package com.simba.athena.iamsupport.plugin;

import com.simba.athena.amazonaws.ClientConfiguration;
import com.simba.athena.amazonaws.SdkClientException;
import com.simba.athena.amazonaws.auth.AWSStaticCredentialsProvider;
import com.simba.athena.amazonaws.auth.AnonymousAWSCredentials;
import com.simba.athena.amazonaws.auth.BasicSessionCredentials;
import com.simba.athena.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.simba.athena.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.simba.athena.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException;
import com.simba.athena.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.simba.athena.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityResult;
import com.simba.athena.amazonaws.services.securitytoken.model.Credentials;
import com.simba.athena.iamsupport.IPlugin;
import com.simba.athena.iamsupport.IamSupport;
import com.simba.athena.iamsupport.logger.IamCustomLogFactory;
import com.simba.athena.iamsupport.model.CredentialsHolder;
import com.simba.athena.iamsupport.plugin.utils.LogUtils;
import com.simba.athena.support.LogUtilities;
import java.io.IOException;
import java.net.URL;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/simba/athena/iamsupport/plugin/JwtCredentialsProvider.class */
public class JwtCredentialsProvider implements IPlugin {
    private static final String ROLE_ARN_KEY = "role_arn";
    private static final String ROLE_SESSION_NAME_KEY = "role_session_name";
    private static final String WEB_IDENTITY_TOKEN = "web_identity_token";
    private static final String DURATION = "duration";
    private static final String LOG_PROPERTIES_FILE_NAME = "log-factory.properties";
    private static final String LOG_PROPERTIES_FILE_PATH = "META-INF/services/org.apache.commons.logging.LogFactory";
    private String m_roleArn;
    private String m_webIdentityToken;
    private Integer m_duration;
    protected String m_preferredRole;
    protected String m_proxyHost;
    protected int m_proxyPort;
    protected String m_proxyUid;
    protected String m_proxyPwd;
    protected String m_proxyDomain;
    protected String m_proxyWorkstation;
    protected String m_region;
    protected String m_nonProxyHosts;
    protected String m_userAgent;
    private static final Class<?> CUSTOM_LOG_FACTORY_CLASS = IamCustomLogFactory.class;
    private static final ClassLoader CONTEXT_CLASS_LOADER = new ClassLoader(JwtCredentialsProvider.class.getClassLoader()) { // from class: com.simba.athena.iamsupport.plugin.JwtCredentialsProvider.1
        @Override // java.lang.ClassLoader
        public Class<?> loadClass(String str) throws ClassNotFoundException {
            Class<?> loadClass = getParent().loadClass(str);
            return LogFactory.class.isAssignableFrom(loadClass) ? JwtCredentialsProvider.CUSTOM_LOG_FACTORY_CLASS : loadClass;
        }

        @Override // java.lang.ClassLoader
        public Enumeration<URL> getResources(String str) throws IOException {
            return LogFactory.FACTORY_PROPERTIES.equals(str) ? Collections.enumeration(Collections.emptyList()) : super.getResources(str);
        }

        @Override // java.lang.ClassLoader
        public URL getResource(String str) {
            return JwtCredentialsProvider.LOG_PROPERTIES_FILE_PATH.equals(str) ? JwtCredentialsProvider.class.getResource(JwtCredentialsProvider.LOG_PROPERTIES_FILE_NAME) : super.getResource(str);
        }
    };
    private static Map<String, CredentialsHolder> m_cache = new HashMap();

    /* renamed from: getCredentials, reason: merged with bridge method [inline-methods] */
    public CredentialsHolder m2309getCredentials() {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        String cacheKey = getCacheKey();
        CredentialsHolder credentialsHolder = m_cache.get(cacheKey);
        if (credentialsHolder == null || credentialsHolder.isExpired()) {
            refresh();
        }
        CredentialsHolder credentialsHolder2 = m_cache.get(cacheKey);
        if (credentialsHolder2 == null) {
            throw new SdkClientException("Unable to load AWS credentials.");
        }
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return credentialsHolder2;
    }

    public void refresh() {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        Thread.currentThread().setContextClassLoader(CONTEXT_CLASS_LOADER);
        try {
            m_cache.put(getCacheKey(), fetchCredentials());
            currentThread.setContextClassLoader(contextClassLoader);
            LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        } catch (AWSSecurityTokenServiceException e) {
            throw new SdkClientException("failed to fetch AWS Credentials. Details:" + e.getErrorMessage());
        }
    }

    @Override // com.simba.athena.iamsupport.IPlugin
    public void addParameter(String str, String str2) {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        if ("role_arn".equalsIgnoreCase(str)) {
            this.m_roleArn = str2;
        }
        if ("role_session_name".equalsIgnoreCase(str)) {
            this.m_preferredRole = str2;
        }
        if (WEB_IDENTITY_TOKEN.equalsIgnoreCase(str)) {
            this.m_webIdentityToken = str2;
        }
        if (DURATION.equalsIgnoreCase(str)) {
            this.m_duration = Integer.valueOf(str2);
        }
        if ("ProxyHost".equalsIgnoreCase(str)) {
            this.m_proxyHost = str2;
        }
        if ("ProxyPort".equalsIgnoreCase(str)) {
            this.m_proxyPort = Integer.parseInt(str2);
        }
        if (IamSupport.PROXY_UID.equalsIgnoreCase(str)) {
            this.m_proxyUid = str2;
        }
        if (IamSupport.PROXY_PWD.equalsIgnoreCase(str)) {
            this.m_proxyPwd = str2;
        }
        if (IamSupport.PROXY_DOMAIN.equalsIgnoreCase(str)) {
            this.m_proxyDomain = str2;
        } else if (IamSupport.PROXY_WORKSTATION.equalsIgnoreCase(str)) {
            this.m_proxyWorkstation = str2;
        } else if (IamSupport.AWS_REGION.equalsIgnoreCase(str) || IamSupport.AWS_REGION_ALT.equalsIgnoreCase(str)) {
            this.m_region = str2;
        }
        if ("UserAgent".equalsIgnoreCase(str)) {
            this.m_userAgent = str2;
        }
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public CredentialsHolder fetchCredentials() throws AWSSecurityTokenServiceException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        AWSStaticCredentialsProvider aWSStaticCredentialsProvider = new AWSStaticCredentialsProvider(new AnonymousAWSCredentials());
        AWSSecurityTokenServiceClientBuilder standard = AWSSecurityTokenServiceClientBuilder.standard();
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setProxyHost(this.m_proxyHost);
        clientConfiguration.setProxyPort(this.m_proxyPort);
        clientConfiguration.setProxyUsername(this.m_proxyUid);
        clientConfiguration.setProxyPassword(this.m_proxyPwd);
        clientConfiguration.setProxyDomain(this.m_proxyDomain);
        clientConfiguration.setProxyWorkstation(this.m_proxyWorkstation);
        clientConfiguration.setUserAgent(this.m_userAgent);
        standard.setClientConfiguration(clientConfiguration);
        standard.setRegion(this.m_region);
        AWSSecurityTokenService build = ((AWSSecurityTokenServiceClientBuilder) standard.withCredentials(aWSStaticCredentialsProvider)).build();
        AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
        if (null == this.m_webIdentityToken || this.m_webIdentityToken.isEmpty()) {
            throw new SdkClientException("failed to fetch AWS Credentials. Details: Missing web_identity_token parameter.");
        }
        if (null == this.m_roleArn || this.m_roleArn.isEmpty()) {
            throw new SdkClientException("failed to fetch AWS Credentials. Details: Missing role_arn parameter.");
        }
        if (null == this.m_preferredRole || this.m_preferredRole.isEmpty()) {
            throw new SdkClientException("failed to fetch AWS Credentials. Details: Missing  parameter role_session_name.");
        }
        assumeRoleWithWebIdentityRequest.setWebIdentityToken(this.m_webIdentityToken);
        assumeRoleWithWebIdentityRequest.setRoleArn(this.m_roleArn);
        assumeRoleWithWebIdentityRequest.setRoleSessionName(this.m_preferredRole);
        if (null != this.m_duration && 3600 <= this.m_duration.intValue()) {
            assumeRoleWithWebIdentityRequest.setDurationSeconds(this.m_duration);
        }
        AssumeRoleWithWebIdentityResult assumeRoleWithWebIdentity = build.assumeRoleWithWebIdentity(assumeRoleWithWebIdentityRequest);
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return buildAWSCredentialHolder(assumeRoleWithWebIdentity.getCredentials());
    }

    private String getCacheKey() {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return this.m_webIdentityToken;
    }

    private CredentialsHolder buildAWSCredentialHolder(Credentials credentials) {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        CredentialsHolder newInstance = CredentialsHolder.newInstance(new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()), new Date());
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return newInstance;
    }
}
