package org.apache.hadoop.fs.s3a;

import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;
import java.io.IOException;
import java.net.URI;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.contract.ContractTestUtils;
import org.apache.hadoop.fs.s3native.S3xLoginHelper;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:test-classes/org/apache/hadoop/fs/s3a/ITestS3ATemporaryCredentials.class */
public class ITestS3ATemporaryCredentials extends AbstractS3ATestBase {
    private static final Logger LOG = LoggerFactory.getLogger(ITestS3ATemporaryCredentials.class);
    private static final String PROVIDER_CLASS = "org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider";
    private static final long TEST_FILE_SIZE = 1024;

    @Test
    public void testSTS() throws IOException {
        Configuration conf = getContract().getConf();
        if (!conf.getBoolean(S3ATestConstants.TEST_STS_ENABLED, true)) {
            ContractTestUtils.skip("STS functional tests disabled");
        }
        S3xLoginHelper.Login aWSAccessKeys = S3AUtils.getAWSAccessKeys(URI.create("s3a://foobar"), conf);
        if (!aWSAccessKeys.hasLogin()) {
            ContractTestUtils.skip("testSTS disabled because AWS credentials not configured");
        }
        BasicAWSCredentialsProvider basicAWSCredentialsProvider = new BasicAWSCredentialsProvider(aWSAccessKeys.getUser(), aWSAccessKeys.getPassword());
        String trimmed = conf.getTrimmed(S3ATestConstants.TEST_STS_ENDPOINT, Constants.DEFAULT_CANNED_ACL);
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(basicAWSCredentialsProvider);
        if (!trimmed.isEmpty()) {
            LOG.debug("STS Endpoint ={}", trimmed);
            aWSSecurityTokenServiceClient.setEndpoint(trimmed);
        }
        GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest();
        getSessionTokenRequest.setDurationSeconds(900);
        Credentials credentials = aWSSecurityTokenServiceClient.getSessionToken(getSessionTokenRequest).getCredentials();
        conf.set(Constants.ACCESS_KEY, credentials.getAccessKeyId());
        conf.set(Constants.SECRET_KEY, credentials.getSecretAccessKey());
        String sessionToken = credentials.getSessionToken();
        conf.set(Constants.SESSION_TOKEN, sessionToken);
        conf.set(Constants.AWS_CREDENTIALS_PROVIDER, "org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider");
        S3AFileSystem createTestFileSystem = S3ATestUtils.createTestFileSystem(conf);
        Throwable th = null;
        try {
            try {
                ContractTestUtils.createAndVerifyFile(createTestFileSystem, path("testSTS"), TEST_FILE_SIZE);
                if (createTestFileSystem != null) {
                    if (0 != 0) {
                        try {
                            createTestFileSystem.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createTestFileSystem.close();
                    }
                }
                conf.set(Constants.SESSION_TOKEN, "invalid-" + sessionToken);
                try {
                    S3AFileSystem createTestFileSystem2 = S3ATestUtils.createTestFileSystem(conf);
                    Throwable th3 = null;
                    try {
                        try {
                            ContractTestUtils.createAndVerifyFile(createTestFileSystem2, path("testSTSInvalidToken"), TEST_FILE_SIZE);
                            fail("Expected an access exception, but file access to " + createTestFileSystem2.getUri() + " was allowed: " + createTestFileSystem2);
                            if (createTestFileSystem2 != null) {
                                if (0 != 0) {
                                    try {
                                        createTestFileSystem2.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    createTestFileSystem2.close();
                                }
                            }
                        } catch (Throwable th5) {
                            th3 = th5;
                            throw th5;
                        }
                    } finally {
                    }
                } catch (AWSS3IOException e) {
                    LOG.info("Expected Exception: {}", e.toString());
                    LOG.debug("Expected Exception: {}", e, e);
                }
            } catch (Throwable th6) {
                th = th6;
                throw th6;
            }
        } catch (Throwable th7) {
            if (createTestFileSystem != null) {
                if (th != null) {
                    try {
                        createTestFileSystem.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    createTestFileSystem.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testTemporaryCredentialValidation() throws Throwable {
        Configuration configuration = new Configuration();
        configuration.set(Constants.ACCESS_KEY, "accesskey");
        configuration.set(Constants.SECRET_KEY, "secretkey");
        configuration.set(Constants.SESSION_TOKEN, Constants.DEFAULT_CANNED_ACL);
        try {
            fail("Expected a CredentialInitializationException, got " + new TemporaryAWSCredentialsProvider(configuration).getCredentials());
        } catch (CredentialInitializationException e) {
        }
    }
}
