package software.amazon.awssdk.services.polly.internal.presigner;

import java.net.URI;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.annotations.SdkTestInternalApi;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.awscore.endpoint.DefaultServiceEndpointBuilder;
import software.amazon.awssdk.awscore.endpoint.DualstackEnabledProvider;
import software.amazon.awssdk.awscore.endpoint.FipsEnabledProvider;
import software.amazon.awssdk.awscore.presigner.PresignRequest;
import software.amazon.awssdk.awscore.presigner.PresignedRequest;
import software.amazon.awssdk.awscore.presigner.SdkPresigner;
import software.amazon.awssdk.core.ClientType;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.signer.Presigner;
import software.amazon.awssdk.core.signer.Signer;
import software.amazon.awssdk.http.ContentStreamProvider;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme;
import software.amazon.awssdk.http.auth.aws.signer.AwsV4FamilyHttpSigner;
import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
import software.amazon.awssdk.http.auth.spi.signer.HttpSigner;
import software.amazon.awssdk.http.auth.spi.signer.SignRequest;
import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.identity.spi.Identity;
import software.amazon.awssdk.identity.spi.IdentityProvider;
import software.amazon.awssdk.identity.spi.IdentityProviders;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
import software.amazon.awssdk.services.polly.auth.scheme.PollyAuthSchemeProvider;
import software.amazon.awssdk.services.polly.internal.presigner.model.transform.SynthesizeSpeechRequestMarshaller;
import software.amazon.awssdk.services.polly.model.PollyRequest;
import software.amazon.awssdk.services.polly.model.SynthesizeSpeechRequest;
import software.amazon.awssdk.services.polly.presigner.PollyPresigner;
import software.amazon.awssdk.services.polly.presigner.model.PresignedSynthesizeSpeechRequest;
import software.amazon.awssdk.services.polly.presigner.model.SynthesizeSpeechPresignRequest;
import software.amazon.awssdk.utils.CompletableFutureUtils;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.Validate;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.class */
public final class DefaultPollyPresigner implements PollyPresigner {
    private static final String SIGNING_NAME = "polly";
    private static final String SERVICE_NAME = "polly";
    private final Clock signingClock;
    private final Supplier<ProfileFile> profileFile;
    private final String profileName;
    private final Region region;
    private final IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
    private final URI endpointOverride;
    private final Boolean dualstackEnabled;
    private final Boolean fipsEnabled;

    /* loaded from: input_file:software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner$BuilderImpl.class */
    public static class BuilderImpl implements PollyPresigner.Builder {
        private Clock signingClock;
        private Region region;
        private IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
        private URI endpointOverride;
        private Boolean dualstackEnabled;
        private Boolean fipsEnabled;

        public PollyPresigner.Builder signingClock(Clock clock) {
            this.signingClock = clock;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: region */
        public PollyPresigner.Builder mo51region(Region region) {
            this.region = region;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: credentialsProvider */
        public PollyPresigner.Builder mo50credentialsProvider(AwsCredentialsProvider awsCredentialsProvider) {
            return credentialsProvider((IdentityProvider<? extends AwsCredentialsIdentity>) awsCredentialsProvider);
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        public PollyPresigner.Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> identityProvider) {
            this.credentialsProvider = identityProvider;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: dualstackEnabled */
        public PollyPresigner.Builder mo48dualstackEnabled(Boolean bool) {
            this.dualstackEnabled = bool;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: fipsEnabled */
        public PollyPresigner.Builder mo47fipsEnabled(Boolean bool) {
            this.fipsEnabled = bool;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: endpointOverride */
        public PollyPresigner.Builder mo46endpointOverride(URI uri) {
            this.endpointOverride = uri;
            return this;
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: build */
        public PollyPresigner mo45build() {
            return new DefaultPollyPresigner(this);
        }

        @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner.Builder
        /* renamed from: credentialsProvider, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ SdkPresigner.Builder mo49credentialsProvider(IdentityProvider identityProvider) {
            return credentialsProvider((IdentityProvider<? extends AwsCredentialsIdentity>) identityProvider);
        }
    }

    private DefaultPollyPresigner(BuilderImpl builderImpl) {
        this.signingClock = builderImpl.signingClock != null ? builderImpl.signingClock : Clock.systemUTC();
        this.profileFile = ProfileFile::defaultProfileFile;
        this.profileName = ProfileFileSystemSetting.AWS_PROFILE.getStringValueOrThrow();
        this.region = builderImpl.region != null ? builderImpl.region : DefaultAwsRegionProviderChain.builder().profileFile(this.profileFile).profileName(this.profileName).build().getRegion();
        this.credentialsProvider = builderImpl.credentialsProvider != null ? builderImpl.credentialsProvider : DefaultCredentialsProvider.builder().profileFile(this.profileFile).profileName(this.profileName).build();
        this.endpointOverride = builderImpl.endpointOverride;
        this.dualstackEnabled = builderImpl.dualstackEnabled != null ? builderImpl.dualstackEnabled : (Boolean) DualstackEnabledProvider.builder().profileFile(this.profileFile).profileName(this.profileName).build().isDualstackEnabled().orElse(false);
        this.fipsEnabled = builderImpl.fipsEnabled != null ? builderImpl.fipsEnabled : (Boolean) FipsEnabledProvider.builder().profileFile(this.profileFile).profileName(this.profileName).build().isFipsEnabled().orElse(false);
    }

    IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider() {
        return this.credentialsProvider;
    }

    public void close() {
        IoUtils.closeIfCloseable(this.credentialsProvider, (Logger) null);
    }

    @SdkTestInternalApi
    static PollyPresigner.Builder builder(Clock clock) {
        return new BuilderImpl().signingClock(clock);
    }

    public static PollyPresigner.Builder builder() {
        return new BuilderImpl();
    }

    @Override // software.amazon.awssdk.services.polly.presigner.PollyPresigner
    public PresignedSynthesizeSpeechRequest presignSynthesizeSpeech(SynthesizeSpeechPresignRequest synthesizeSpeechPresignRequest) {
        PresignedSynthesizeSpeechRequest.Builder builder = PresignedSynthesizeSpeechRequest.builder();
        SynthesizeSpeechRequest synthesizeSpeechRequest = synthesizeSpeechPresignRequest.synthesizeSpeechRequest();
        SynthesizeSpeechRequestMarshaller synthesizeSpeechRequestMarshaller = SynthesizeSpeechRequestMarshaller.getInstance();
        Objects.requireNonNull(synthesizeSpeechRequestMarshaller);
        return ((PresignedSynthesizeSpeechRequest.Builder) presign(builder, synthesizeSpeechPresignRequest, synthesizeSpeechRequest, synthesizeSpeechRequestMarshaller::marshall)).mo245build();
    }

    private <T extends PollyRequest> SdkHttpFullRequest marshallRequest(T t, Function<T, SdkHttpFullRequest.Builder> function) {
        SdkHttpFullRequest.Builder apply = function.apply(t);
        applyOverrideHeadersAndQueryParams(apply, t);
        applyEndpoint(apply);
        return apply.build();
    }

    private <T extends PresignedRequest.Builder, U extends PollyRequest> T presign(T t, PresignRequest presignRequest, U u, Function<U, SdkHttpFullRequest.Builder> function) {
        ExecutionAttributes createExecutionAttributes = createExecutionAttributes(presignRequest, u);
        SdkHttpFullRequest marshallRequest = marshallRequest(u, function);
        Presigner resolvePresigner = resolvePresigner(u);
        initializePresignedRequest(t, createExecutionAttributes, resolvePresigner != null ? presignRequest(resolvePresigner, u, marshallRequest, createExecutionAttributes) : doSraPresign(marshallRequest, selectedAuthScheme(u, createExecutionAttributes), presignRequest.signatureDuration()));
        return t;
    }

    private void initializePresignedRequest(PresignedRequest.Builder builder, ExecutionAttributes executionAttributes, SdkHttpFullRequest sdkHttpFullRequest) {
        Map map = (Map) sdkHttpFullRequest.firstMatchingRawQueryParameters("X-Amz-SignedHeaders").stream().flatMap(str -> {
            return Stream.of((Object[]) str.split(";"));
        }).collect(Collectors.toMap(str2 -> {
            return str2;
        }, str3 -> {
            return (List) sdkHttpFullRequest.firstMatchingHeader(str3).map((v0) -> {
                return Collections.singletonList(v0);
            }).orElseGet(ArrayList::new);
        }));
        builder.expiration((Instant) executionAttributes.getAttribute(AwsSignerExecutionAttribute.PRESIGNER_EXPIRATION)).isBrowserExecutable(Boolean.valueOf(sdkHttpFullRequest.method() == SdkHttpMethod.GET && (map.isEmpty() || (map.size() == 1 && map.containsKey("host"))))).httpRequest(sdkHttpFullRequest).signedHeaders(map);
    }

    private SdkHttpFullRequest presignRequest(Presigner presigner, PollyRequest pollyRequest, SdkHttpFullRequest sdkHttpFullRequest, ExecutionAttributes executionAttributes) {
        SdkHttpFullRequest presign = presigner.presign(sdkHttpFullRequest, executionAttributes);
        Validate.validState(!presign.firstMatchingRawQueryParameters("X-Amz-SignedHeaders").isEmpty(), "Only SigV4 presigners are supported at this time, but the configured presigner (%s) did not seem to generate a SigV4 signature.", new Object[]{presigner});
        return presign;
    }

    private <T extends Identity> SdkHttpFullRequest doSraPresign(SdkHttpFullRequest sdkHttpFullRequest, SelectedAuthScheme<T> selectedAuthScheme, Duration duration) {
        SignRequest.Builder payload = SignRequest.builder((Identity) CompletableFutureUtils.joinLikeSync(selectedAuthScheme.identity())).putProperty(AwsV4FamilyHttpSigner.AUTH_LOCATION, AwsV4FamilyHttpSigner.AuthLocation.QUERY_STRING).putProperty(AwsV4FamilyHttpSigner.EXPIRATION_DURATION, duration).putProperty(HttpSigner.SIGNING_CLOCK, this.signingClock).request(sdkHttpFullRequest).payload((ContentStreamProvider) sdkHttpFullRequest.contentStreamProvider().orElse(null));
        AuthSchemeOption authSchemeOption = selectedAuthScheme.authSchemeOption();
        Objects.requireNonNull(payload);
        authSchemeOption.forEachSignerProperty(payload::putProperty);
        return toSdkHttpFullRequest(selectedAuthScheme.signer().sign((SignRequest) payload.build()));
    }

    private SelectedAuthScheme<AwsCredentialsIdentity> selectedAuthScheme(PollyRequest pollyRequest, ExecutionAttributes executionAttributes) {
        AwsV4AuthScheme create = AwsV4AuthScheme.create();
        AwsCredentialsIdentity resolveCredentials = resolveCredentials(resolveCredentialsProvider(pollyRequest));
        AuthSchemeOption.Builder schemeId = AuthSchemeOption.builder().schemeId(create.schemeId());
        schemeId.putSignerProperty(AwsV4HttpSigner.SERVICE_SIGNING_NAME, "polly");
        schemeId.putSignerProperty(AwsV4HttpSigner.REGION_NAME, ((Region) executionAttributes.getAttribute(AwsExecutionAttribute.AWS_REGION)).id());
        return new SelectedAuthScheme<>(CompletableFuture.completedFuture(resolveCredentials), create.signer(), (AuthSchemeOption) schemeId.build());
    }

    private SdkHttpFullRequest toSdkHttpFullRequest(SignedRequest signedRequest) {
        SdkHttpRequest request = signedRequest.request();
        return SdkHttpFullRequest.builder().contentStreamProvider((ContentStreamProvider) signedRequest.payload().orElse(null)).protocol(request.protocol()).method(request.method()).host(request.host()).port(Integer.valueOf(request.port())).encodedPath(request.encodedPath()).applyMutation(builder -> {
            Objects.requireNonNull(builder);
            request.forEachHeader(builder::putHeader);
        }).applyMutation(builder2 -> {
            Objects.requireNonNull(builder2);
            request.forEachRawQueryParameter(builder2::putRawQueryParameter);
        }).build();
    }

    private ExecutionAttributes createExecutionAttributes(PresignRequest presignRequest, PollyRequest pollyRequest) {
        Instant instant = this.signingClock.instant();
        Clock fixed = Clock.fixed(instant, ZoneOffset.UTC);
        Instant plus = instant.plus((TemporalAmount) presignRequest.signatureDuration());
        AwsCredentialsIdentity resolveCredentials = resolveCredentials(resolveCredentialsProvider(pollyRequest));
        Validate.validState(resolveCredentials != null, "Credential providers must never return null.", new Object[0]);
        return new ExecutionAttributes().putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, CredentialUtils.toCredentials(resolveCredentials)).putAttribute(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME, "polly").putAttribute(AwsSignerExecutionAttribute.SIGNING_CLOCK, fixed).putAttribute(AwsSignerExecutionAttribute.PRESIGNER_EXPIRATION, plus).putAttribute(AwsExecutionAttribute.AWS_REGION, this.region).putAttribute(AwsSignerExecutionAttribute.SIGNING_REGION, this.region).putAttribute(SdkInternalExecutionAttribute.IS_FULL_DUPLEX, false).putAttribute(SdkExecutionAttribute.CLIENT_TYPE, ClientType.SYNC).putAttribute(SdkExecutionAttribute.SERVICE_NAME, "polly").putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, PollyAuthSchemeProvider.defaultProvider()).putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes()).putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, (IdentityProviders) IdentityProviders.builder().putIdentityProvider(credentialsProvider()).build());
    }

    private Map<String, AuthScheme<?>> authSchemes() {
        AwsV4AuthScheme create = AwsV4AuthScheme.create();
        return Collections.singletonMap(create.schemeId(), create);
    }

    private IdentityProvider<? extends AwsCredentialsIdentity> resolveCredentialsProvider(PollyRequest pollyRequest) {
        return (IdentityProvider) pollyRequest.overrideConfiguration().flatMap((v0) -> {
            return v0.credentialsIdentityProvider();
        }).orElse(this.credentialsProvider);
    }

    private AwsCredentialsIdentity resolveCredentials(IdentityProvider<? extends AwsCredentialsIdentity> identityProvider) {
        return (AwsCredentialsIdentity) CompletableFutureUtils.joinLikeSync(identityProvider.resolveIdentity());
    }

    private Presigner resolvePresigner(PollyRequest pollyRequest) {
        Signer signer = (Signer) pollyRequest.overrideConfiguration().flatMap((v0) -> {
            return v0.signer();
        }).orElse(null);
        if (signer == null) {
            return null;
        }
        return (Presigner) Validate.isInstanceOf(Presigner.class, signer, "Signer of type %s given in request override is not a Presigner", new Object[]{signer.getClass().getName()});
    }

    private void applyOverrideHeadersAndQueryParams(SdkHttpFullRequest.Builder builder, PollyRequest pollyRequest) {
        pollyRequest.overrideConfiguration().ifPresent(awsRequestOverrideConfiguration -> {
            Map headers = awsRequestOverrideConfiguration.headers();
            Objects.requireNonNull(builder);
            headers.forEach(builder::putHeader);
            Map rawQueryParameters = awsRequestOverrideConfiguration.rawQueryParameters();
            Objects.requireNonNull(builder);
            rawQueryParameters.forEach(builder::putRawQueryParameter);
        });
    }

    private void applyEndpoint(SdkHttpFullRequest.Builder builder) {
        URI resolveEndpoint = resolveEndpoint();
        builder.protocol(resolveEndpoint.getScheme()).host(resolveEndpoint.getHost()).port(Integer.valueOf(resolveEndpoint.getPort()));
    }

    private URI resolveEndpoint() {
        return this.endpointOverride != null ? this.endpointOverride : new DefaultServiceEndpointBuilder("polly", "https").withRegion(this.region).withProfileFile(this.profileFile).withProfileName(this.profileName).withDualstackEnabled(this.dualstackEnabled).withFipsEnabled(this.fipsEnabled).getServiceEndpoint();
    }
}
