package org.apache.hadoop.fs.s3a.auth;

import java.io.Closeable;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.Invoker;
import org.apache.hadoop.fs.s3a.auth.delegation.DelegationConstants;
import org.apache.hadoop.fs.s3a.impl.AWSClientConfig;
import org.apache.hadoop.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.retry.RetryPolicy;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Credentials;
import software.amazon.awssdk.services.sts.model.GetSessionTokenRequest;
import software.amazon.awssdk.thirdparty.org.apache.http.client.utils.URIBuilder;

@InterfaceAudience.Private
@InterfaceStability.Unstable
/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/STSClientFactory.class */
public class STSClientFactory {
    private static final Logger LOG = LoggerFactory.getLogger(STSClientFactory.class);

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/STSClientFactory$STSClient.class */
    public static final class STSClient implements Closeable {
        private final StsClient stsClient;
        private final Invoker invoker;

        private STSClient(StsClient stsClient, Invoker invoker) {
            this.stsClient = stsClient;
            this.invoker = invoker;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.stsClient.close();
        }

        public Credentials requestSessionCredentials(long j, TimeUnit timeUnit) throws IOException {
            int seconds = (int) timeUnit.toSeconds(j);
            STSClientFactory.LOG.debug("Requesting session token of duration {}", Long.valueOf(j));
            GetSessionTokenRequest getSessionTokenRequest = (GetSessionTokenRequest) GetSessionTokenRequest.builder().durationSeconds(Integer.valueOf(seconds)).build();
            return (Credentials) this.invoker.retry("request session credentials", "", true, () -> {
                STSClientFactory.LOG.info("Requesting Amazon STS Session credentials");
                return this.stsClient.getSessionToken(getSessionTokenRequest).credentials();
            });
        }

        public Credentials requestRole(String str, String str2, String str3, long j, TimeUnit timeUnit) throws IOException {
            STSClientFactory.LOG.debug("Requesting role {} with duration {}; policy = {}", new Object[]{str, Long.valueOf(j), str3});
            AssumeRoleRequest.Builder roleSessionName = AssumeRoleRequest.builder().durationSeconds(Integer.valueOf((int) timeUnit.toSeconds(j))).roleArn(str).roleSessionName(str2);
            if (StringUtils.isNotEmpty(str3)) {
                roleSessionName.policy(str3);
            }
            return (Credentials) this.invoker.retry("request role credentials", "", true, () -> {
                return this.stsClient.assumeRole((AssumeRoleRequest) roleSessionName.build()).credentials();
            });
        }
    }

    public static StsClientBuilder builder(Configuration configuration, String str, AwsCredentialsProvider awsCredentialsProvider) throws IOException {
        return builder(awsCredentialsProvider, configuration, configuration.getTrimmed("fs.s3a.assumed.role.sts.endpoint", ""), configuration.getTrimmed("fs.s3a.assumed.role.sts.endpoint.region", ""), str);
    }

    public static StsClientBuilder builder(Configuration configuration, String str, AwsCredentialsProvider awsCredentialsProvider, String str2, String str3) throws IOException {
        return builder(awsCredentialsProvider, configuration, str2, str3, str);
    }

    public static StsClientBuilder builder(AwsCredentialsProvider awsCredentialsProvider, Configuration configuration, String str, String str2, String str3) throws IOException {
        StsClientBuilder builder = StsClient.builder();
        Preconditions.checkArgument(awsCredentialsProvider != null, "No credentials");
        ClientOverrideConfiguration.Builder createClientConfigBuilder = AWSClientConfig.createClientConfigBuilder(configuration, Constants.AWS_SERVICE_IDENTIFIER_STS);
        ApacheHttpClient.Builder createHttpClientBuilder = AWSClientConfig.createHttpClientBuilder(configuration);
        RetryPolicy.Builder createRetryPolicyBuilder = AWSClientConfig.createRetryPolicyBuilder(configuration);
        ProxyConfiguration createProxyConfiguration = AWSClientConfig.createProxyConfiguration(configuration, str3);
        createClientConfigBuilder.retryPolicy(createRetryPolicyBuilder.build());
        createHttpClientBuilder.proxyConfiguration(createProxyConfiguration);
        builder.httpClientBuilder(createHttpClientBuilder).overrideConfiguration((ClientOverrideConfiguration) createClientConfigBuilder.build()).credentialsProvider(awsCredentialsProvider);
        boolean equals = DelegationConstants.STS_STANDARD.equals(str);
        if (!StringUtils.isNotEmpty(str) || equals) {
            Preconditions.checkArgument(StringUtils.isEmpty(str2), "STS signing region set set to %s but no STS endpoint specified", new Object[]{str2});
        } else {
            Preconditions.checkArgument(StringUtils.isNotEmpty(str2), "STS endpoint is set to %s but no signing region was provided", new Object[]{str});
            LOG.debug("STS Endpoint={}; region='{}'", str, str2);
            builder.endpointOverride(getSTSEndpoint(str)).region(Region.of(str2));
        }
        return builder;
    }

    private static URI getSTSEndpoint(String str) {
        try {
            return new URIBuilder().setScheme("https").setHost(str).build();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static STSClient createClientConnection(StsClient stsClient, Invoker invoker) {
        return new STSClient(stsClient, invoker);
    }
}
