package com.yahoo.athenz.zts;

import com.yahoo.rdl.Timestamp;
import java.io.Closeable;
import java.io.IOException;
import javax.net.ssl.SSLContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;

/* loaded from: input_file:com/yahoo/athenz/zts/AWSCredentialsProviderImplV2.class */
public class AWSCredentialsProviderImplV2 implements AwsCredentialsProvider, Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(AWSCredentialsProviderImplV2.class);
    private static final String ZTS_CLIENT_PROP_AWS_AUTO_REFRESH_ENABLE = "athenz.zts.client.aws_auto_refresh_enable";
    private static boolean awsAutoRefreshEnable = Boolean.parseBoolean(System.getProperty(ZTS_CLIENT_PROP_AWS_AUTO_REFRESH_ENABLE, "true"));
    private String domainName;
    private String roleName;
    private String externalId;
    private Integer minExpiryTime;
    private Integer maxExpiryTime;
    private ZTSClient ztsClient;
    private Timestamp awsCredsTimestamp;
    private volatile AwsCredentials credentials;
    private boolean closeZTSClient;

    public AWSCredentialsProviderImplV2(ZTSClient zTSClient, String str, String str2) {
        initCredProvider(zTSClient, false, str, str2, null, null, null);
    }

    public AWSCredentialsProviderImplV2(ZTSClient zTSClient, String str, String str2, String str3, Integer num, Integer num2) {
        initCredProvider(zTSClient, false, str, str2, str3, num, num2);
    }

    public AWSCredentialsProviderImplV2(String str, SSLContext sSLContext, String str2, String str3, String str4, Integer num, Integer num2) {
        initCredProvider(new ZTSClient(str, sSLContext), true, str2, str3, str4, num, num2);
    }

    public AWSCredentialsProviderImplV2(String str, SSLContext sSLContext, String str2, String str3, String str4, Integer num, Integer num2, ZTSClientNotificationSender zTSClientNotificationSender) {
        ZTSClient zTSClient = new ZTSClient(str, sSLContext);
        zTSClient.setNotificationSender(zTSClientNotificationSender);
        initCredProvider(zTSClient, true, str2, str3, str4, num, num2);
    }

    public AWSCredentialsProviderImplV2(String str, SSLContext sSLContext, String str2, String str3) {
        initCredProvider(new ZTSClient(str, sSLContext), true, str2, str3, null, null, null);
    }

    private void initCredProvider(ZTSClient zTSClient, boolean z, String str, String str2, String str3, Integer num, Integer num2) {
        this.domainName = str;
        this.roleName = str2;
        this.minExpiryTime = num;
        this.maxExpiryTime = num2;
        this.externalId = str3;
        this.ztsClient = zTSClient;
        this.closeZTSClient = z;
        this.awsCredsTimestamp = null;
        if (awsAutoRefreshEnable) {
            refresh();
        }
    }

    public static void setAwsAutoRefreshEnable(boolean z) {
        awsAutoRefreshEnable = z;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.closeZTSClient) {
            this.ztsClient.close();
        }
    }

    public void refresh() {
        try {
            AWSTemporaryCredentials aWSTemporaryCredentials = this.ztsClient.getAWSTemporaryCredentials(this.domainName, this.roleName, this.externalId, this.minExpiryTime, this.maxExpiryTime);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Refresh: Credentials with id: {} and expiration {} were fetched", aWSTemporaryCredentials.getAccessKeyId(), aWSTemporaryCredentials.getExpiration());
            }
            this.awsCredsTimestamp = aWSTemporaryCredentials.getExpiration();
            this.credentials = AwsSessionCredentials.create(aWSTemporaryCredentials.getAccessKeyId(), aWSTemporaryCredentials.getSecretAccessKey(), aWSTemporaryCredentials.getSessionToken());
        } catch (Exception e) {
            if (this.awsCredsTimestamp != null && this.awsCredsTimestamp.millis() <= System.currentTimeMillis()) {
                this.awsCredsTimestamp = null;
                this.credentials = null;
            }
            LOG.error("Refresh: Failed to get the AWS temporary credentials from ZTS", e);
            if (this.credentials == null) {
                throw e;
            }
        }
    }

    public AwsCredentials resolveCredentials() {
        refresh();
        return this.credentials;
    }
}
