package com.aliyun.credentials.provider;

import com.aliyun.credentials.Configuration;
import com.aliyun.credentials.exception.CredentialException;
import com.aliyun.credentials.http.CompatibleUrlConnClient;
import com.aliyun.credentials.http.FormatType;
import com.aliyun.credentials.http.HttpRequest;
import com.aliyun.credentials.http.HttpResponse;
import com.aliyun.credentials.http.MethodType;
import com.aliyun.credentials.models.Config;
import com.aliyun.credentials.models.CredentialModel;
import com.aliyun.credentials.provider.SessionCredentialsProvider;
import com.aliyun.credentials.utils.AuthUtils;
import com.aliyun.credentials.utils.ParameterHelper;
import com.aliyun.credentials.utils.StringUtils;
import com.aliyun.tea.utils.Validate;
import com.google.gson.Gson;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import org.asynchttpclient.uri.Uri;

/* loaded from: input_file:com/aliyun/credentials/provider/OIDCRoleArnCredentialProvider.class */
public class OIDCRoleArnCredentialProvider extends SessionCredentialsProvider {
    public int durationSeconds;
    private String roleArn;
    private String oidcProviderArn;
    private String oidcToken;
    private String oidcTokenFilePath;
    private String roleSessionName;
    private String regionId;
    private String policy;
    private int connectTimeout;
    private int readTimeout;
    private String STSEndpoint;

    /* loaded from: input_file:com/aliyun/credentials/provider/OIDCRoleArnCredentialProvider$Builder.class */
    public interface Builder extends SessionCredentialsProvider.Builder<OIDCRoleArnCredentialProvider, Builder> {
        Builder roleSessionName(String str);

        Builder durationSeconds(int i);

        Builder roleArn(String str);

        Builder oidcProviderArn(String str);

        Builder oidcTokenFilePath(String str);

        Builder regionId(String str);

        Builder policy(String str);

        Builder connectionTimeout(int i);

        Builder readTimeout(int i);

        Builder STSEndpoint(String str);

        @Override // com.aliyun.credentials.provider.SessionCredentialsProvider.Builder
        OIDCRoleArnCredentialProvider build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/aliyun/credentials/provider/OIDCRoleArnCredentialProvider$BuilderImpl.class */
    public static final class BuilderImpl extends SessionCredentialsProvider.BuilderImpl<OIDCRoleArnCredentialProvider, Builder> implements Builder {
        private String roleSessionName;
        private int durationSeconds;
        private String roleArn;
        private String oidcProviderArn;
        private String oidcTokenFilePath;
        private String regionId;
        private String policy;
        private int connectionTimeout;
        private int readTimeout;
        private String STSEndpoint;

        private BuilderImpl() {
            this.roleSessionName = StringUtils.isEmpty(System.getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME")) ? "defaultSessionName" : System.getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME");
            this.durationSeconds = 3600;
            this.roleArn = System.getenv("ALIBABA_CLOUD_ROLE_ARN");
            this.oidcProviderArn = System.getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
            this.oidcTokenFilePath = System.getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
            this.regionId = "cn-hangzhou";
            this.connectionTimeout = 1000;
            this.readTimeout = 1000;
            this.STSEndpoint = "sts.aliyuncs.com";
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder roleSessionName(String str) {
            if (!StringUtils.isEmpty(str)) {
                this.roleSessionName = str;
            }
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder durationSeconds(int i) {
            this.durationSeconds = i;
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder roleArn(String str) {
            if (!StringUtils.isEmpty(str)) {
                this.roleArn = str;
            }
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder oidcProviderArn(String str) {
            if (!StringUtils.isEmpty(str)) {
                this.oidcProviderArn = str;
            }
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder oidcTokenFilePath(String str) {
            if (!StringUtils.isEmpty(str)) {
                this.oidcTokenFilePath = str;
            }
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder regionId(String str) {
            if (!StringUtils.isEmpty(str)) {
                this.regionId = str;
            }
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder policy(String str) {
            this.policy = str;
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder connectionTimeout(int i) {
            this.connectionTimeout = i;
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder readTimeout(int i) {
            this.readTimeout = i;
            return this;
        }

        @Override // com.aliyun.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder STSEndpoint(String str) {
            this.STSEndpoint = str;
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.credentials.provider.SessionCredentialsProvider.Builder
        public OIDCRoleArnCredentialProvider build() {
            return new OIDCRoleArnCredentialProvider(this);
        }
    }

    @Deprecated
    public OIDCRoleArnCredentialProvider(Configuration configuration) {
        this(configuration.getRoleArn(), configuration.getOIDCProviderArn(), configuration.getOIDCTokenFilePath());
        this.roleSessionName = configuration.getRoleSessionName();
        this.connectTimeout = configuration.getConnectTimeout();
        this.readTimeout = configuration.getReadTimeout();
        if (StringUtils.isEmpty(configuration.getSTSEndpoint())) {
            return;
        }
        this.STSEndpoint = configuration.getSTSEndpoint();
    }

    @Deprecated
    public OIDCRoleArnCredentialProvider(Config config) {
        this(config.roleArn, config.oidcProviderArn, config.oidcTokenFilePath);
        this.roleSessionName = config.roleSessionName;
        this.connectTimeout = config.connectTimeout;
        this.readTimeout = config.timeout;
        this.policy = config.policy;
        this.durationSeconds = config.roleSessionExpiration.intValue();
        if (StringUtils.isEmpty(config.STSEndpoint)) {
            return;
        }
        this.STSEndpoint = config.STSEndpoint;
    }

    @Deprecated
    public OIDCRoleArnCredentialProvider(String str, String str2, String str3) {
        super(new BuilderImpl());
        this.durationSeconds = 3600;
        this.roleSessionName = "defaultSessionName";
        this.regionId = "cn-hangzhou";
        this.connectTimeout = 1000;
        this.readTimeout = 1000;
        this.STSEndpoint = "sts.aliyuncs.com";
        if (!StringUtils.isEmpty(str)) {
            this.roleArn = str;
        } else {
            if (StringUtils.isEmpty(System.getenv("ALIBABA_CLOUD_ROLE_ARN"))) {
                throw new CredentialException("roleArn does not exist and env ALIBABA_CLOUD_ROLE_ARN is null.");
            }
            this.roleArn = System.getenv("ALIBABA_CLOUD_ROLE_ARN");
        }
        if (!StringUtils.isEmpty(str2)) {
            this.oidcProviderArn = str2;
        } else {
            if (StringUtils.isEmpty(System.getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"))) {
                throw new CredentialException("OIDCProviderArn does not exist and env ALIBABA_CLOUD_OIDC_PROVIDER_ARN is null.");
            }
            this.oidcProviderArn = System.getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
        }
        if (!StringUtils.isEmpty(str3)) {
            this.oidcTokenFilePath = str3;
        } else {
            if (StringUtils.isEmpty(System.getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE"))) {
                throw new CredentialException("OIDCTokenFilePath does not exist and env ALIBABA_CLOUD_OIDC_TOKEN_FILE is null.");
            }
            this.oidcTokenFilePath = System.getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
        }
        if (StringUtils.isEmpty(System.getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME"))) {
            return;
        }
        this.roleSessionName = System.getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME");
    }

    @Deprecated
    public OIDCRoleArnCredentialProvider(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        this(str3, str4, str5, str6, str7, str8);
    }

    @Deprecated
    public OIDCRoleArnCredentialProvider(String str, String str2, String str3, String str4, String str5, String str6) {
        this(str2, str3, str4);
        this.roleSessionName = str;
        this.regionId = str5;
        this.policy = str6;
    }

    private OIDCRoleArnCredentialProvider(BuilderImpl builderImpl) {
        super(builderImpl);
        this.durationSeconds = 3600;
        this.roleSessionName = "defaultSessionName";
        this.regionId = "cn-hangzhou";
        this.connectTimeout = 1000;
        this.readTimeout = 1000;
        this.STSEndpoint = "sts.aliyuncs.com";
        this.roleSessionName = builderImpl.roleSessionName;
        this.durationSeconds = builderImpl.durationSeconds;
        this.roleArn = (String) Validate.notNull(builderImpl.roleArn, "RoleArn or environment variable ALIBABA_CLOUD_ROLE_ARN cannot be null.", new Object[0]);
        this.oidcProviderArn = (String) Validate.notNull(builderImpl.oidcProviderArn, "OIDCProviderArn or environment variable ALIBABA_CLOUD_OIDC_PROVIDER_ARN cannot be null.", new Object[0]);
        this.oidcTokenFilePath = (String) Validate.notNull(builderImpl.oidcTokenFilePath, "OIDCTokenFilePath or environment variable ALIBABA_CLOUD_OIDC_TOKEN_FILE cannot be null.", new Object[0]);
        this.regionId = builderImpl.regionId;
        this.policy = builderImpl.policy;
        this.connectTimeout = builderImpl.connectionTimeout;
        this.readTimeout = builderImpl.readTimeout;
        this.STSEndpoint = builderImpl.STSEndpoint;
    }

    public static Builder builder() {
        return new BuilderImpl();
    }

    @Override // com.aliyun.credentials.provider.SessionCredentialsProvider
    public RefreshResult<CredentialModel> refreshCredentials() {
        return createCredential(new CompatibleUrlConnClient());
    }

    public RefreshResult<CredentialModel> createCredential(CompatibleUrlConnClient compatibleUrlConnClient) {
        try {
            try {
                RefreshResult<CredentialModel> newSessionCredentials = getNewSessionCredentials(compatibleUrlConnClient);
                compatibleUrlConnClient.close();
                return newSessionCredentials;
            } catch (UnsupportedEncodingException e) {
                throw new CredentialException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            compatibleUrlConnClient.close();
            throw th;
        }
    }

    public RefreshResult<CredentialModel> getNewSessionCredentials(CompatibleUrlConnClient compatibleUrlConnClient) throws UnsupportedEncodingException {
        this.oidcToken = AuthUtils.getOIDCToken(this.oidcTokenFilePath);
        ParameterHelper parameterHelper = new ParameterHelper();
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setUrlParameter("Action", "AssumeRoleWithOIDC");
        httpRequest.setUrlParameter("Format", "JSON");
        httpRequest.setUrlParameter("Version", "2015-04-01");
        HashMap hashMap = new HashMap();
        hashMap.put("DurationSeconds", String.valueOf(this.durationSeconds));
        hashMap.put("RoleArn", this.roleArn);
        hashMap.put("OIDCProviderArn", this.oidcProviderArn);
        hashMap.put("OIDCToken", this.oidcToken);
        hashMap.put("RoleSessionName", this.roleSessionName);
        hashMap.put("Policy", this.policy);
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (Map.Entry entry : hashMap.entrySet()) {
            if (!StringUtils.isEmpty((CharSequence) entry.getValue())) {
                if (z) {
                    z = false;
                } else {
                    sb.append("&");
                }
                sb.append(URLEncoder.encode((String) entry.getKey(), "UTF-8"));
                sb.append("=");
                sb.append(URLEncoder.encode((String) entry.getValue(), "UTF-8"));
            }
        }
        httpRequest.setHttpContent(sb.toString().getBytes("UTF-8"), "UTF-8", FormatType.FORM);
        httpRequest.setSysMethod(MethodType.POST);
        httpRequest.setSysConnectTimeout(Integer.valueOf(this.connectTimeout));
        httpRequest.setSysReadTimeout(Integer.valueOf(this.readTimeout));
        httpRequest.setSysUrl(parameterHelper.composeUrl(this.STSEndpoint, httpRequest.getUrlParameters(), Uri.HTTPS));
        try {
            HttpResponse syncInvoke = compatibleUrlConnClient.syncInvoke(httpRequest);
            if (syncInvoke.getResponseCode() != 200) {
                throw new CredentialException(String.format("Error refreshing credentials from OIDC, HttpCode: %s, result: %s.", Integer.valueOf(syncInvoke.getResponseCode()), syncInvoke.getHttpContentString()));
            }
            Map map = (Map) new Gson().fromJson(syncInvoke.getHttpContentString(), Map.class);
            if (null == map || !map.containsKey("Credentials")) {
                throw new CredentialException(String.format("Error retrieving credentials from OIDC result: %s.", syncInvoke.getHttpContentString()));
            }
            Map map2 = (Map) map.get("Credentials");
            long time = ParameterHelper.getUTCDate((String) map2.get("Expiration")).getTime();
            return RefreshResult.builder(CredentialModel.builder().accessKeyId((String) map2.get("AccessKeyId")).accessKeySecret((String) map2.get("AccessKeySecret")).securityToken((String) map2.get("SecurityToken")).type("oidc_role_arn").expiration(time).build()).staleTime(getStaleTime(time)).build();
        } catch (Exception e) {
            throw new CredentialException("Failed to connect OIDC Service: " + e);
        }
    }

    public int getDurationSeconds() {
        return this.durationSeconds;
    }

    public void setDurationSeconds(int i) {
        this.durationSeconds = i;
    }

    public String getRoleArn() {
        return this.roleArn;
    }

    public String getOIDCProviderArn() {
        return this.oidcProviderArn;
    }

    public String getOIDCToken() {
        return this.oidcToken;
    }

    public String getOIDCTokenFilePath() {
        return this.oidcTokenFilePath;
    }

    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    public void setRoleSessionName(String str) {
        this.roleSessionName = str;
    }

    public String getRegionId() {
        return this.regionId;
    }

    public void setRegionId(String str) {
        this.regionId = str;
    }

    public String getPolicy() {
        return this.policy;
    }

    public void setPolicy(String str) {
        this.policy = str;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    public int getReadTimeout() {
        return this.readTimeout;
    }

    public void setReadTimeout(int i) {
        this.readTimeout = i;
    }

    public String getSTSEndpoint() {
        return this.STSEndpoint;
    }

    public void setSTSEndpoint(String str) {
        this.STSEndpoint = str;
    }
}
