package in.neuw.aws.rolesanywhere.credentials;

import com.fasterxml.jackson.databind.ObjectMapper;
import in.neuw.aws.rolesanywhere.credentials.RolesAnywhereCredentialsProvider;
import in.neuw.aws.rolesanywhere.credentials.models.AwsRolesAnyWhereRequesterDetails;
import in.neuw.aws.rolesanywhere.credentials.models.AwsRolesAnywhereSessionsRequest;
import in.neuw.aws.rolesanywhere.credentials.models.AwsRolesAnywhereSessionsResponse;
import in.neuw.aws.rolesanywhere.credentials.models.CredentialSet;
import in.neuw.aws.rolesanywhere.credentials.models.X509CertificateChain;
import in.neuw.aws.rolesanywhere.props.AwsRolesAnywhereProperties;
import in.neuw.aws.rolesanywhere.utils.AwsX509SigningHelper;
import in.neuw.aws.rolesanywhere.utils.CertAndKeyParserAndLoader;
import java.security.PrivateKey;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.function.Consumer;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.annotations.NotThreadSafe;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;

/* loaded from: input_file:in/neuw/aws/rolesanywhere/credentials/IAMRolesAnywhereSessionsCredentialsProvider.class */
public class IAMRolesAnywhereSessionsCredentialsProvider extends RolesAnywhereCredentialsProvider implements ToCopyableBuilder<Builder, IAMRolesAnywhereSessionsCredentialsProvider> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(IAMRolesAnywhereSessionsCredentialsProvider.class);
    private ObjectMapper objectMapper;
    private AwsRolesAnywhereSessionsRequest awsRolesAnywhereSessionsRequest;
    private AwsRolesAnyWhereRequesterDetails requesterDetails;

    @NotThreadSafe
    /* loaded from: input_file:in/neuw/aws/rolesanywhere/credentials/IAMRolesAnywhereSessionsCredentialsProvider$Builder.class */
    public static final class Builder extends RolesAnywhereCredentialsProvider.BaseBuilder<Builder, IAMRolesAnywhereSessionsCredentialsProvider> {
        private AwsRolesAnywhereSessionsRequest awsRolesAnywhereSessionsRequest;
        private AwsRolesAnywhereProperties awsRolesAnywhereProperties;
        private ObjectMapper objectMapper;
        private String roleArn;
        private String profileArn;
        private String trustAnchorArn;
        private String region;
        private Integer durationSeconds;
        private String roleSessionName;
        private String encodedX509Certificate;
        private String encodedPrivateKey;
        private X509CertificateChain x509CertificateChain;
        private PrivateKey privateKey;
        private Region awsRegion;
        private String host;
        private AwsRolesAnyWhereRequesterDetails requesterDetails;

        public Builder(ObjectMapper objectMapper) {
            super(IAMRolesAnywhereSessionsCredentialsProvider::new);
            this.objectMapper = objectMapper;
            objectMapper(objectMapper);
        }

        public Builder(AwsRolesAnywhereProperties awsRolesAnywhereProperties, ObjectMapper objectMapper) {
            super(IAMRolesAnywhereSessionsCredentialsProvider::new);
            this.awsRegion = Region.of(awsRolesAnywhereProperties.getRegion());
            initRestClientBasedOnRegion();
            this.awsRolesAnywhereProperties = awsRolesAnywhereProperties;
            this.objectMapper = objectMapper;
            objectMapper(objectMapper);
            this.region = awsRolesAnywhereProperties.getRegion();
            this.durationSeconds = awsRolesAnywhereProperties.getDurationSeconds();
            this.roleArn = awsRolesAnywhereProperties.getRoleArn();
            this.profileArn = awsRolesAnywhereProperties.getProfileArn();
            this.trustAnchorArn = awsRolesAnywhereProperties.getTrustAnchorArn();
            this.encodedPrivateKey = awsRolesAnywhereProperties.getEncodedPrivateKey();
            this.encodedX509Certificate = awsRolesAnywhereProperties.getEncodedX509Certificate();
            this.x509CertificateChain = CertAndKeyParserAndLoader.resolveCertificateChain(awsRolesAnywhereProperties.getEncodedX509Certificate());
            this.privateKey = CertAndKeyParserAndLoader.extractPrivateKey(this.awsRolesAnywhereProperties.getEncodedPrivateKey());
            this.host = AwsX509SigningHelper.resolveHostBasedOnRegion(this.awsRegion);
            initRequest();
        }

        public Builder region(String str) {
            this.region = str;
            this.awsRegion = Region.of(str);
            initRestClientBasedOnRegion();
            return this;
        }

        public Builder durationSeconds(int i) {
            this.durationSeconds = Integer.valueOf(i);
            return this;
        }

        public Builder roleArn(String str) {
            this.roleArn = str;
            return this;
        }

        public Builder profileArn(String str) {
            this.profileArn = str;
            return this;
        }

        public Builder trustAnchorArn(String str) {
            this.trustAnchorArn = str;
            return this;
        }

        public Builder roleSessionName(String str) {
            this.roleSessionName = str;
            return this;
        }

        public Builder encodedX509Certificate(String str) {
            this.encodedX509Certificate = str;
            this.x509CertificateChain = CertAndKeyParserAndLoader.resolveCertificateChain(str);
            return this;
        }

        public Builder encodedPrivateKey(String str) {
            this.encodedPrivateKey = str;
            this.privateKey = CertAndKeyParserAndLoader.extractPrivateKey(str);
            return this;
        }

        private void initRequest() {
            this.awsRolesAnywhereSessionsRequest = AwsX509SigningHelper.awsRolesAnywhereSessionsRequest(this.roleArn, this.profileArn, this.trustAnchorArn, this.durationSeconds);
        }

        private void initRestClientBasedOnRegion() {
            sdkHttpClient(ApacheHttpClient.builder().maxConnections(100).build());
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // in.neuw.aws.rolesanywhere.credentials.RolesAnywhereCredentialsProvider.BaseBuilder
        /* renamed from: build */
        public IAMRolesAnywhereSessionsCredentialsProvider mo3build() {
            AwsRolesAnyWhereRequesterDetails build = AwsRolesAnyWhereRequesterDetails.builder().durationSeconds(this.durationSeconds).certificateChain(this.x509CertificateChain).privateKey(this.privateKey).encodedPrivateKey(this.encodedPrivateKey).encodedX509Certificate(this.encodedX509Certificate).host(this.host).region(this.awsRegion).trustAnchorArn(this.trustAnchorArn).roleArn(this.roleArn).profileArn(this.profileArn).roleSessionName(this.roleSessionName).build();
            initRequest();
            this.requesterDetails = build;
            return (IAMRolesAnywhereSessionsCredentialsProvider) super.mo3build();
        }
    }

    private IAMRolesAnywhereSessionsCredentialsProvider(Builder builder) {
        super(builder, "iam-r-aw-thread");
        log.info("setting up the rest client for 'roles anywhere AWS service', with host = {} based on region = {}", builder.host, builder.region);
        this.objectMapper = builder.objectMapper;
        this.awsRolesAnywhereSessionsRequest = builder.awsRolesAnywhereSessionsRequest;
        this.requesterDetails = builder.requesterDetails;
        prefetchCredentials();
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [java.time.ZonedDateTime] */
    private Instant getInstantFromResponseExpiry(String str) {
        return LocalDateTime.parse(str, DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'")).atZone(ZoneId.of("UTC")).toInstant();
    }

    @Override // in.neuw.aws.rolesanywhere.credentials.RolesAnywhereCredentialsProvider
    AwsSessionCredentials getUpdatedCredentials() {
        CredentialSet credentialSet = refreshCredentials().getCredentialSet().get(0);
        log.info("fetched credentials at epoch seconds = {} with expiry epoch seconds = {}", Long.valueOf(Instant.now().getEpochSecond()), Long.valueOf(getInstantFromResponseExpiry(credentialSet.getCredentials().getExpiration()).getEpochSecond()));
        return AwsSessionCredentials.builder().sessionToken(credentialSet.getCredentials().getSessionToken()).accessKeyId(credentialSet.getCredentials().getAccessKeyId()).secretAccessKey(credentialSet.getCredentials().getSecretAccessKey()).expirationTime(getInstantFromResponseExpiry(credentialSet.getCredentials().getExpiration())).build();
    }

    @Override // in.neuw.aws.rolesanywhere.credentials.RolesAnywhereCredentialsProvider
    String providerName() {
        return "rolesanywhere-provider";
    }

    public AwsRolesAnywhereSessionsResponse refreshCredentials() {
        return fetchCredentials(this.awsRolesAnywhereSessionsRequest, this.requesterDetails, this.sdkHttpClient, this.objectMapper);
    }

    private AwsRolesAnywhereSessionsResponse fetchCredentials(AwsRolesAnywhereSessionsRequest awsRolesAnywhereSessionsRequest, AwsRolesAnyWhereRequesterDetails awsRolesAnyWhereRequesterDetails, SdkHttpClient sdkHttpClient, ObjectMapper objectMapper) {
        return AwsX509SigningHelper.getIamRolesAnywhereSessions(awsRolesAnywhereSessionsRequest, awsRolesAnyWhereRequesterDetails, sdkHttpClient, objectMapper);
    }

    /* renamed from: toBuilder, reason: merged with bridge method [inline-methods] */
    public Builder m2toBuilder() {
        return null;
    }

    public IAMRolesAnywhereSessionsCredentialsProvider copy(Consumer<? super Builder> consumer) {
        return (IAMRolesAnywhereSessionsCredentialsProvider) super.copy(consumer);
    }

    /* renamed from: copy, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ ToCopyableBuilder m1copy(Consumer consumer) {
        return copy((Consumer<? super Builder>) consumer);
    }
}
