package com.amazonaws.auth;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.util.ValidationUtils;
import java.util.concurrent.atomic.AtomicReference;

@ThreadSafe
/* loaded from: input_file:com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.class */
public class STSAssumeRoleSessionCredentialsProvider implements AWSSessionCredentialsProvider {
    public static final int DEFAULT_DURATION_SECONDS = 900;
    private static final int EXPIRY_TIME_MILLIS = 60000;
    private final AWSSecurityTokenService securityTokenService;
    private final AtomicReference<Credentials> sessionCredentials;
    private final String roleArn;
    private final String roleSessionName;
    private final String roleExternalId;
    private final int roleSessionDurationSeconds;

    /* loaded from: input_file:com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider$Builder.class */
    public static final class Builder {
        private AWSCredentialsProvider longLivedCredentialsProvider;
        private AWSCredentials longLivedCredentials;
        private ClientConfiguration clientConfiguration;
        private final String roleArn;
        private final String roleSessionName;
        private String roleExternalId;
        private String serviceEndpoint;
        private int roleSessionDurationSeconds;
        private AWSSecurityTokenService sts;

        public Builder(String str, String str2) {
            if (str == null || str2 == null) {
                throw new NullPointerException("You must specify a value for roleArn and roleSessionName");
            }
            this.roleArn = str;
            this.roleSessionName = str2;
        }

        public Builder withLongLivedCredentials(AWSCredentials aWSCredentials) {
            this.longLivedCredentials = aWSCredentials;
            return this;
        }

        public Builder withLongLivedCredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider) {
            this.longLivedCredentialsProvider = aWSCredentialsProvider;
            return this;
        }

        public Builder withClientConfiguration(ClientConfiguration clientConfiguration) {
            this.clientConfiguration = clientConfiguration;
            return this;
        }

        public Builder withExternalId(String str) {
            this.roleExternalId = str;
            return this;
        }

        public Builder withRoleSessionDurationSeconds(int i) {
            if (i < 900 || i > 3600) {
                throw new IllegalArgumentException("Assume Role session duration should be in the range of 15min - 1Hr");
            }
            this.roleSessionDurationSeconds = i;
            return this;
        }

        public Builder withServiceEndpoint(String str) {
            this.serviceEndpoint = str;
            return this;
        }

        public Builder withStsClient(AWSSecurityTokenService aWSSecurityTokenService) {
            this.sts = aWSSecurityTokenService;
            return this;
        }

        public STSAssumeRoleSessionCredentialsProvider build() {
            return new STSAssumeRoleSessionCredentialsProvider(this);
        }
    }

    public STSAssumeRoleSessionCredentialsProvider(String str, String str2) {
        this(new Builder(str, str2));
    }

    public STSAssumeRoleSessionCredentialsProvider(AWSCredentials aWSCredentials, String str, String str2) {
        this(aWSCredentials, str, str2, new ClientConfiguration());
    }

    public STSAssumeRoleSessionCredentialsProvider(AWSCredentials aWSCredentials, String str, String str2, ClientConfiguration clientConfiguration) {
        this(new Builder(str, str2).withLongLivedCredentials(aWSCredentials).withClientConfiguration(clientConfiguration));
    }

    public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider, String str, String str2) {
        this(new Builder(str, str2).withLongLivedCredentialsProvider(aWSCredentialsProvider));
    }

    public STSAssumeRoleSessionCredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider, String str, String str2, ClientConfiguration clientConfiguration) {
        this(new Builder(str, str2).withLongLivedCredentialsProvider(aWSCredentialsProvider).withClientConfiguration(clientConfiguration));
    }

    private STSAssumeRoleSessionCredentialsProvider(Builder builder) {
        this.sessionCredentials = new AtomicReference<>();
        if (builder.sts != null) {
            ValidationUtils.assertAllAreNull("If a custom STS client is set you must not set any other client related fields (ClientConfiguration, AWSCredentials, Endpoint, etc", new Object[]{builder.longLivedCredentials, builder.longLivedCredentialsProvider, builder.clientConfiguration, builder.serviceEndpoint});
            this.securityTokenService = builder.sts;
        } else {
            this.securityTokenService = buildStsClient(builder);
            if (builder.serviceEndpoint != null) {
                this.securityTokenService.setEndpoint(builder.serviceEndpoint);
            }
        }
        this.roleArn = builder.roleArn;
        this.roleSessionName = builder.roleSessionName;
        this.roleExternalId = builder.roleExternalId;
        if (builder.roleSessionDurationSeconds != 0) {
            this.roleSessionDurationSeconds = builder.roleSessionDurationSeconds;
        } else {
            this.roleSessionDurationSeconds = DEFAULT_DURATION_SECONDS;
        }
    }

    private static AWSSecurityTokenService buildStsClient(Builder builder) throws IllegalArgumentException {
        if (builder.longLivedCredentials != null && builder.longLivedCredentialsProvider != null) {
            throw new IllegalArgumentException("It is illegal to set both an AWSCredentials and an AWSCredentialsProvider for an " + STSAssumeRoleSessionCredentialsProvider.class.getName());
        }
        StaticCredentialsProvider staticCredentialsProvider = null;
        if (builder.longLivedCredentials != null) {
            staticCredentialsProvider = new StaticCredentialsProvider(builder.longLivedCredentials);
        } else if (builder.longLivedCredentialsProvider != null) {
            staticCredentialsProvider = builder.longLivedCredentialsProvider;
        }
        return staticCredentialsProvider == null ? builder.clientConfiguration == null ? new AWSSecurityTokenServiceClient() : new AWSSecurityTokenServiceClient(builder.clientConfiguration) : builder.clientConfiguration == null ? new AWSSecurityTokenServiceClient((AWSCredentialsProvider) staticCredentialsProvider) : new AWSSecurityTokenServiceClient((AWSCredentialsProvider) staticCredentialsProvider, builder.clientConfiguration);
    }

    public void setSTSClientEndpoint(String str) {
        this.securityTokenService.setEndpoint(str);
        this.sessionCredentials.set(null);
    }

    /* renamed from: getCredentials, reason: merged with bridge method [inline-methods] */
    public AWSSessionCredentials m0getCredentials() {
        if (needsNewSession()) {
            startSession();
        }
        Credentials credentials = this.sessionCredentials.get();
        return new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
    }

    public void refresh() {
        startSession();
    }

    private void startSession() {
        AssumeRoleRequest withRoleSessionName = new AssumeRoleRequest().withRoleArn(this.roleArn).withDurationSeconds(Integer.valueOf(this.roleSessionDurationSeconds)).withRoleSessionName(this.roleSessionName);
        if (this.roleExternalId != null) {
            withRoleSessionName = withRoleSessionName.withExternalId(this.roleExternalId);
        }
        this.sessionCredentials.set(this.securityTokenService.assumeRole(withRoleSessionName).getCredentials());
    }

    private boolean needsNewSession() {
        Credentials credentials = this.sessionCredentials.get();
        return credentials == null || credentials.getExpiration().getTime() - System.currentTimeMillis() < 60000;
    }
}
