package software.amazon.timestream.jdbc;

import com.tsshaded.amazonaws.auth.AWSCredentialsProvider;
import com.tsshaded.amazonaws.auth.AWSStaticCredentialsProvider;
import com.tsshaded.amazonaws.auth.BasicSessionCredentials;
import com.tsshaded.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.tsshaded.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest;
import com.tsshaded.amazonaws.services.securitytoken.model.Credentials;
import com.tsshaded.fasterxml.jackson.databind.ObjectMapper;
import java.sql.SQLException;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tsshaded.apache.http.impl.client.CloseableHttpClient;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:software/amazon/timestream/jdbc/TimestreamSAMLCredentialsProvider.class */
public abstract class TimestreamSAMLCredentialsProvider {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TimestreamSAMLCredentialsProvider.class);
    protected static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    protected final String userName;
    protected final String password;
    protected final String roleARN;
    protected final String idpARN;
    protected final CloseableHttpClient httpClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TimestreamSAMLCredentialsProvider(CloseableHttpClient closeableHttpClient, Map<String, String> map) {
        this.userName = map.get(TimestreamConnectionProperty.IDP_USERNAME.getConnectionProperty());
        this.password = map.get(TimestreamConnectionProperty.IDP_PASSWORD.getConnectionProperty());
        this.roleARN = map.get(TimestreamConnectionProperty.AWS_ROLE_ARN.getConnectionProperty());
        this.idpARN = map.get(TimestreamConnectionProperty.IDP_ARN.getConnectionProperty());
        this.httpClient = closeableHttpClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AWSCredentialsProvider createCredentialsProvider() throws SQLException {
        Credentials createSAMLRequestAndFetchCredentials = createSAMLRequestAndFetchCredentials();
        return new AWSStaticCredentialsProvider(new BasicSessionCredentials(createSAMLRequestAndFetchCredentials.getAccessKeyId(), createSAMLRequestAndFetchCredentials.getSecretAccessKey(), createSAMLRequestAndFetchCredentials.getSessionToken()));
    }

    protected abstract String getSAMLAssertion() throws SQLException;

    protected Credentials fetchCredentialsWithSAMLAssertion(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest) {
        LOGGER.debug("Fetching the AWS credentials with the SAML assertion.");
        return AWSSecurityTokenServiceClientBuilder.defaultClient().assumeRoleWithSAML(assumeRoleWithSAMLRequest).getCredentials();
    }

    private Credentials createSAMLRequestAndFetchCredentials() throws SQLException {
        LOGGER.debug("Constructing an AssumeRoleWithSAMLRequest.");
        return fetchCredentialsWithSAMLAssertion(new AssumeRoleWithSAMLRequest().withRoleArn(this.roleARN).withSAMLAssertion(getSAMLAssertion()).withPrincipalArn(this.idpARN));
    }
}
