package com.aliyun.auth.credentials.provider;

import com.aliyun.auth.credentials.Credential;
import com.aliyun.auth.credentials.ICredential;
import com.aliyun.auth.credentials.exception.CredentialException;
import com.aliyun.auth.credentials.http.CompatibleUrlConnClient;
import com.aliyun.auth.credentials.http.FormatType;
import com.aliyun.auth.credentials.http.HttpRequest;
import com.aliyun.auth.credentials.http.HttpResponse;
import com.aliyun.auth.credentials.http.MethodType;
import com.aliyun.auth.credentials.provider.HttpCredentialProvider;
import com.aliyun.auth.credentials.utils.AuthUtils;
import com.aliyun.auth.credentials.utils.ParameterHelper;
import com.aliyun.auth.credentials.utils.RefreshResult;
import com.aliyun.core.http.ProtocolType;
import com.aliyun.core.utils.StringUtils;
import com.aliyun.odps.table.utils.ConfigConstants;
import com.google.gson.Gson;
import io.netty.handler.codec.http2.Http2CodecUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/aliyun/auth/credentials/provider/OIDCRoleArnCredentialProvider.class */
public class OIDCRoleArnCredentialProvider extends HttpCredentialProvider {
    private int durationSeconds;
    private String roleArn;
    private String oidcProviderArn;
    private String oidcTokenFilePath;
    private final String roleSessionName;
    private String policy;
    private int connectionTimeout;
    private int readTimeout;
    private final String stsEndpoint;
    private final CompatibleUrlConnClient client;
    private String protocol;

    /* loaded from: input_file:com/aliyun/auth/credentials/provider/OIDCRoleArnCredentialProvider$Builder.class */
    public interface Builder extends HttpCredentialProvider.Builder<OIDCRoleArnCredentialProvider, Builder> {
        Builder roleSessionName(String str);

        Builder durationSeconds(Integer num);

        Builder roleArn(String str);

        Builder oidcProviderArn(String str);

        Builder oidcTokenFilePath(String str);

        Builder policy(String str);

        Builder connectionTimeout(Integer num);

        Builder readTimeout(Integer num);

        Builder stsEndpoint(String str);

        Builder stsRegionId(String str);

        Builder enableVpc(Boolean bool);

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        OIDCRoleArnCredentialProvider build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/aliyun/auth/credentials/provider/OIDCRoleArnCredentialProvider$BuilderImpl.class */
    public static final class BuilderImpl extends HttpCredentialProvider.BuilderImpl<OIDCRoleArnCredentialProvider, Builder> implements Builder {
        private String roleSessionName;
        private Integer durationSeconds;
        private String roleArn;
        private String oidcProviderArn;
        private String oidcTokenFilePath;
        private String policy;
        private Integer connectionTimeout;
        private Integer readTimeout;
        private String stsEndpoint;
        private String stsRegionId;
        private Boolean enableVpc;

        private BuilderImpl() {
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder roleSessionName(String str) {
            this.roleSessionName = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder durationSeconds(Integer num) {
            this.durationSeconds = num;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder roleArn(String str) {
            this.roleArn = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder oidcProviderArn(String str) {
            this.oidcProviderArn = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder oidcTokenFilePath(String str) {
            this.oidcTokenFilePath = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder policy(String str) {
            this.policy = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder connectionTimeout(Integer num) {
            this.connectionTimeout = num;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder readTimeout(Integer num) {
            this.readTimeout = num;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder stsEndpoint(String str) {
            this.stsEndpoint = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder stsRegionId(String str) {
            this.stsRegionId = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.OIDCRoleArnCredentialProvider.Builder
        public Builder enableVpc(Boolean bool) {
            this.enableVpc = bool;
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        public OIDCRoleArnCredentialProvider build() {
            return new OIDCRoleArnCredentialProvider(this);
        }
    }

    private OIDCRoleArnCredentialProvider(BuilderImpl builderImpl) {
        super(builderImpl);
        this.protocol = ProtocolType.HTTPS;
        this.roleSessionName = builderImpl.roleSessionName == null ? !StringUtils.isEmpty((CharSequence) AuthUtils.getEnvironmentRoleSessionName()) ? AuthUtils.getEnvironmentRoleSessionName() : "aliyun-java-auth-" + System.currentTimeMillis() : builderImpl.roleSessionName;
        this.durationSeconds = builderImpl.durationSeconds == null ? ConfigConstants.DEFAULT_ASYNC_TIMEOUT_IN_SECONDS : builderImpl.durationSeconds.intValue();
        if (this.durationSeconds < 900) {
            throw new IllegalArgumentException("Session duration should be in the range of 900s - max session duration.");
        }
        this.roleArn = builderImpl.roleArn == null ? AuthUtils.getEnvironmentRoleArn() : builderImpl.roleArn;
        if (StringUtils.isEmpty((CharSequence) this.roleArn)) {
            throw new IllegalArgumentException("RoleArn or environment variable ALIBABA_CLOUD_ROLE_ARN cannot be empty.");
        }
        this.oidcProviderArn = builderImpl.oidcProviderArn == null ? AuthUtils.getEnvironmentOIDCProviderArn() : builderImpl.oidcProviderArn;
        if (StringUtils.isEmpty((CharSequence) this.oidcProviderArn)) {
            throw new IllegalArgumentException("OIDCProviderArn or environment variable ALIBABA_CLOUD_OIDC_PROVIDER_ARN cannot be empty.");
        }
        this.oidcTokenFilePath = builderImpl.oidcTokenFilePath == null ? AuthUtils.getEnvironmentOIDCTokenFilePath() : builderImpl.oidcTokenFilePath;
        if (StringUtils.isEmpty((CharSequence) this.oidcTokenFilePath)) {
            throw new IllegalArgumentException("OIDCTokenFilePath or environment variable ALIBABA_CLOUD_OIDC_TOKEN_FILE cannot be empty.");
        }
        this.policy = builderImpl.policy;
        this.connectionTimeout = builderImpl.connectionTimeout == null ? 5000 : builderImpl.connectionTimeout.intValue();
        this.readTimeout = builderImpl.readTimeout == null ? Http2CodecUtil.DEFAULT_MAX_QUEUED_CONTROL_FRAMES : builderImpl.readTimeout.intValue();
        if (StringUtils.isEmpty((CharSequence) builderImpl.stsEndpoint)) {
            String str = builderImpl.enableVpc != null ? builderImpl.enableVpc.booleanValue() ? "sts-vpc" : "sts" : AuthUtils.isEnableVpcEndpoint() ? "sts-vpc" : "sts";
            if (!StringUtils.isEmpty((CharSequence) builderImpl.stsRegionId)) {
                this.stsEndpoint = String.format("%s.%s.aliyuncs.com", str, builderImpl.stsRegionId);
            } else if (StringUtils.isEmpty((CharSequence) AuthUtils.getEnvironmentSTSRegion())) {
                this.stsEndpoint = "sts.aliyuncs.com";
            } else {
                this.stsEndpoint = String.format("%s.%s.aliyuncs.com", str, AuthUtils.getEnvironmentSTSRegion());
            }
        } else {
            this.stsEndpoint = builderImpl.stsEndpoint;
        }
        this.client = new CompatibleUrlConnClient();
        buildRefreshCache();
    }

    public static Builder builder() {
        return new BuilderImpl();
    }

    public String getStsEndpoint() {
        return this.stsEndpoint;
    }

    @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider
    public RefreshResult<ICredential> refreshCredentials() {
        String oIDCToken = AuthUtils.getOIDCToken(this.oidcTokenFilePath);
        ParameterHelper parameterHelper = new ParameterHelper();
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setUrlParameter("Action", "AssumeRoleWithOIDC");
        httpRequest.setUrlParameter("Format", "JSON");
        httpRequest.setUrlParameter("Version", "2015-04-01");
        HashMap hashMap = new HashMap();
        hashMap.put("DurationSeconds", String.valueOf(this.durationSeconds));
        hashMap.put("RoleArn", this.roleArn);
        hashMap.put("OIDCProviderArn", this.oidcProviderArn);
        hashMap.put("OIDCToken", oIDCToken);
        hashMap.put("RoleSessionName", this.roleSessionName);
        hashMap.put("Policy", this.policy);
        try {
            StringBuilder sb = new StringBuilder();
            boolean z = true;
            for (Map.Entry entry : hashMap.entrySet()) {
                if (!StringUtils.isEmpty((CharSequence) entry.getValue())) {
                    if (z) {
                        z = false;
                    } else {
                        sb.append("&");
                    }
                    sb.append(URLEncoder.encode((String) entry.getKey(), "UTF-8"));
                    sb.append("=");
                    sb.append(URLEncoder.encode((String) entry.getValue(), "UTF-8"));
                }
            }
            httpRequest.setHttpContent(sb.toString().getBytes("UTF-8"), "UTF-8", FormatType.FORM);
            httpRequest.setSysMethod(MethodType.POST);
            httpRequest.setSysConnectTimeout(Integer.valueOf(this.connectionTimeout));
            httpRequest.setSysReadTimeout(Integer.valueOf(this.readTimeout));
            httpRequest.setSysUrl(parameterHelper.composeUrl(this.stsEndpoint, httpRequest.getUrlParameters(), this.protocol));
            try {
                HttpResponse syncInvoke = this.client.syncInvoke(httpRequest);
                if (syncInvoke.getResponseCode() != 200) {
                    throw new CredentialException(String.format("Error refreshing credentials from OIDC, HttpCode: %s, result: %s.", Integer.valueOf(syncInvoke.getResponseCode()), syncInvoke.getHttpContentString()));
                }
                Map map = (Map) new Gson().fromJson(syncInvoke.getHttpContentString(), Map.class);
                if (null == map || !map.containsKey("Credentials")) {
                    throw new CredentialException(String.format("Error retrieving credentials from OIDC result: %s.", syncInvoke.getHttpContentString()));
                }
                Map map2 = (Map) map.get("Credentials");
                if (!map2.containsKey("AccessKeyId") || !map2.containsKey("AccessKeySecret") || !map2.containsKey("SecurityToken")) {
                    throw new CredentialException(String.format("Error retrieving credentials from OIDC result: %s.", syncInvoke.getHttpContentString()));
                }
                Instant instant = ParameterHelper.getUTCDate((String) map2.get("Expiration")).toInstant();
                return RefreshResult.builder(Credential.builder().accessKeyId((String) map2.get("AccessKeyId")).accessKeySecret((String) map2.get("AccessKeySecret")).securityToken((String) map2.get("SecurityToken")).build()).staleTime(getStaleTime(instant)).prefetchTime(getPrefetchTime(instant)).build();
            } catch (Exception e) {
                throw new CredentialException("Failed to connect OIDC Service: " + e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new CredentialException(String.format("Error refreshing credentials from OIDC: %s.", e2.getMessage()));
        }
    }

    @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider, com.aliyun.core.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        super.close();
        this.client.close();
    }
}
