package com.aliyun.auth.credentials.provider;

import com.aliyun.auth.credentials.Credential;
import com.aliyun.auth.credentials.ICredential;
import com.aliyun.auth.credentials.exception.CredentialException;
import com.aliyun.auth.credentials.http.CompatibleUrlConnClient;
import com.aliyun.auth.credentials.http.HttpRequest;
import com.aliyun.auth.credentials.http.HttpResponse;
import com.aliyun.auth.credentials.http.MethodType;
import com.aliyun.auth.credentials.provider.HttpCredentialProvider;
import com.aliyun.auth.credentials.utils.ParameterHelper;
import com.aliyun.auth.credentials.utils.RefreshResult;
import com.aliyun.core.utils.StringUtils;
import com.aliyun.core.utils.Validate;
import com.google.gson.Gson;
import java.net.MalformedURLException;
import java.net.URL;
import java.time.Instant;
import java.util.Map;

/* loaded from: input_file:com/aliyun/auth/credentials/provider/EcsRamRoleCredentialProvider.class */
public final class EcsRamRoleCredentialProvider extends HttpCredentialProvider {
    private static final String URL_IN_ECS_METADATA = "/latest/meta-data/ram/security-credentials/";
    private static final String ECS_METADAT_FETCH_ERROR_MSG = "Failed to get RAM session credentials from ECS metadata service.";
    private URL credentialUrl;
    private String roleName;
    private String metadataServiceHost;
    private int connectionTimeout;
    private int readTimeout;
    private int EcsRamRoleTimeout;

    /* loaded from: input_file:com/aliyun/auth/credentials/provider/EcsRamRoleCredentialProvider$Builder.class */
    public interface Builder extends HttpCredentialProvider.Builder<EcsRamRoleCredentialProvider, Builder> {
        Builder roleName(String str);

        Builder metadataServiceHost(String str);

        Builder connectionTimeout(int i);

        Builder readTimeout(int i);

        Builder EcsRamRoleTimeout(int i);

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        EcsRamRoleCredentialProvider build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/aliyun/auth/credentials/provider/EcsRamRoleCredentialProvider$BuilderImpl.class */
    public static final class BuilderImpl extends HttpCredentialProvider.BuilderImpl<EcsRamRoleCredentialProvider, Builder> implements Builder {
        private String roleName;
        private String metadataServiceHost;
        private int connectionTimeout;
        private int readTimeout;
        private int EcsRamRoleTimeout;

        private BuilderImpl() {
            this.metadataServiceHost = "100.100.100.200";
            this.connectionTimeout = 1000;
            this.readTimeout = 1000;
            this.EcsRamRoleTimeout = 1000;
        }

        @Override // com.aliyun.auth.credentials.provider.EcsRamRoleCredentialProvider.Builder
        public Builder roleName(String str) {
            this.roleName = str;
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.EcsRamRoleCredentialProvider.Builder
        public Builder metadataServiceHost(String str) {
            if (!StringUtils.isEmpty((CharSequence) str)) {
                this.metadataServiceHost = str;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.EcsRamRoleCredentialProvider.Builder
        public Builder connectionTimeout(int i) {
            if (!StringUtils.isEmpty(Integer.valueOf(i))) {
                this.connectionTimeout = i;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.EcsRamRoleCredentialProvider.Builder
        public Builder readTimeout(int i) {
            if (!StringUtils.isEmpty(Integer.valueOf(i))) {
                this.readTimeout = i;
            }
            return this;
        }

        @Override // com.aliyun.auth.credentials.provider.EcsRamRoleCredentialProvider.Builder
        public Builder EcsRamRoleTimeout(int i) {
            if (!StringUtils.isEmpty(Integer.valueOf(i))) {
                this.EcsRamRoleTimeout = i;
            }
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider.Builder
        public EcsRamRoleCredentialProvider build() {
            return new EcsRamRoleCredentialProvider(this);
        }
    }

    private EcsRamRoleCredentialProvider(BuilderImpl builderImpl) {
        super(builderImpl);
        this.roleName = (String) Validate.notNull(builderImpl.roleName, "roleName must not be null.", new Object[0]);
        this.metadataServiceHost = builderImpl.metadataServiceHost;
        this.connectionTimeout = builderImpl.connectionTimeout;
        this.readTimeout = builderImpl.readTimeout;
        this.EcsRamRoleTimeout = builderImpl.EcsRamRoleTimeout;
        try {
            this.credentialUrl = new URL("http://" + this.metadataServiceHost + URL_IN_ECS_METADATA + this.roleName);
            buildRefreshCache();
        } catch (MalformedURLException e) {
            throw new CredentialException(e.getMessage(), e);
        }
    }

    public static EcsRamRoleCredentialProvider create(String str) {
        return builder().roleName(str).build();
    }

    public static Builder builder() {
        return new BuilderImpl();
    }

    @Override // com.aliyun.auth.credentials.provider.HttpCredentialProvider
    public RefreshResult<ICredential> refreshCredentials() {
        CompatibleUrlConnClient compatibleUrlConnClient = new CompatibleUrlConnClient();
        HttpRequest httpRequest = new HttpRequest(this.credentialUrl.toString());
        httpRequest.setSysMethod(MethodType.GET);
        httpRequest.setSysConnectTimeout(Integer.valueOf(this.connectionTimeout));
        httpRequest.setSysReadTimeout(Integer.valueOf(this.readTimeout));
        try {
            try {
                HttpResponse syncInvoke = compatibleUrlConnClient.syncInvoke(httpRequest);
                compatibleUrlConnClient.close();
                if (syncInvoke.getResponseCode() == 404) {
                    throw new CredentialException("The role name was not found in the instance");
                }
                if (syncInvoke.getResponseCode() != 200) {
                    throw new CredentialException("Failed to get RAM session credentials from ECS metadata service. HttpCode=" + syncInvoke.getResponseCode());
                }
                Map map = (Map) new Gson().fromJson(syncInvoke.getHttpContentString(), Map.class);
                if (!"Success".equals(map.get("Code"))) {
                    throw new CredentialException(ECS_METADAT_FETCH_ERROR_MSG);
                }
                Instant instant = ParameterHelper.getUTCDate((String) map.get("Expiration")).toInstant();
                return RefreshResult.builder(Credential.builder().accessKeyId((String) map.get("AccessKeyId")).accessKeySecret((String) map.get("AccessKeySecret")).securityToken((String) map.get("SecurityToken")).build()).staleTime(getStaleTime(instant)).prefetchTime(getPrefetchTime(instant)).build();
            } catch (Exception e) {
                throw new CredentialException("Failed to connect ECS Metadata Service: " + e.toString());
            }
        } catch (Throwable th) {
            compatibleUrlConnClient.close();
            throw th;
        }
    }
}
