package com.aliyuncs.auth;

import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.exceptions.ServerException;
import com.aliyuncs.http.FormatType;
import com.aliyuncs.http.HttpRequest;
import com.aliyuncs.http.HttpResponse;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.clients.CompatibleUrlConnClient;
import com.aliyuncs.utils.ParameterHelper;
import com.aliyuncs.utils.StringUtils;
import com.google.gson.Gson;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/aliyuncs/auth/OIDCCredentialsProvider.class */
public class OIDCCredentialsProvider implements AlibabaCloudCredentialsProvider {
    private String roleArn;
    private String oidcProviderArn;
    private String oidcTokenFilePath;
    private String roleSessionName;
    private String policy;
    private String stsEndpoint;
    private long durationSeconds;
    private BasicSessionCredentials credentials;

    String getRoleArn() {
        return this.roleArn;
    }

    void setRoleArn(String str) {
        this.roleArn = str;
    }

    String getOidcProviderArn() {
        return this.oidcProviderArn;
    }

    void setOidcProviderArn(String str) {
        this.oidcProviderArn = str;
    }

    String getOidcTokenFilePath() {
        return this.oidcTokenFilePath;
    }

    void setOidcTokenFilePath(String str) {
        this.oidcTokenFilePath = str;
    }

    String getRoleSessionName() {
        return this.roleSessionName;
    }

    void setRoleSessionName(String str) {
        this.roleSessionName = str;
    }

    String getPolicy() {
        return this.policy;
    }

    void setPolicy(String str) {
        this.policy = str;
    }

    public OIDCCredentialsProvider(String str, String str2, String str3, String str4, String str5) throws ClientException {
        this.roleArn = !StringUtils.isEmpty(str) ? str : System.getenv("ALIBABA_CLOUD_ROLE_ARN");
        if (StringUtils.isEmpty(this.roleArn)) {
            throw new ClientException("roleArn does not exist and env ALIBABA_CLOUD_ROLE_ARN is null.");
        }
        this.oidcProviderArn = !StringUtils.isEmpty(str2) ? str2 : System.getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
        if (StringUtils.isEmpty(this.oidcProviderArn)) {
            throw new ClientException("OIDCProviderArn does not exist and env ALIBABA_CLOUD_OIDC_PROVIDER_ARN is null.");
        }
        this.oidcTokenFilePath = !StringUtils.isEmpty(str3) ? str3 : System.getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
        if (StringUtils.isEmpty(this.oidcTokenFilePath)) {
            throw new ClientException("OIDCTokenFilePath does not exist and env ALIBABA_CLOUD_OIDC_TOKEN_FILE is null.");
        }
        this.roleSessionName = !StringUtils.isEmpty(str4) ? str4 : System.getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME");
        if (StringUtils.isEmpty(this.roleSessionName)) {
            this.roleSessionName = "DEFAULT_ROLE_SESSION_NAME_FOR_JAVA_SDK_V1";
        }
        if (StringUtils.isEmpty(str5)) {
            this.stsEndpoint = "https://sts.aliyuncs.com/";
        } else {
            this.stsEndpoint = String.format("https://sts.%s.aliyuncs.com/", str5);
        }
        this.durationSeconds = AuthConstant.TSC_VALID_TIME_SECONDS;
    }

    @Override // com.aliyuncs.auth.AlibabaCloudCredentialsProvider
    public AlibabaCloudCredentials getCredentials() throws ClientException, ServerException {
        if (this.credentials == null || this.credentials.willSoonExpire()) {
            this.credentials = parseCredentials(invokeAssumeRoleWithOIDC(), this.durationSeconds);
        }
        return this.credentials;
    }

    private static BasicSessionCredentials parseCredentials(String str, long j) throws ClientException {
        Map map = (Map) new Gson().fromJson(str, Map.class);
        if (null == map) {
            throw new ClientException("Invalid JSON");
        }
        if (!map.containsKey("Credentials")) {
            throw new ClientException("AssumeRoleWithOIDC failed: " + str);
        }
        Map map2 = (Map) map.get("Credentials");
        return new BasicSessionCredentials((String) map2.get("AccessKeyId"), (String) map2.get("AccessKeySecret"), (String) map2.get("SecurityToken"), j);
    }

    private String invokeAssumeRoleWithOIDC() throws ClientException {
        HashMap hashMap = new HashMap();
        hashMap.put("Action", "AssumeRoleWithOIDC");
        hashMap.put("Format", "JSON");
        hashMap.put("Version", "2015-04-01");
        hashMap.put("Timestamp", ParameterHelper.getISO8601Time(new Date()));
        try {
            HttpRequest httpRequest = new HttpRequest(this.stsEndpoint + "?" + new String(ParameterHelper.getFormData(hashMap)));
            httpRequest.setSysMethod(MethodType.POST);
            httpRequest.setHttpContentType(FormatType.FORM);
            httpRequest.setSysConnectTimeout(1000);
            httpRequest.setSysReadTimeout(3000);
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(new File(this.oidcTokenFilePath));
                    byte[] bArr = new byte[fileInputStream.available()];
                    fileInputStream.read(bArr);
                    String str = new String(bArr, "UTF-8");
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("DurationSeconds", String.valueOf(this.durationSeconds));
                    hashMap2.put("RoleArn", this.roleArn);
                    hashMap2.put("OIDCProviderArn", this.oidcProviderArn);
                    hashMap2.put("OIDCToken", str);
                    hashMap2.put("RoleSessionName", this.roleSessionName);
                    hashMap2.put("Policy", this.policy);
                    StringBuilder sb = new StringBuilder();
                    try {
                        boolean z = true;
                        for (Map.Entry entry : hashMap2.entrySet()) {
                            if (!StringUtils.isEmpty((CharSequence) entry.getValue())) {
                                if (z) {
                                    z = false;
                                } else {
                                    sb.append("&");
                                }
                                sb.append(URLEncoder.encode((String) entry.getKey(), "UTF-8"));
                                sb.append("=");
                                sb.append(URLEncoder.encode((String) entry.getValue(), "UTF-8"));
                            }
                        }
                        httpRequest.setHttpContent(sb.toString().getBytes("UTF-8"), "UTF-8", FormatType.FORM);
                        try {
                            HttpResponse compatibleGetResponse = CompatibleUrlConnClient.compatibleGetResponse(httpRequest);
                            if (compatibleGetResponse.getStatus() == 200) {
                                return new String(compatibleGetResponse.getHttpContent());
                            }
                            Map map = (Map) new Gson().fromJson(compatibleGetResponse.getHttpContentString(), Map.class);
                            throw new ClientException("AssumeRoleWithOIDC failed: " + String.format("%s(RequestID: %s, Code: %s)", (String) map.get("Message"), (String) map.get("RequestId"), (String) map.get("Code")));
                        } catch (Exception e2) {
                            throw new ClientException(e2);
                        }
                    } catch (UnsupportedEncodingException e3) {
                        throw new ClientException("AssumeRoleWithOIDC failed " + e3.toString());
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e4) {
                            e4.printStackTrace();
                        }
                    }
                    throw th;
                }
            } catch (IOException e5) {
                throw new ClientException("Read OIDC token failed " + e5.toString());
            }
        } catch (UnsupportedEncodingException e6) {
            throw new ClientException("AssumeRoleWithOIDC failed " + e6.toString());
        }
    }
}
