package software.amazon.awssdk.services.rds.internal;

import java.net.URI;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneOffset;
import java.util.Objects;
import java.util.function.Supplier;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.awscore.endpoint.AwsClientEndpointProvider;
import software.amazon.awssdk.core.ClientEndpointProvider;
import software.amazon.awssdk.core.Protocol;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
import software.amazon.awssdk.core.client.config.SdkClientOption;
import software.amazon.awssdk.core.interceptor.Context;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.http.auth.aws.signer.AwsV4FamilyHttpSigner;
import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
import software.amazon.awssdk.http.auth.spi.signer.HttpSigner;
import software.amazon.awssdk.http.auth.spi.signer.SignRequest;
import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
import software.amazon.awssdk.identity.spi.Identity;
import software.amazon.awssdk.protocols.query.AwsQueryProtocolFactory;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.rds.model.RdsRequest;
import software.amazon.awssdk.utils.CompletableFutureUtils;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/rds/internal/RdsPresignInterceptor.class */
public abstract class RdsPresignInterceptor<T extends RdsRequest> implements ExecutionInterceptor {
    private static final ClientEndpointProvider CUSTOM_ENDPOINT_PROVIDER_LOCALHOST = ClientEndpointProvider.forEndpointOverride(URI.create("http://localhost"));
    protected static final AwsQueryProtocolFactory PROTOCOL_FACTORY = AwsQueryProtocolFactory.builder().clientConfiguration(SdkClientConfiguration.builder().option(SdkClientOption.CLIENT_ENDPOINT_PROVIDER, CUSTOM_ENDPOINT_PROVIDER_LOCALHOST).mo2971build()).build();
    private static final String SERVICE_NAME = "rds";
    private static final String PARAM_SOURCE_REGION = "SourceRegion";
    private static final String PARAM_DESTINATION_REGION = "DestinationRegion";
    private static final String PARAM_PRESIGNED_URL = "PreSignedUrl";
    private final Class<T> requestClassToPreSign;
    private final Clock signingClockOverride;

    /* loaded from: input_file:software/amazon/awssdk/services/rds/internal/RdsPresignInterceptor$PresignableRequest.class */
    public interface PresignableRequest {
        String getSourceRegion();

        SdkHttpFullRequest marshall();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RdsPresignInterceptor(Class<T> cls) {
        this(cls, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RdsPresignInterceptor(Class<T> cls, Clock clock) {
        this.requestClassToPreSign = cls;
        this.signingClockOverride = clock;
    }

    @Override // software.amazon.awssdk.core.interceptor.ExecutionInterceptor
    public final SdkHttpRequest modifyHttpRequest(Context.ModifyHttpRequest modifyHttpRequest, ExecutionAttributes executionAttributes) {
        SdkHttpRequest httpRequest = modifyHttpRequest.httpRequest();
        PresignableRequest presignableRequest = toPresignableRequest(httpRequest, modifyHttpRequest);
        if (presignableRequest == null) {
            return (SdkHttpRequest) httpRequest.mo3533toBuilder().removeQueryParameter(PARAM_SOURCE_REGION).mo2971build();
        }
        SelectedAuthScheme selectedAuthScheme = (SelectedAuthScheme) executionAttributes.getAttribute(SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME);
        String sourceRegion = presignableRequest.getSourceRegion();
        return (SdkHttpRequest) httpRequest.mo3533toBuilder().putRawQueryParameter(PARAM_PRESIGNED_URL, sraPresignRequest(executionAttributes, presignableRequest.marshall().mo3533toBuilder().uri(createEndpoint(sourceRegion, "rds", executionAttributes)).method(SdkHttpMethod.GET).putRawQueryParameter(PARAM_DESTINATION_REGION, (String) selectedAuthScheme.authSchemeOption().signerProperty(AwsV4HttpSigner.REGION_NAME)).removeQueryParameter(PARAM_SOURCE_REGION).mo2971build(), sourceRegion).getUri().toString()).removeQueryParameter(PARAM_SOURCE_REGION).mo2971build();
    }

    protected abstract PresignableRequest adaptRequest(T t);

    private PresignableRequest toPresignableRequest(SdkHttpRequest sdkHttpRequest, Context.ModifyHttpRequest modifyHttpRequest) {
        SdkRequest request = modifyHttpRequest.request();
        if (!this.requestClassToPreSign.isInstance(request) || sdkHttpRequest.firstMatchingRawQueryParameter(PARAM_PRESIGNED_URL).isPresent()) {
            return null;
        }
        PresignableRequest adaptRequest = adaptRequest(this.requestClassToPreSign.cast(request));
        if (adaptRequest.getSourceRegion() == null) {
            return null;
        }
        return adaptRequest;
    }

    private SdkHttpFullRequest sraPresignRequest(ExecutionAttributes executionAttributes, SdkHttpFullRequest sdkHttpFullRequest, String str) {
        return doSraPresign(sdkHttpFullRequest, (SelectedAuthScheme) executionAttributes.getAttribute(SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME), str, Clock.fixed(this.signingClockOverride != null ? this.signingClockOverride.instant() : Instant.now(), ZoneOffset.UTC), Duration.ofDays(7L));
    }

    private <T extends Identity> SdkHttpFullRequest doSraPresign(SdkHttpFullRequest sdkHttpFullRequest, SelectedAuthScheme<T> selectedAuthScheme, String str, Clock clock, Duration duration) {
        SignRequest.Builder payload = SignRequest.builder((Identity) CompletableFutureUtils.joinLikeSync(selectedAuthScheme.identity())).putProperty(AwsV4FamilyHttpSigner.AUTH_LOCATION, AwsV4FamilyHttpSigner.AuthLocation.QUERY_STRING).putProperty(AwsV4FamilyHttpSigner.EXPIRATION_DURATION, duration).putProperty(HttpSigner.SIGNING_CLOCK, clock).request(sdkHttpFullRequest).payload(sdkHttpFullRequest.contentStreamProvider().orElse(null));
        AuthSchemeOption authSchemeOption = selectedAuthScheme.authSchemeOption();
        Objects.requireNonNull(payload);
        authSchemeOption.forEachSignerProperty(payload::putProperty);
        payload.putProperty(AwsV4HttpSigner.REGION_NAME, str);
        return toSdkHttpFullRequest(selectedAuthScheme.signer().sign((SignRequest<? extends T>) payload.mo2971build()));
    }

    private SdkHttpFullRequest toSdkHttpFullRequest(SignedRequest signedRequest) {
        SdkHttpRequest request = signedRequest.request();
        return SdkHttpFullRequest.builder().contentStreamProvider(signedRequest.payload().orElse(null)).protocol(request.protocol()).method(request.method()).host(request.host()).port(Integer.valueOf(request.port())).encodedPath(request.encodedPath()).applyMutation(builder -> {
            Objects.requireNonNull(builder);
            request.forEachHeader(builder::putHeader);
        }).applyMutation(builder2 -> {
            Objects.requireNonNull(builder2);
            request.forEachRawQueryParameter(builder2::putRawQueryParameter);
        }).removeQueryParameter(PARAM_SOURCE_REGION).mo2971build();
    }

    private URI createEndpoint(String str, String str2, ExecutionAttributes executionAttributes) {
        return AwsClientEndpointProvider.builder().serviceEndpointPrefix("rds").defaultProtocol(Protocol.HTTPS.toString()).region(Region.of(str)).profileFile((Supplier) executionAttributes.getAttribute(SdkExecutionAttribute.PROFILE_FILE_SUPPLIER)).profileName((String) executionAttributes.getAttribute(SdkExecutionAttribute.PROFILE_NAME)).dualstackEnabled((Boolean) executionAttributes.getAttribute(AwsExecutionAttribute.DUALSTACK_ENDPOINT_ENABLED)).fipsEnabled((Boolean) executionAttributes.getAttribute(AwsExecutionAttribute.FIPS_ENDPOINT_ENABLED)).build().clientEndpoint();
    }
}
