package org.apache.gobblin.aws;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSCredentialsProviderChain;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.util.StringUtils;
import com.typesafe.config.Config;
import java.util.concurrent.TimeUnit;
import org.apache.gobblin.annotation.Alpha;
import org.apache.gobblin.password.PasswordManager;
import org.apache.gobblin.util.ConfigUtils;

@Alpha
/* loaded from: input_file:org/apache/gobblin/aws/AWSClusterSecurityManager.class */
public class AWSClusterSecurityManager {
    private final Config config;

    /* loaded from: input_file:org/apache/gobblin/aws/AWSClusterSecurityManager$ConfigurationCredentialsProvider.class */
    private static class ConfigurationCredentialsProvider implements AWSCredentialsProvider {
        private Config config;

        ConfigurationCredentialsProvider(Config config) {
            this.config = config;
        }

        public AWSCredentials getCredentials() {
            String str = null;
            if (this.config.hasPath(GobblinAWSConfigurationKeys.SERVICE_ACCESS_KEY)) {
                str = this.config.getString(GobblinAWSConfigurationKeys.SERVICE_ACCESS_KEY);
            }
            String str2 = null;
            if (this.config.hasPath(GobblinAWSConfigurationKeys.SERVICE_SECRET_KEY)) {
                str2 = PasswordManager.getInstance(ConfigUtils.configToState(this.config)).readPassword(this.config.getString(GobblinAWSConfigurationKeys.SERVICE_SECRET_KEY));
            }
            String trim = StringUtils.trim(str);
            String trim2 = StringUtils.trim(str2);
            if (StringUtils.isNullOrEmpty(trim) || StringUtils.isNullOrEmpty(trim2)) {
                throw new AmazonClientException(String.format("Unable to load AWS credentials from config (%s and %s)", GobblinAWSConfigurationKeys.SERVICE_ACCESS_KEY, GobblinAWSConfigurationKeys.SERVICE_SECRET_KEY));
            }
            return new BasicAWSCredentials(trim, trim2);
        }

        public void refresh() {
        }

        public String toString() {
            return getClass().getSimpleName();
        }
    }

    /* loaded from: input_file:org/apache/gobblin/aws/AWSClusterSecurityManager$DefaultAWSCredentialsProviderChain.class */
    private static class DefaultAWSCredentialsProviderChain extends AWSCredentialsProviderChain {
        DefaultAWSCredentialsProviderChain(Config config) {
            super(new AWSCredentialsProvider[]{new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ConfigurationCredentialsProvider(config), new ProfileCredentialsProvider(), new InstanceProfileCredentialsProvider()});
        }
    }

    public AWSClusterSecurityManager(Config config) {
        this.config = config;
    }

    public AWSCredentialsProvider getCredentialsProvider() {
        AWSCredentialsProvider defaultAWSCredentialsProviderChain = new DefaultAWSCredentialsProviderChain(this.config);
        if (this.config.hasPath(GobblinAWSConfigurationKeys.CLIENT_ASSUME_ROLE_KEY) && this.config.getBoolean(GobblinAWSConfigurationKeys.CLIENT_ASSUME_ROLE_KEY)) {
            STSAssumeRoleSessionCredentialsProvider.Builder withLongLivedCredentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(this.config.getString(GobblinAWSConfigurationKeys.CLIENT_ROLE_ARN_KEY), this.config.getString(GobblinAWSConfigurationKeys.CLIENT_SESSION_ID_KEY)).withLongLivedCredentialsProvider(defaultAWSCredentialsProviderChain);
            if (this.config.hasPath(GobblinAWSConfigurationKeys.CLIENT_EXTERNAL_ID_KEY)) {
                withLongLivedCredentialsProvider.withExternalId(this.config.getString(GobblinAWSConfigurationKeys.CLIENT_EXTERNAL_ID_KEY));
            }
            if (this.config.hasPath(GobblinAWSConfigurationKeys.CREDENTIALS_REFRESH_INTERVAL)) {
                withLongLivedCredentialsProvider.withRoleSessionDurationSeconds((int) TimeUnit.MINUTES.toSeconds(this.config.getLong(GobblinAWSConfigurationKeys.CREDENTIALS_REFRESH_INTERVAL)));
            }
            defaultAWSCredentialsProviderChain = withLongLivedCredentialsProvider.build();
        }
        return defaultAWSCredentialsProviderChain;
    }
}
