package io.trino.aws.proxy.server;

import com.google.inject.Inject;
import io.airlift.http.server.testing.TestingHttpServer;
import io.trino.aws.proxy.server.testing.TestingCredentialsRolesProvider;
import io.trino.aws.proxy.server.testing.TestingS3RequestRewriteController;
import io.trino.aws.proxy.server.testing.TestingUtil;
import io.trino.aws.proxy.server.testing.containers.S3Container;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTest;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTestCommonModules;
import io.trino.aws.proxy.spi.credentials.Credentials;
import java.net.URI;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.endpoints.Endpoint;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;

@TrinoAwsProxyTest(filters = {TrinoAwsProxyTestCommonModules.WithConfiguredBuckets.class})
/* loaded from: input_file:io/trino/aws/proxy/server/TestProxiedAssumedRoleRequests.class */
public class TestProxiedAssumedRoleRequests extends AbstractTestProxiedRequests {
    private static final String ARN = "arn:aws:iam::123456789012:role/assumed";
    private final TestingCredentialsRolesProvider credentialsController;

    @Inject
    public TestProxiedAssumedRoleRequests(TestingHttpServer testingHttpServer, @TestingUtil.ForTesting Credentials credentials, TestingCredentialsRolesProvider testingCredentialsRolesProvider, @S3Container.ForS3Container S3Client s3Client, TrinoAwsProxyConfig trinoAwsProxyConfig, TestingS3RequestRewriteController testingS3RequestRewriteController) {
        this(buildClient(testingHttpServer, credentials, trinoAwsProxyConfig.getS3Path(), trinoAwsProxyConfig.getStsPath()), testingCredentialsRolesProvider, s3Client, testingS3RequestRewriteController);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TestProxiedAssumedRoleRequests(S3Client s3Client, TestingCredentialsRolesProvider testingCredentialsRolesProvider, S3Client s3Client2, TestingS3RequestRewriteController testingS3RequestRewriteController) {
        super(s3Client, s3Client2, testingS3RequestRewriteController);
        this.credentialsController = (TestingCredentialsRolesProvider) Objects.requireNonNull(testingCredentialsRolesProvider, "credentialsController is null");
    }

    @AfterAll
    public void validateCount() {
        Assertions.assertThat(this.credentialsController.assumedRoleCount()).isGreaterThan(0);
        this.credentialsController.resetAssumedRoles();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static S3Client buildClient(TestingHttpServer testingHttpServer, Credentials credentials, String str, String str2) {
        URI baseUrl = testingHttpServer.getBaseUrl();
        URI resolve = baseUrl.resolve(str);
        URI resolve2 = baseUrl.resolve(str2);
        return (S3Client) S3Client.builder().region(Region.US_EAST_1).credentialsProvider(StsAssumeRoleCredentialsProvider.builder().refreshRequest(builder -> {
            builder.roleArn(ARN).roleSessionName("dummy").externalId("dummy");
        }).stsClient((StsClient) StsClient.builder().region(Region.US_EAST_1).credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(credentials.emulated().accessKey(), credentials.emulated().secretKey()))).endpointProvider(stsEndpointParams -> {
            return CompletableFuture.completedFuture(Endpoint.builder().url(resolve2).build());
        }).build()).asyncCredentialUpdateEnabled(true).build()).endpointOverride(resolve).build();
    }
}
