package com.aliyun.auth.credentials.provider;

import com.aliyun.auth.credentials.Credential;
import com.aliyun.auth.credentials.ICredential;
import com.aliyun.auth.credentials.exception.CredentialException;
import com.aliyun.auth.credentials.http.CompatibleUrlConnClient;
import com.aliyun.auth.credentials.http.HttpRequest;
import com.aliyun.auth.credentials.http.HttpResponse;
import com.aliyun.auth.credentials.http.MethodType;
import com.aliyun.auth.credentials.provider.HttpCredentialProvider;
import com.aliyun.auth.credentials.utils.AuthUtils;
import com.aliyun.auth.credentials.utils.ParameterHelper;
import com.aliyun.auth.credentials.utils.RefreshResult;
import com.aliyun.core.http.ProtocolType;
import com.aliyun.core.utils.StringUtils;
import com.aliyun.core.utils.Validate;
import com.aliyun.odps.table.utils.ConfigConstants;
import com.google.gson.Gson;
import io.netty.handler.codec.http2.Http2CodecUtil;
import java.time.Instant;
import java.util.Map;

/* loaded from: input_file:com/aliyun/auth/credentials/provider/RsaKeyPairCredentialProvider.class */
public class RsaKeyPairCredentialProvider extends HttpCredentialProvider {
    private int durationSeconds;
    private String regionId;
    private int connectionTimeout;
    private int readTimeout;
    private Credential credential;
    private final String stsEndpoint;
    private final CompatibleUrlConnClient client;

    /* loaded from: input_file:com/aliyun/auth/credentials/provider/RsaKeyPairCredentialProvider$Builder.class */
    public interface Builder extends HttpCredentialProvider.Builder<RsaKeyPairCredentialProvider, Builder> {
        Builder durationSeconds(Integer num);

        Builder regionId(String str);

        Builder connectionTimeout(Integer num);

        Builder readTimeout(Integer num);

        Builder credential(Credential credential);

        Builder stsEndpoint(String str);

        Builder stsRegionId(String str);

        Builder enableVpc(Boolean bool);

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        RsaKeyPairCredentialProvider build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/aliyun/auth/credentials/provider/RsaKeyPairCredentialProvider$BuilderImpl.class */
    public static final class BuilderImpl extends HttpCredentialProvider.BuilderImpl<RsaKeyPairCredentialProvider, Builder> implements Builder {
        private Integer durationSeconds;
        private String regionId;
        private Integer connectionTimeout;
        private Integer readTimeout;
        private Credential credential;
        private String stsEndpoint;
        private String stsRegionId;
        private Boolean enableVpc;

        private BuilderImpl() {
            this.regionId = "cn-hangzhou";
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder durationSeconds(Integer num) {
            if (!StringUtils.isEmpty(num)) {
                this.durationSeconds = num;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder regionId(String str) {
            if (!StringUtils.isEmpty((CharSequence) str)) {
                this.regionId = str;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder connectionTimeout(Integer num) {
            if (!StringUtils.isEmpty(num)) {
                this.connectionTimeout = num;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder readTimeout(Integer num) {
            if (!StringUtils.isEmpty(num)) {
                this.readTimeout = num;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder credential(Credential credential) {
            this.credential = credential;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder stsEndpoint(String str) {
            this.stsEndpoint = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder stsRegionId(String str) {
            this.stsRegionId = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.RsaKeyPairCredentialProvider.Builder
        public Builder enableVpc(Boolean bool) {
            this.enableVpc = bool;
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        public RsaKeyPairCredentialProvider build() {
            return new RsaKeyPairCredentialProvider(this);
        }
    }

    private RsaKeyPairCredentialProvider(BuilderImpl builderImpl) {
        super(builderImpl);
        this.durationSeconds = builderImpl.durationSeconds == null ? ConfigConstants.DEFAULT_ASYNC_TIMEOUT_IN_SECONDS : builderImpl.durationSeconds.intValue();
        if (this.durationSeconds < 900) {
            throw new IllegalArgumentException("Session duration should be in the range of 900s - max session duration.");
        }
        this.regionId = builderImpl.regionId;
        this.connectionTimeout = builderImpl.connectionTimeout == null ? 5000 : builderImpl.connectionTimeout.intValue();
        this.readTimeout = builderImpl.readTimeout == null ? Http2CodecUtil.DEFAULT_MAX_QUEUED_CONTROL_FRAMES : builderImpl.readTimeout.intValue();
        this.credential = (Credential) Validate.notNull(builderImpl.credential, "Credentials must not be null.", new Object[0]);
        if (StringUtils.isEmpty((CharSequence) builderImpl.stsEndpoint)) {
            String str = builderImpl.enableVpc != null ? builderImpl.enableVpc.booleanValue() ? "sts-vpc" : "sts" : AuthUtils.isEnableVpcEndpoint() ? "sts-vpc" : "sts";
            if (!StringUtils.isEmpty((CharSequence) builderImpl.stsRegionId)) {
                this.stsEndpoint = String.format("%s.%s.aliyuncs.com", str, builderImpl.stsRegionId);
            } else if (StringUtils.isEmpty((CharSequence) AuthUtils.getEnvironmentSTSRegion())) {
                this.stsEndpoint = "sts.ap-northeast-1.aliyuncs.com";
            } else {
                this.stsEndpoint = String.format("%s.%s.aliyuncs.com", str, AuthUtils.getEnvironmentSTSRegion());
            }
        } else {
            this.stsEndpoint = builderImpl.stsEndpoint;
        }
        this.client = new CompatibleUrlConnClient();
        buildRefreshCache();
    }

    public static RsaKeyPairCredentialProvider create(Credential credential) {
        return builder().credential(credential).build();
    }

    public static Builder builder() {
        return new BuilderImpl();
    }

    @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider
    public RefreshResult<ICredential> refreshCredentials() {
        ParameterHelper parameterHelper = new ParameterHelper();
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setUrlParameter("Action", "GenerateSessionAccessKey");
        httpRequest.setUrlParameter("Format", "JSON");
        httpRequest.setUrlParameter("Version", "2015-04-01");
        httpRequest.setUrlParameter("DurationSeconds", String.valueOf(this.durationSeconds));
        httpRequest.setUrlParameter("AccessKeyId", this.credential.accessKeyId());
        httpRequest.setUrlParameter("RegionId", this.regionId);
        httpRequest.setUrlParameter("Signature", parameterHelper.signString(parameterHelper.composeStringToSign(MethodType.GET, httpRequest.getUrlParameters()), this.credential.accessKeySecret() + "&"));
        httpRequest.setSysMethod(MethodType.GET);
        httpRequest.setSysConnectTimeout(Integer.valueOf(this.connectionTimeout));
        httpRequest.setSysReadTimeout(Integer.valueOf(this.readTimeout));
        httpRequest.setSysUrl(parameterHelper.composeUrl(this.stsEndpoint, httpRequest.getUrlParameters(), ProtocolType.HTTPS));
        try {
            HttpResponse syncInvoke = this.client.syncInvoke(httpRequest);
            if (syncInvoke.getResponseCode() != 200) {
                throw new CredentialException(String.format("Error refreshing credentials from RsaKeyPair, HttpCode: %s, result: %s.", Integer.valueOf(syncInvoke.getResponseCode()), syncInvoke.getHttpContentString()));
            }
            Map map = (Map) new Gson().fromJson(syncInvoke.getHttpContentString(), Map.class);
            if (null == map || !map.containsKey("SessionAccessKey")) {
                throw new CredentialException(String.format("Error retrieving credentials from RsaKeyPair result: %s.", syncInvoke.getHttpContentString()));
            }
            Map map2 = (Map) map.get("SessionAccessKey");
            Instant instant = ParameterHelper.getUTCDate((String) map2.get("Expiration")).toInstant();
            return RefreshResult.builder(Credential.builder().accessKeyId((String) map2.get("SessionAccessKeyId")).accessKeySecret((String) map2.get("SessionAccessKeySecret")).build()).staleTime(getStaleTime(instant)).prefetchTime(getPrefetchTime(instant)).build();
        } catch (Exception e) {
            throw new CredentialException("Failed to connect RsaKeyPair Service: " + e);
        }
    }

    @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider, com.aliyun.core.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        super.close();
        this.client.close();
    }
}
