package software.amazon.jdbc.plugin.iam;

import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.logging.Logger;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.CredentialUtils;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
import software.amazon.awssdk.http.SdkHttpFullRequest;
import software.amazon.awssdk.http.SdkHttpMethod;
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.CompletableFutureUtils;
import software.amazon.awssdk.utils.StringUtils;

/* loaded from: input_file:software/amazon/jdbc/plugin/iam/LightRdsUtility.class */
public class LightRdsUtility implements IamTokenUtility {
    private static final Logger LOGGER = Logger.getLogger(LightRdsUtility.class.getName());
    private static final Duration EXPIRATION_DURATION = Duration.ofMinutes(15);

    @Override // software.amazon.jdbc.plugin.iam.IamTokenUtility
    public String generateAuthenticationToken(AwsCredentialsProvider awsCredentialsProvider, Region region, String str, int i, String str2) {
        Clock systemUTC = Clock.systemUTC();
        Aws4Signer create = Aws4Signer.create();
        SdkHttpFullRequest build = SdkHttpFullRequest.builder().method(SdkHttpMethod.GET).protocol("https").host(str).port(Integer.valueOf(i)).encodedPath("/").putRawQueryParameter("DBUser", str2).putRawQueryParameter("Action", "connect").build();
        Instant plus = Instant.now(systemUTC).plus((TemporalAmount) EXPIRATION_DURATION);
        String replacePrefixIgnoreCase = StringUtils.replacePrefixIgnoreCase(create.presign(build, Aws4PresignerParams.builder().signingClockOverride(systemUTC).expirationTime(plus).awsCredentials(CredentialUtils.toCredentials((AwsCredentialsIdentity) CompletableFutureUtils.joinLikeSync(awsCredentialsProvider.resolveIdentity()))).signingName("rds-db").signingRegion(region).build()).getUri().toString(), "https://", "");
        LOGGER.finest(() -> {
            return "Generated RDS authentication token with expiration of " + plus;
        });
        return replacePrefixIgnoreCase;
    }
}
