package io.trino.plugin.iceberg.catalog.rest;

import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.trino.filesystem.TrinoFileSystem;
import io.trino.filesystem.TrinoFileSystemFactory;
import io.trino.plugin.iceberg.IcebergFileSystemFactory;
import io.trino.spi.security.ConnectorIdentity;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:io/trino/plugin/iceberg/catalog/rest/IcebergRestCatalogFileSystemFactory.class */
public class IcebergRestCatalogFileSystemFactory implements IcebergFileSystemFactory {
    private static final String VENDED_S3_ACCESS_KEY = "s3.access-key-id";
    private static final String VENDED_S3_SECRET_KEY = "s3.secret-access-key";
    private static final String VENDED_S3_SESSION_TOKEN = "s3.session-token";
    private final TrinoFileSystemFactory fileSystemFactory;
    private final boolean vendedCredentialsEnabled;

    @Inject
    public IcebergRestCatalogFileSystemFactory(TrinoFileSystemFactory trinoFileSystemFactory, IcebergRestCatalogConfig icebergRestCatalogConfig) {
        this.fileSystemFactory = (TrinoFileSystemFactory) Objects.requireNonNull(trinoFileSystemFactory, "fileSystemFactory is null");
        this.vendedCredentialsEnabled = icebergRestCatalogConfig.isVendedCredentialsEnabled();
    }

    @Override // io.trino.plugin.iceberg.IcebergFileSystemFactory
    public TrinoFileSystem create(ConnectorIdentity connectorIdentity, Map<String, String> map) {
        if (!this.vendedCredentialsEnabled || !map.containsKey(VENDED_S3_ACCESS_KEY) || !map.containsKey(VENDED_S3_SECRET_KEY) || !map.containsKey(VENDED_S3_SESSION_TOKEN)) {
            return this.fileSystemFactory.create(connectorIdentity);
        }
        return this.fileSystemFactory.create(ConnectorIdentity.forUser(connectorIdentity.getUser()).withGroups(connectorIdentity.getGroups()).withPrincipal(connectorIdentity.getPrincipal()).withEnabledSystemRoles(connectorIdentity.getEnabledSystemRoles()).withConnectorRole(connectorIdentity.getConnectorRole()).withExtraCredentials(ImmutableMap.builder().put("internal$s3_aws_access_key", map.get(VENDED_S3_ACCESS_KEY)).put("internal$s3_aws_secret_key", map.get(VENDED_S3_SECRET_KEY)).put("internal$s3_aws_session_token", map.get(VENDED_S3_SESSION_TOKEN)).buildOrThrow()).build());
    }
}
