package org.apache.hadoop.fs.s3a.auth;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.net.URI;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.Invoker;
import org.apache.hadoop.fs.s3a.S3AFileSystem;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.fs.s3a.auth.MarshalledCredentials;
import org.apache.hadoop.security.ProviderUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/MarshalledCredentialBinding.class */
public final class MarshalledCredentialBinding {
    private static final Logger LOG = LoggerFactory.getLogger(MarshalledCredentialBinding.class);

    @VisibleForTesting
    public static final String NO_AWS_CREDENTIALS = "No AWS credentials";

    private MarshalledCredentialBinding() {
    }

    public static MarshalledCredentials fromSTSCredentials(Credentials credentials) {
        MarshalledCredentials marshalledCredentials = new MarshalledCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
        Date expiration = credentials.getExpiration();
        marshalledCredentials.setExpiration(expiration != null ? expiration.getTime() : 0L);
        return marshalledCredentials;
    }

    public static MarshalledCredentials fromAWSCredentials(AWSSessionCredentials aWSSessionCredentials) {
        return new MarshalledCredentials(aWSSessionCredentials.getAWSAccessKeyId(), aWSSessionCredentials.getAWSSecretKey(), aWSSessionCredentials.getSessionToken());
    }

    public static MarshalledCredentials fromEnvironment(Map<String, String> map) {
        return new MarshalledCredentials(nullToEmptyString(map.get("AWS_ACCESS_KEY")), nullToEmptyString(map.get("AWS_SECRET_KEY")), nullToEmptyString(map.get("AWS_SESSION_TOKEN")));
    }

    private static String nullToEmptyString(String str) {
        return str == null ? "" : str;
    }

    public static MarshalledCredentials fromFileSystem(URI uri, Configuration configuration) throws IOException {
        String host = uri != null ? uri.getHost() : "";
        Configuration excludeIncompatibleCredentialProviders = ProviderUtils.excludeIncompatibleCredentialProviders(configuration, S3AFileSystem.class);
        return new MarshalledCredentials(S3AUtils.lookupPassword(host, excludeIncompatibleCredentialProviders, Constants.ACCESS_KEY), S3AUtils.lookupPassword(host, excludeIncompatibleCredentialProviders, Constants.SECRET_KEY), S3AUtils.lookupPassword(host, excludeIncompatibleCredentialProviders, Constants.SESSION_TOKEN));
    }

    public static AWSCredentials toAWSCredentials(MarshalledCredentials marshalledCredentials, MarshalledCredentials.CredentialTypeRequired credentialTypeRequired, String str) throws NoAuthWithAWSException, NoAwsCredentialsException {
        if (marshalledCredentials.isEmpty()) {
            throw new NoAwsCredentialsException(str, NO_AWS_CREDENTIALS);
        }
        if (!marshalledCredentials.isValid(credentialTypeRequired)) {
            throw new NoAuthWithAWSException(str + ":" + marshalledCredentials.buildInvalidCredentialsError(credentialTypeRequired));
        }
        String accessKey = marshalledCredentials.getAccessKey();
        String secretKey = marshalledCredentials.getSecretKey();
        return marshalledCredentials.hasSessionToken() ? new BasicSessionCredentials(accessKey, secretKey, marshalledCredentials.getSessionToken()) : new BasicAWSCredentials(accessKey, secretKey);
    }

    public static MarshalledCredentials requestSessionCredentials(AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration, String str, String str2, int i, Invoker invoker) throws IOException {
        try {
            return fromSTSCredentials(STSClientFactory.createClientConnection((AWSSecurityTokenService) STSClientFactory.builder(aWSCredentialsProvider, clientConfiguration, str.isEmpty() ? null : str, str2).build(), invoker).requestSessionCredentials(i, TimeUnit.SECONDS));
        } catch (SdkClientException e) {
            if (str2.isEmpty()) {
                LOG.error("Region must be provided when requesting session credentials.", e);
            }
            throw e;
        }
    }
}
