package org.jets3t.service.security;

import java.io.IOException;
import java.text.ParseException;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.jackson.JsonNode;
import org.codehaus.jackson.JsonProcessingException;
import org.codehaus.jackson.map.ObjectMapper;
import org.jets3t.service.utils.RestUtils;
import org.jets3t.service.utils.ServiceUtils;
import org.jfree.chart.axis.SegmentedTimeline;

/* loaded from: input_file:extensions/17AB52DE-B300-A94B-E058BD978511E39E-0.9.4.155-SNAPSHOT.lex:jars/org.lucee.jets3t-0.9.4.0016L.jar:org/jets3t/service/security/AWSEC2IAMSessionCredentials.class */
public class AWSEC2IAMSessionCredentials extends AWSSessionCredentials {
    private static final Log log = LogFactory.getLog(AWSEC2IAMSessionCredentials.class);
    protected static String baseCredentialsUrl = "http://169.254.169.254/latest/meta-data/iam/security-credentials";
    protected String roleName;
    protected Date expiration;
    protected boolean automaticRefreshEnabled;
    protected long automaticRefreshRetryDelaySeconds;
    private volatile long automaticRefreshLastRetryMS;

    public AWSEC2IAMSessionCredentials(String str, String str2, String str3, String str4, Date date, boolean z) {
        super(str, str2, str3, null);
        this.roleName = null;
        this.expiration = null;
        this.automaticRefreshEnabled = true;
        this.automaticRefreshRetryDelaySeconds = 10L;
        this.automaticRefreshLastRetryMS = 0L;
        this.roleName = str4;
        this.expiration = date;
        this.automaticRefreshEnabled = z;
    }

    @Override // org.jets3t.service.security.AWSSessionCredentials, org.jets3t.service.security.AWSCredentials, org.jets3t.service.security.ProviderCredentials
    protected String getTypeName() {
        return "ec2-iam-session";
    }

    public boolean isAutomaticRefreshEnabled() {
        return this.automaticRefreshEnabled;
    }

    @Override // org.jets3t.service.security.AWSSessionCredentials
    public String getSessionToken() {
        refreshFromEC2InstanceDataIfNearExpiration();
        return this.sessionToken;
    }

    @Override // org.jets3t.service.security.ProviderCredentials
    public String getAccessKey() {
        refreshFromEC2InstanceDataIfNearExpiration();
        return this.accessKey;
    }

    @Override // org.jets3t.service.security.ProviderCredentials
    public String getSecretKey() {
        refreshFromEC2InstanceDataIfNearExpiration();
        return this.secretKey;
    }

    public String getRoleName() {
        refreshFromEC2InstanceDataIfNearExpiration();
        return this.roleName;
    }

    public Date getExpiration() {
        refreshFromEC2InstanceDataIfNearExpiration();
        return this.expiration;
    }

    public boolean isNearExpiration() {
        return this.expiration.getTime() - new Date().getTime() <= SegmentedTimeline.FIFTEEN_MINUTE_SEGMENT_SIZE;
    }

    public void refreshFromEC2InstanceData() {
        AWSEC2IAMSessionCredentials loadFromEC2InstanceData = loadFromEC2InstanceData(this.roleName, this.automaticRefreshEnabled);
        this.accessKey = loadFromEC2InstanceData.getAccessKey();
        this.secretKey = loadFromEC2InstanceData.getSecretKey();
        this.sessionToken = loadFromEC2InstanceData.getSessionToken();
        this.expiration = loadFromEC2InstanceData.getExpiration();
    }

    public synchronized void refreshFromEC2InstanceDataIfNearExpiration() {
        if (this.automaticRefreshEnabled && isNearExpiration() && (System.currentTimeMillis() - this.automaticRefreshLastRetryMS) / 1000 >= this.automaticRefreshRetryDelaySeconds) {
            try {
                this.automaticRefreshLastRetryMS = System.currentTimeMillis();
                refreshFromEC2InstanceData();
            } catch (Exception e) {
                log.warn("Failed to automatically refresh IAM role credentials from EC2 instance data", e);
            }
        }
    }

    public static AWSEC2IAMSessionCredentials loadFromEC2InstanceData(String str, String str2, boolean z) {
        try {
            String str3 = str;
            if (!str3.endsWith("/")) {
                str3 = str3 + "/";
            }
            return parseEC2InstanceData(RestUtils.httpGetUrlAsString(str3 + str2), str2, z);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static AWSEC2IAMSessionCredentials loadFromEC2InstanceData(String str, boolean z) {
        return loadFromEC2InstanceData(baseCredentialsUrl, str, z);
    }

    public static AWSEC2IAMSessionCredentials loadFromEC2InstanceData(boolean z) {
        try {
            String trim = RestUtils.httpGetUrlAsString(baseCredentialsUrl + "/").trim();
            if (trim == null || trim.length() == 0) {
                throw new RuntimeException("Empty IAM role name in EC2 meta data!");
            }
            return loadFromEC2InstanceData(baseCredentialsUrl, trim, z);
        } catch (Exception e) {
            throw new RuntimeException("Could not fetch IAM role name from EC2 meta data!", e);
        }
    }

    public static AWSEC2IAMSessionCredentials parseEC2InstanceData(String str, String str2, boolean z) throws JsonProcessingException, IOException, ParseException {
        JsonNode readTree = new ObjectMapper().readTree(str);
        if (readTree.findValuesAsText("Code").get(0).equals("Success")) {
            return new AWSEC2IAMSessionCredentials(readTree.findValuesAsText("AccessKeyId").get(0), readTree.findValuesAsText("SecretAccessKey").get(0), readTree.findValuesAsText("Token").get(0), str2, ServiceUtils.parseIso8601Date(readTree.findValuesAsText("Expiration").get(0)), z);
        }
        throw new RuntimeException("Status 'Code' != 'Success'");
    }
}
