package org.apache.flink.kinesis.shaded.software.amazon.awssdk.auth.credentials;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.flink.kinesis.shaded.com.amazonaws.auth.policy.internal.JsonDocumentFields;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.annotations.SdkPublicApi;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.core.util.json.JacksonUtils;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.DateUtils;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.IoUtils;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.Platform;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.Validate;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.cache.CachedSupplier;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.cache.NonBlocking;
import org.apache.flink.kinesis.shaded.software.amazon.awssdk.utils.cache.RefreshResult;

@SdkPublicApi
/* loaded from: input_file:org/apache/flink/kinesis/shaded/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.class */
public final class ProcessCredentialsProvider implements AwsCredentialsProvider {
    private final List<String> command;
    private final Duration credentialRefreshThreshold;
    private final long processOutputLimit;
    private final CachedSupplier<AwsCredentials> processCredentialCache;

    /* loaded from: input_file:org/apache/flink/kinesis/shaded/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider$Builder.class */
    public static class Builder {
        private Boolean asyncCredentialUpdateEnabled;
        private String command;
        private Duration credentialRefreshThreshold;
        private long processOutputLimit;

        private Builder() {
            this.asyncCredentialUpdateEnabled = false;
            this.credentialRefreshThreshold = Duration.ofSeconds(15L);
            this.processOutputLimit = 64000L;
        }

        public Builder asyncCredentialUpdateEnabled(Boolean bool) {
            this.asyncCredentialUpdateEnabled = bool;
            return this;
        }

        public Builder command(String str) {
            this.command = str;
            return this;
        }

        public Builder credentialRefreshThreshold(Duration duration) {
            this.credentialRefreshThreshold = duration;
            return this;
        }

        public Builder processOutputLimit(long j) {
            this.processOutputLimit = j;
            return this;
        }

        public ProcessCredentialsProvider build() {
            return new ProcessCredentialsProvider(this);
        }
    }

    private ProcessCredentialsProvider(Builder builder) {
        ArrayList arrayList = new ArrayList();
        if (Platform.isWindows()) {
            arrayList.add("cmd.exe");
            arrayList.add("/C");
        } else {
            arrayList.add("sh");
            arrayList.add("-c");
        }
        arrayList.add((String) Validate.paramNotNull(builder.command, "command"));
        this.command = Collections.unmodifiableList(arrayList);
        this.processOutputLimit = Validate.isPositive(builder.processOutputLimit, "processOutputLimit");
        this.credentialRefreshThreshold = Validate.isPositive(builder.credentialRefreshThreshold, "expirationBuffer");
        CachedSupplier.Builder builder2 = CachedSupplier.builder(this::refreshCredentials);
        if (builder.asyncCredentialUpdateEnabled.booleanValue()) {
            builder2.prefetchStrategy(new NonBlocking("process-credentials-provider"));
        }
        this.processCredentialCache = builder2.build();
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.apache.flink.kinesis.shaded.software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        return this.processCredentialCache.get();
    }

    private RefreshResult<AwsCredentials> refreshCredentials() {
        try {
            JsonNode parseProcessOutput = parseProcessOutput(executeCommand());
            AwsCredentials credentials = credentials(parseProcessOutput);
            Instant credentialExpirationTime = credentialExpirationTime(parseProcessOutput);
            return RefreshResult.builder(credentials).staleTime(credentialExpirationTime).prefetchTime(credentialExpirationTime.minusMillis(this.credentialRefreshThreshold.toMillis())).build();
        } catch (InterruptedException e) {
            throw new IllegalStateException("Process-based credential refreshing has been interrupted.", e);
        } catch (Exception e2) {
            throw new IllegalStateException("Failed to refresh process-based credentials.", e2);
        }
    }

    private JsonNode parseProcessOutput(String str) {
        JsonNode sensitiveJsonNodeOf = JacksonUtils.sensitiveJsonNodeOf(str);
        if (!sensitiveJsonNodeOf.isObject()) {
            throw new IllegalStateException("Process did not return a JSON object.");
        }
        JsonNode jsonNode = sensitiveJsonNodeOf.get(JsonDocumentFields.VERSION);
        if (jsonNode != null && jsonNode.isInt() && jsonNode.asInt() == 1) {
            return sensitiveJsonNodeOf;
        }
        throw new IllegalStateException("Unsupported credential version: " + jsonNode);
    }

    private AwsCredentials credentials(JsonNode jsonNode) {
        String text = getText(jsonNode, "AccessKeyId");
        String text2 = getText(jsonNode, "SecretAccessKey");
        String text3 = getText(jsonNode, "SessionToken");
        Validate.notEmpty(text, "AccessKeyId cannot be empty.", new Object[0]);
        Validate.notEmpty(text2, "SecretAccessKey cannot be empty.", new Object[0]);
        return text3 != null ? AwsSessionCredentials.create(text, text2, text3) : AwsBasicCredentials.create(text, text2);
    }

    private Instant credentialExpirationTime(JsonNode jsonNode) {
        String text = getText(jsonNode, "Expiration");
        return text != null ? DateUtils.parseIso8601Date(text) : Instant.MAX;
    }

    private String getText(JsonNode jsonNode, String str) {
        JsonNode jsonNode2 = jsonNode.get(str);
        if (jsonNode2 == null) {
            return null;
        }
        if (jsonNode2.isTextual()) {
            return jsonNode2.asText();
        }
        throw new IllegalStateException(str + " from credential process should be textual, but was " + jsonNode2.getNodeType());
    }

    private String executeCommand() throws IOException, InterruptedException {
        ProcessBuilder processBuilder = new ProcessBuilder(this.command);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Process start = processBuilder.start();
        try {
            IoUtils.copy(start.getInputStream(), byteArrayOutputStream, this.processOutputLimit);
            start.waitFor();
            if (start.exitValue() != 0) {
                throw new IllegalStateException("Command returned non-zero exit value: " + start.exitValue());
            }
            String str = new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
            start.destroy();
            return str;
        } catch (Throwable th) {
            start.destroy();
            throw th;
        }
    }
}
