package org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.credential;

import java.util.Properties;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.DlfMetaToken;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.impl.DateUtil;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.core.DlfAuthContext;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.core.api.external.StsApi;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.core.constant.DlfConstants;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.core.model.Result;
import org.apache.paimon.shade.dlf_2.com.aliyun.datalake.core.util.PropertiesUtil;
import org.apache.paimon.shade.dlf_2.com.aliyuncs.DefaultAcsClient;
import org.apache.paimon.shade.dlf_2.com.aliyuncs.profile.DefaultProfile;
import org.apache.paimon.shade.dlf_2.com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import org.apache.paimon.shade.dlf_2.com.aliyuncs.sts.model.v20150401.AssumeRoleWithServiceIdentityResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/paimon/shade/dlf_2/com/aliyun/datalake/common/credential/AssumeRoleStsCredentialsProvider.class */
public class AssumeRoleStsCredentialsProvider extends AbstractCredentialsProvider<DlfMetaToken> {
    public static final Logger LOG = LoggerFactory.getLogger(AssumeRoleStsCredentialsProvider.class);
    private StsApi assumeRoleApi;
    private boolean withServiceIdentityEnabled = true;
    private String roleArn;
    private String assumeRoleFor;
    private Long durationSeconds;

    @Override // org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.credential.AbstractCredentialsProvider, org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.credential.DlfCredentialsProvider
    public void init(Properties properties, String str, Class<DlfMetaToken> cls) {
        super.init(properties, str, cls);
        this.withServiceIdentityEnabled = Boolean.parseBoolean(PropertiesUtil.getPropertyIgnoreCase(properties, str + DlfConstants.ConfigConstants.ASSUME_ROLE_WITH_SERVICE_IDENTITY_ENABLED, "true"));
        String propertyIgnoreCase = PropertiesUtil.getPropertyIgnoreCase(properties, str + DlfConstants.ConfigConstants.ASSUME_ROLE_REGION_ID, "cn-hangzhou");
        String propertyIgnoreCase2 = PropertiesUtil.getPropertyIgnoreCase(properties, str + "assume.role.sts.endpoint", "sts.cn-hangzhou.aliyuncs.com");
        String propertyIgnoreCase3 = PropertiesUtil.getPropertyIgnoreCase(properties, str + DlfConstants.ConfigConstants.ASSUME_ROLE_ACCESS_KEY_ID);
        String propertyIgnoreCase4 = PropertiesUtil.getPropertyIgnoreCase(properties, str + DlfConstants.ConfigConstants.ASSUME_ROLE_ACCESS_KEY_SECRET);
        this.roleArn = PropertiesUtil.getPropertyIgnoreCase(properties, str + "assume.role.roleArn");
        if (this.roleArn == null) {
            throw new IllegalArgumentException("assume role roleArn is null");
        }
        this.assumeRoleFor = PropertiesUtil.getPropertyIgnoreCase(properties, str + "assume.role.assumeRoleFor");
        if (this.withServiceIdentityEnabled && this.assumeRoleFor == null) {
            throw new IllegalArgumentException("assume role assumeRoleFor is null");
        }
        this.durationSeconds = Long.valueOf(Long.parseLong(PropertiesUtil.getPropertyIgnoreCase(properties, str + "assume.role.durationSeconds", "3600")));
        DefaultProfile.addEndpoint(propertyIgnoreCase, "Sts", propertyIgnoreCase2);
        this.assumeRoleApi = new StsApi(new DefaultAcsClient(DefaultProfile.getProfile(propertyIgnoreCase, propertyIgnoreCase3, propertyIgnoreCase4)));
        LOG.info("dlf assume role sts credential provider for init success");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.paimon.shade.dlf_2.com.aliyun.datalake.common.credential.AbstractCredentialsProvider
    public DlfMetaToken getCredentialsInternal(DlfAuthContext dlfAuthContext, String str) {
        try {
            return this.withServiceIdentityEnabled ? getCredentialsWithServiceIdentity(dlfAuthContext, str) : getCredentialsWithoutServiceIdentity(dlfAuthContext, str);
        } catch (Exception e) {
            LOG.error("Get credentials by assume role error, identifier: {}", str, e);
            throw new RuntimeException("Get credentials by assume role error, identifier: " + str, e);
        }
    }

    private DlfMetaToken getCredentialsWithServiceIdentity(DlfAuthContext dlfAuthContext, String str) throws Exception {
        Result<AssumeRoleWithServiceIdentityResponse.Credentials> assumeRoleWithServiceIdentity = this.assumeRoleApi.assumeRoleWithServiceIdentity(this.roleArn, str, this.durationSeconds, this.assumeRoleFor, null);
        if (assumeRoleWithServiceIdentity.success) {
            return DlfMetaToken.builder().accessKeyId(assumeRoleWithServiceIdentity.data.getAccessKeyId()).accessKeySecret(assumeRoleWithServiceIdentity.data.getAccessKeySecret()).securityToken(assumeRoleWithServiceIdentity.data.getSecurityToken()).expiration(DateUtil.strToDate(assumeRoleWithServiceIdentity.data.getExpiration())).userName(dlfAuthContext.getUserName()).identifier(str).build();
        }
        throw new RuntimeException(assumeRoleWithServiceIdentity.message);
    }

    private DlfMetaToken getCredentialsWithoutServiceIdentity(DlfAuthContext dlfAuthContext, String str) throws Exception {
        Result<AssumeRoleResponse.Credentials> assumeRole = this.assumeRoleApi.assumeRole(this.roleArn, str, this.durationSeconds, null);
        if (assumeRole.success) {
            return DlfMetaToken.builder().accessKeyId(assumeRole.data.getAccessKeyId()).accessKeySecret(assumeRole.data.getAccessKeySecret()).securityToken(assumeRole.data.getSecurityToken()).expiration(DateUtil.strToDate(assumeRole.data.getExpiration())).userName(dlfAuthContext.getUserName()).identifier(str).build();
        }
        throw new RuntimeException(assumeRole.message);
    }
}
