package com.google.scp.shared.aws.util;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Base64;
import java.util.HashMap;
import org.apache.hc.core5.http.EntityDetails;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpRequest;
import org.apache.hc.core5.http.HttpRequestInterceptor;
import org.apache.hc.core5.http.Method;
import org.apache.hc.core5.http.ProtocolException;
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.apache.hc.core5.http.protocol.HttpContext;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant;
import software.amazon.awssdk.regions.Region;

/* loaded from: input_file:com/google/scp/shared/aws/util/AwsAuthTokenInterceptor.class */
public class AwsAuthTokenInterceptor implements HttpRequestInterceptor {
    private final Region awsRegion;
    private final AwsCredentialsProvider credsProvider;
    private final String authEndpoint;

    @Inject
    public AwsAuthTokenInterceptor(Region region, String str, AwsCredentialsProvider awsCredentialsProvider) {
        this.awsRegion = region;
        this.authEndpoint = str;
        this.credsProvider = awsCredentialsProvider;
    }

    @Override // org.apache.hc.core5.http.HttpRequestInterceptor
    public void process(HttpRequest httpRequest, EntityDetails entityDetails, HttpContext httpContext) throws HttpException, IOException {
        AwsCredentials resolveCredentials = this.credsProvider.resolveCredentials();
        try {
            httpRequest.addHeader("x-auth-token", getAuthToken(AwsRequestSigner.makeSignedHttpRequest(ClassicRequestBuilder.create(Method.POST.name()).setUri2(this.authEndpoint).build(), "execute-api", this.awsRegion, resolveCredentials), resolveCredentials));
        } catch (URISyntaxException e) {
            throw new HttpException("Syntax error in URI.", e);
        }
    }

    private static String getAuthToken(HttpRequest httpRequest, AwsCredentials awsCredentials) throws JsonProcessingException, ProtocolException {
        HashMap hashMap = new HashMap();
        hashMap.put("access_key", awsCredentials.accessKeyId());
        hashMap.put("signature", httpRequest.getHeader("Authorization").getValue());
        hashMap.put("amz_date", httpRequest.getHeader(SignerConstant.X_AMZ_DATE).getValue());
        if (awsCredentials instanceof AwsSessionCredentials) {
            hashMap.put("security_token", ((AwsSessionCredentials) awsCredentials).sessionToken());
        }
        return Base64.getEncoder().encodeToString(new ObjectMapper().writeValueAsString(hashMap).getBytes());
    }
}
