package net.snowflake.client.core.auth.wif;

import java.util.Optional;
import net.snowflake.client.core.SnowflakeJdbcInternalApi;
import net.snowflake.client.jdbc.EnvironmentVariables;
import net.snowflake.client.jdbc.SnowflakeUtil;
import net.snowflake.client.jdbc.internal.amazonaws.SignableRequest;
import net.snowflake.client.jdbc.internal.amazonaws.auth.AWS4Signer;
import net.snowflake.client.jdbc.internal.amazonaws.auth.AWSCredentials;
import net.snowflake.client.jdbc.internal.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import net.snowflake.client.jdbc.internal.amazonaws.regions.InstanceMetadataRegionProvider;
import net.snowflake.client.jdbc.internal.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import net.snowflake.client.jdbc.internal.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

@SnowflakeJdbcInternalApi
/* loaded from: input_file:net/snowflake/client/core/auth/wif/AwsAttestationService.class */
public class AwsAttestationService {
    private static final String SECURE_TOKEN_SERVICE_NAME = "sts";
    private static String region;
    private final AWS4Signer aws4Signer = new AWS4Signer();
    public static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) AwsAttestationService.class);
    private static boolean regionInitialized = false;

    public AwsAttestationService() {
        this.aws4Signer.setServiceName("sts");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AWSCredentials getAWSCredentials() {
        return DefaultAWSCredentialsProviderChain.getInstance().getCredentials();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAWSRegion() {
        try {
            try {
                if (!regionInitialized) {
                    String systemGetEnv = SnowflakeUtil.systemGetEnv(EnvironmentVariables.AWS_REGION.getName());
                    region = systemGetEnv != null ? systemGetEnv : new InstanceMetadataRegionProvider().getRegion();
                }
                String str = region;
                regionInitialized = true;
                return str;
            } catch (Exception e) {
                logger.debug("Could not get AWS region", e);
                regionInitialized = true;
                return null;
            }
        } catch (Throwable th) {
            regionInitialized = true;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getArn() {
        return (String) Optional.ofNullable(AWSSecurityTokenServiceClientBuilder.defaultClient().getCallerIdentity(new GetCallerIdentityRequest())).map((v0) -> {
            return v0.getArn();
        }).orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void signRequestWithSigV4(SignableRequest<Void> signableRequest, AWSCredentials aWSCredentials) {
        this.aws4Signer.sign(signableRequest, aWSCredentials);
    }
}
