package io.trino.plugin.hive.metastore.glue;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.google.inject.Inject;
import com.google.inject.Provider;

/* loaded from: input_file:io/trino/plugin/hive/metastore/glue/GlueCredentialsProvider.class */
public class GlueCredentialsProvider implements Provider<AWSCredentialsProvider> {
    private final AWSCredentialsProvider credentialsProvider;

    @Inject
    public GlueCredentialsProvider(GlueHiveMetastoreConfig glueHiveMetastoreConfig) {
        if (glueHiveMetastoreConfig.getAwsCredentialsProvider().isPresent()) {
            this.credentialsProvider = getCustomAWSCredentialsProvider(glueHiveMetastoreConfig.getAwsCredentialsProvider().get());
            return;
        }
        AWSStaticCredentialsProvider aWSStaticCredentialsProvider = (glueHiveMetastoreConfig.getAwsAccessKey().isPresent() && glueHiveMetastoreConfig.getAwsSecretKey().isPresent()) ? new AWSStaticCredentialsProvider(new BasicAWSCredentials(glueHiveMetastoreConfig.getAwsAccessKey().get(), glueHiveMetastoreConfig.getAwsSecretKey().get())) : DefaultAWSCredentialsProviderChain.getInstance();
        if (glueHiveMetastoreConfig.getIamRole().isPresent()) {
            AWSSecurityTokenServiceClientBuilder withCredentials = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSStaticCredentialsProvider);
            if (glueHiveMetastoreConfig.getGlueStsEndpointUrl().isPresent() && glueHiveMetastoreConfig.getGlueStsRegion().isPresent()) {
                withCredentials.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(glueHiveMetastoreConfig.getGlueStsEndpointUrl().get(), glueHiveMetastoreConfig.getGlueStsRegion().get()));
            } else if (glueHiveMetastoreConfig.getGlueStsRegion().isPresent()) {
                withCredentials.setRegion(glueHiveMetastoreConfig.getGlueStsRegion().get());
            } else if (glueHiveMetastoreConfig.getPinGlueClientToCurrentRegion()) {
                withCredentials.setRegion(AwsCurrentRegionHolder.getCurrentRegionFromEc2Metadata().getName());
            }
            aWSStaticCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(glueHiveMetastoreConfig.getIamRole().get(), "trino-session").withExternalId(glueHiveMetastoreConfig.getExternalId().orElse(null)).withStsClient((AWSSecurityTokenService) withCredentials.build()).build();
        }
        this.credentialsProvider = aWSStaticCredentialsProvider;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public AWSCredentialsProvider m97get() {
        return this.credentialsProvider;
    }

    private static AWSCredentialsProvider getCustomAWSCredentialsProvider(String str) {
        try {
            Object newInstance = Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
            if (newInstance instanceof AWSCredentialsProvider) {
                return (AWSCredentialsProvider) newInstance;
            }
            throw new RuntimeException("Invalid credentials provider class: " + newInstance.getClass().getName());
        } catch (ReflectiveOperationException e) {
            throw new RuntimeException(String.format("Error creating an instance of %s", str), e);
        }
    }
}
