package it.agilelab.bigdata.wasp.aws.auth.v2;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.WebIdentityFederationSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.model.ExpiredTokenException;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.apache.hadoop.conf.Configuration;

/* loaded from: input_file:it/agilelab/bigdata/wasp/aws/auth/v2/WebIdentityProvider.class */
public class WebIdentityProvider implements AWSCredentialsProvider {
    private final Path tokenFile;
    private final String role;
    WebIdentityFederationSessionCredentialsProvider provider;
    private static String TOKEN_FILE_KEY = "fs.s3a.assumed.role.web.tokenfile";
    private static String TOKEN_FILE_DEFAULT = "/var/run/secrets/eks.amazonaws.com/serviceaccount/token";
    private static String ROLE_ARN = "fs.s3a.assumed.role.web.role.arn";
    private final Object lock = new Object();

    public WebIdentityProvider(URI uri, Configuration configuration) throws IOException {
        this.tokenFile = Paths.get(configuration.get(TOKEN_FILE_KEY, TOKEN_FILE_DEFAULT), new String[0]);
        this.role = configuration.get(ROLE_ARN);
        this.provider = instantiate(this.tokenFile, this.role);
    }

    public WebIdentityFederationSessionCredentialsProvider instantiate(Path path, String str) throws IOException {
        if (Files.exists(path, new LinkOption[0])) {
            return new WebIdentityFederationSessionCredentialsProvider(new String(Files.readAllBytes(path), StandardCharsets.UTF_8), (String) null, str);
        }
        throw new IOException("Token file [" + path + "] not found");
    }

    public AWSCredentials getCredentials() {
        AWSSessionCredentials credentials;
        synchronized (this.lock) {
            try {
                credentials = this.provider.getCredentials();
            } catch (ExpiredTokenException e) {
                try {
                    this.provider = instantiate(this.tokenFile, this.role);
                    return this.provider.getCredentials();
                } catch (IOException e2) {
                    throw new RuntimeException("Could not instantiate provider");
                }
            }
        }
        return credentials;
    }

    public void refresh() {
        synchronized (this.lock) {
            this.provider.refresh();
        }
    }
}
