package org.talend.bigdata.libs.hadoop.aws.s3;

import com.amazonaws.auth.AWSCredentialsProviderChain;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.AWSSessionCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.PolicyDescriptorType;
import com.amazonaws.services.securitytoken.model.Tag;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.AnonymousAWSCredentialsProvider;
import org.apache.hadoop.fs.s3a.CredentialInitializationException;
import org.apache.hadoop.fs.s3a.S3AFileSystem;
import org.apache.hadoop.security.ProviderUtils;

/* loaded from: input_file:org/talend/bigdata/libs/hadoop/aws/s3/HadoopSTSAssumeRoleSessionCredentialsProvider.class */
public class HadoopSTSAssumeRoleSessionCredentialsProvider implements AWSSessionCredentialsProvider {
    public static final String ASSUME_ROLE_ACCESS_KEY = "talend.fs.s3a.access.key";
    public static final String ASSUME_ROLE_SECRET_KEY = "talend.fs.s3a.secret.key";
    public static final String ASSUME_ROLE_ARN = "talend.fs.s3a.assume.role.arn";
    public static final String ASSUME_ROLE_SESSION_NAME = "talend.fs.s3a.assume.role.session.name";
    public static final String ASSUME_ROLE_SESSION_DURATION = "talend.fs.s3a.assume.role.session.duration";
    public static final String ASSUME_ROLE_EXTERNAL_ID = "talend.fs.s3a.assume.role.external.id";
    public static final String ASSUME_ROLE_POLICY = "talend.fs.s3a.assume.role.policy";
    public static final String ASSUME_ROLE_POLICY_ARNS = "talend.fs.s3a.assume.role.policy_arns";
    public static final String ASSUME_ROLE_SERIAL_NUMBER = "talend.fs.s3a.assume.role.serial_number";
    public static final String ASSUME_ROLE_TAGS = "talend.fs.s3a.assume.role.tags";
    public static final String ASSUME_ROLE_TOKEN_CODE = "talend.fs.s3a.assume.role.token_code";
    public static final String ASSUME_ROLE_TRANSITIVE_TAG_KEYS = "talend.fs.s3a.assume.role.transitive_tag_keys";
    public static final String STS_ENDPOINT = "talend.fs.s3a.sts.endpoint";
    public static final String ASSUME_ROLE_KEY_VALUE_SEPARATOR = "talend.fs.s3a.assume.role.separator.keyvalue";
    public static final String ASSUME_ROLE_ENTRY_SEPARATOR = "talend.fs.s3a.assume.role.separator.entry";
    private String accessKey;
    private String secretKey;
    private String arn;
    private String sessionName;
    private Integer sessionDuration;
    private String externalId;
    private String policy;
    private String policyArnsSerialized;
    private String serialNumber;
    private String tagsSerialized;
    private String tokenCode;
    private String transitiveTagKeysSerialized;
    private String stsEndpoint;
    private S3PropertiesParserService s3PropertiesParserService;
    private AWSSecurityTokenService staticAwsSecurityTokenService;
    private AWSSessionCredentials activeCredentials;
    private IOException lookupIOException;

    public HadoopSTSAssumeRoleSessionCredentialsProvider(URI uri, Configuration configuration) {
        this(configuration);
    }

    public HadoopSTSAssumeRoleSessionCredentialsProvider(Configuration configuration) {
        try {
            Configuration excludeIncompatibleCredentialProviders = ProviderUtils.excludeIncompatibleCredentialProviders(configuration, S3AFileSystem.class);
            this.accessKey = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_ACCESS_KEY);
            this.secretKey = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_SECRET_KEY);
            this.arn = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_ARN);
            this.sessionName = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_SESSION_NAME);
            this.sessionDuration = Integer.valueOf(excludeIncompatibleCredentialProviders.getInt(ASSUME_ROLE_SESSION_DURATION, 900));
            this.externalId = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_EXTERNAL_ID);
            this.policy = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_POLICY);
            this.policyArnsSerialized = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_POLICY_ARNS);
            this.serialNumber = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_SERIAL_NUMBER);
            this.tagsSerialized = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_TAGS);
            this.tokenCode = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_TOKEN_CODE);
            this.transitiveTagKeysSerialized = excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_TRANSITIVE_TAG_KEYS);
            this.stsEndpoint = excludeIncompatibleCredentialProviders.get(STS_ENDPOINT);
            this.s3PropertiesParserService = new S3PropertiesParserService(excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_KEY_VALUE_SEPARATOR), excludeIncompatibleCredentialProviders.get(ASSUME_ROLE_ENTRY_SEPARATOR));
        } catch (IOException e) {
            this.lookupIOException = e;
        }
    }

    /* renamed from: getCredentials, reason: merged with bridge method [inline-methods] */
    public AWSSessionCredentials m0getCredentials() {
        if (this.lookupIOException != null) {
            throw new CredentialInitializationException(this.lookupIOException.toString(), this.lookupIOException);
        }
        if (this.activeCredentials == null) {
            refreshCredentials();
        }
        return this.activeCredentials;
    }

    public void refresh() {
        refreshCredentials();
    }

    private void refreshCredentials() {
        initAwsSecurityTokenService();
        List<PolicyDescriptorType> parsePolicyArns = this.s3PropertiesParserService.parsePolicyArns(this.policyArnsSerialized);
        List<Tag> parseTags = this.s3PropertiesParserService.parseTags(this.tagsSerialized);
        this.activeCredentials = retrieveAssumedRoleAwsSessionCredentials(new AssumeRoleRequest().withRoleArn(this.arn).withRoleSessionName(this.sessionName).withExternalId(this.s3PropertiesParserService.parseSimpleValue(this.externalId)).withDurationSeconds(this.sessionDuration).withPolicy(this.s3PropertiesParserService.parseSimpleValue(this.policy)).withPolicyArns(parsePolicyArns).withSerialNumber(this.s3PropertiesParserService.parseSimpleValue(this.serialNumber)).withTags(parseTags).withTokenCode(this.s3PropertiesParserService.parseSimpleValue(this.tokenCode)).withTransitiveTagKeys(this.s3PropertiesParserService.parseTransitiveTagKeys(this.transitiveTagKeysSerialized)));
    }

    private void initAwsSecurityTokenService() {
        ArrayList arrayList = new ArrayList(3);
        if (!StringUtils.isEmpty(this.accessKey) && !StringUtils.isEmpty(this.secretKey)) {
            arrayList.add(new AWSStaticCredentialsProvider(new BasicAWSCredentials(this.accessKey, this.secretKey)));
        }
        arrayList.add(new DefaultAWSCredentialsProviderChain());
        arrayList.add(new AnonymousAWSCredentialsProvider());
        AWSSecurityTokenServiceClientBuilder withCredentials = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSCredentialsProviderChain(arrayList));
        if (StringUtils.isNotBlank(this.stsEndpoint)) {
            withCredentials = (AWSSecurityTokenServiceClientBuilder) withCredentials.withRegion(this.stsEndpoint);
        }
        this.staticAwsSecurityTokenService = (AWSSecurityTokenService) withCredentials.build();
    }

    private AWSSessionCredentials retrieveAssumedRoleAwsSessionCredentials(AssumeRoleRequest assumeRoleRequest) {
        Credentials credentials = this.staticAwsSecurityTokenService.assumeRole(assumeRoleRequest).getCredentials();
        return new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
    }
}
