package software.amazon.awssdk.services.rds;

import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import software.amazon.awssdk.annotations.Immutable;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
import software.amazon.awssdk.awscore.client.config.AwsClientOption;
import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.identity.spi.IdentityProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.rds.RdsUtilities;
import software.amazon.awssdk.services.rds.model.GenerateAuthenticationTokenRequest;
import software.amazon.awssdk.utils.CompletableFutureUtils;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.StringUtils;

@Immutable
@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/rds/DefaultRdsUtilities.class */
final class DefaultRdsUtilities implements RdsUtilities {
    private static final Logger log = Logger.loggerFor(RdsUtilities.class);
    private static final Duration EXPIRATION_DURATION = Duration.ofMinutes(15);
    private final Aws4Signer signer;
    private final Region region;
    private final IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
    private final Clock clock;

    @SdkInternalApi
    /* loaded from: input_file:software/amazon/awssdk/services/rds/DefaultRdsUtilities$DefaultBuilder.class */
    static final class DefaultBuilder implements RdsUtilities.Builder {
        private Region region;
        private IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;

        RdsUtilities.Builder clientConfiguration(SdkClientConfiguration sdkClientConfiguration) {
            this.credentialsProvider = (IdentityProvider) sdkClientConfiguration.option(AwsClientOption.CREDENTIALS_IDENTITY_PROVIDER);
            this.region = (Region) sdkClientConfiguration.option(AwsClientOption.AWS_REGION);
            return this;
        }

        @Override // software.amazon.awssdk.services.rds.RdsUtilities.Builder
        public RdsUtilities.Builder region(Region region) {
            this.region = region;
            return this;
        }

        @Override // software.amazon.awssdk.services.rds.RdsUtilities.Builder
        public RdsUtilities.Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> identityProvider) {
            this.credentialsProvider = identityProvider;
            return this;
        }

        @Override // software.amazon.awssdk.services.rds.RdsUtilities.Builder
        public RdsUtilities build() {
            return new DefaultRdsUtilities(this);
        }
    }

    DefaultRdsUtilities(DefaultBuilder defaultBuilder) {
        this(defaultBuilder, Clock.systemUTC());
    }

    DefaultRdsUtilities(DefaultBuilder defaultBuilder, Clock clock) {
        this.signer = Aws4Signer.create();
        this.credentialsProvider = defaultBuilder.credentialsProvider;
        this.region = defaultBuilder.region;
        this.clock = clock;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SdkInternalApi
    public static RdsUtilities create(SdkClientConfiguration sdkClientConfiguration) {
        return new DefaultBuilder().clientConfiguration(sdkClientConfiguration).build();
    }

    @Override // software.amazon.awssdk.services.rds.RdsUtilities
    public String generateAuthenticationToken(GenerateAuthenticationTokenRequest generateAuthenticationTokenRequest) {
        SdkHttpFullRequest build = SdkHttpFullRequest.builder().method(SdkHttpMethod.GET).protocol("https").host(generateAuthenticationTokenRequest.hostname()).port(Integer.valueOf(generateAuthenticationTokenRequest.port())).encodedPath("/").putRawQueryParameter("DBUser", generateAuthenticationTokenRequest.username()).putRawQueryParameter("Action", "connect").build();
        Instant plus = Instant.now(this.clock).plus((TemporalAmount) EXPIRATION_DURATION);
        String replacePrefixIgnoreCase = StringUtils.replacePrefixIgnoreCase(this.signer.presign(build, Aws4PresignerParams.builder().signingClockOverride(this.clock).expirationTime(plus).awsCredentials(resolveCredentials(generateAuthenticationTokenRequest)).signingName("rds-db").signingRegion(resolveRegion(generateAuthenticationTokenRequest)).build()).getUri().toString(), "https://", "");
        log.debug(() -> {
            return "Generated RDS authentication token with expiration of " + plus;
        });
        return replacePrefixIgnoreCase;
    }

    private Region resolveRegion(GenerateAuthenticationTokenRequest generateAuthenticationTokenRequest) {
        if (generateAuthenticationTokenRequest.region() != null) {
            return generateAuthenticationTokenRequest.region();
        }
        if (this.region != null) {
            return this.region;
        }
        throw new IllegalArgumentException("Region should be provided either in GenerateAuthenticationTokenRequest object or RdsUtilities object");
    }

    private AwsCredentials resolveCredentials(GenerateAuthenticationTokenRequest generateAuthenticationTokenRequest) {
        if (generateAuthenticationTokenRequest.credentialsIdentityProvider() != null) {
            return CredentialUtils.toCredentials((AwsCredentialsIdentity) CompletableFutureUtils.joinLikeSync(generateAuthenticationTokenRequest.credentialsIdentityProvider().resolveIdentity()));
        }
        if (this.credentialsProvider != null) {
            return CredentialUtils.toCredentials((AwsCredentialsIdentity) CompletableFutureUtils.joinLikeSync(this.credentialsProvider.resolveIdentity()));
        }
        throw new IllegalArgumentException("CredentialProvider should be provided either in GenerateAuthenticationTokenRequest object or RdsUtilities object");
    }
}
