package io.confluent.connect.s3.auth;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import io.confluent.connect.s3.S3SinkConnectorConfig;
import io.confluent.connect.storage.common.util.StringUtils;
import java.util.Map;
import org.apache.kafka.common.Configurable;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;

/* loaded from: input_file:io/confluent/connect/s3/auth/AwsAssumeRoleCredentialsProvider.class */
public class AwsAssumeRoleCredentialsProvider implements AWSCredentialsProvider, Configurable {
    public static final String ROLE_EXTERNAL_ID_CONFIG = "sts.role.external.id";
    public static final String ROLE_ARN_CONFIG = "sts.role.arn";
    public static final String ROLE_SESSION_NAME_CONFIG = "sts.role.session.name";
    private static final ConfigDef STS_CONFIG_DEF = new ConfigDef().define(ROLE_EXTERNAL_ID_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.MEDIUM, "The role external ID used when retrieving session credentials under an assumed role.").define(ROLE_ARN_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, "Role ARN to use when starting a session.").define(ROLE_SESSION_NAME_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, "Role session name to use when starting a session");
    private String roleArn;
    private String roleExternalId;
    private String roleSessionName;
    private BasicAWSCredentials basicCredentials;
    private STSAssumeRoleSessionCredentialsProvider stsCredentialProvider;

    public void configure(Map<String, ?> map) {
        AbstractConfig abstractConfig = new AbstractConfig(STS_CONFIG_DEF, map);
        this.roleArn = abstractConfig.getString(ROLE_ARN_CONFIG);
        this.roleExternalId = abstractConfig.getString(ROLE_EXTERNAL_ID_CONFIG);
        this.roleSessionName = abstractConfig.getString(ROLE_SESSION_NAME_CONFIG);
        String str = (String) map.get(S3SinkConnectorConfig.AWS_ACCESS_KEY_ID_CONFIG);
        String str2 = (String) map.get(S3SinkConnectorConfig.AWS_SECRET_ACCESS_KEY_CONFIG);
        if (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
            this.basicCredentials = new BasicAWSCredentials(str, str2);
            this.stsCredentialProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(this.roleArn, this.roleSessionName).withStsClient((AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(this.basicCredentials)).build()).withExternalId(this.roleExternalId).build();
        } else {
            this.basicCredentials = null;
            this.stsCredentialProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(this.roleArn, this.roleSessionName).withStsClient(AWSSecurityTokenServiceClientBuilder.defaultClient()).withExternalId(this.roleExternalId).build();
        }
    }

    public AWSCredentials getCredentials() {
        return this.stsCredentialProvider.getCredentials();
    }

    public void refresh() {
        if (this.stsCredentialProvider != null) {
            this.stsCredentialProvider.refresh();
        }
    }
}
