestationCreator(AwsAttestationService awsAttestationService) {
        this.attestationService = awsAttestationService;
    }

    @Override // net.snowflake.client.core.auth.wif.WorkloadIdentityAttestationCreator
    public WorkloadIdentityAttestation createAttestation() {
        logger.debug("Creating AWS identity attestation...", new Object[0]);
        AWSCredentials aWSCredentials = this.attestationService.getAWSCredentials();
        if (aWSCredentials == null) {
            logger.debug("No AWS credentials were found.", new Object[0]);
            return null;
        }
        String aWSRegion = this.attestationService.getAWSRegion();
        if (aWSRegion == null) {
            logger.debug("No AWS region was found.", new Object[0]);
            return null;
        }
        String arn = this.attestationService.getArn();
        if (arn == null) {
            logger.debug("No Caller Identity was found.", new Object[0]);
            return null;
        }
        Request<Void> createStsRequest = createStsRequest(String.format("sts.%s.amazonaws.com", aWSRegion));
        this.attestationService.signRequestWithSigV4(createStsRequest, aWSCredentials);
        return new WorkloadIdentityAttestation(WorkloadIdentityProviderType.AWS, createBase64EncodedRequestCredential(createStsRequest), Collections.singletonMap("arn", arn));
    }

    private Request<Void> createStsRequest(String str) {
        DefaultRequest defaultRequest = new DefaultRequest("sts");
        defaultRequest.setHttpMethod(HttpMethodName.POST);
        defaultRequest.setEndpoint(URI.create(String.format("https://%s/?Action=GetCallerIdentity&Version=2011-06-15", str)));
        defaultRequest.addHeader("Host", str);
        defaultRequest.addHeader("X-Snowflake-Audience", "snowflakecomputing.com");
        return defaultRequest;
    }

    private String createBase64EncodedRequestCredential(Request<Void> request) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.putAll(request.getHeaders());
        jSONObject.put("url", request.getEndpoint().toString());
        jSONObject.put(MetricsTracer.METHOD_ATTRIBUTE, request.getHttpMethod().toString());
        jSONObject.put("headers", jSONObject2);
        return Base64.getEncoder().encodeToString(jSONObject.toString().getBytes(StandardCharsets.UTF_8));
    }
}
