package com.netflix.genie.web.util;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import java.util.UUID;
import javax.annotation.Nullable;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/netflix/genie/web/util/S3ClientFactory.class */
public class S3ClientFactory {
    private static final Logger log = LoggerFactory.getLogger(S3ClientFactory.class);
    private final AWSCredentialsProvider awsCredentialsProvider;
    private final ClientConfiguration awsClientConfiguration;
    private final String awsRegion;
    private final boolean assumeRole;
    private final String roleArn;
    private final AmazonS3 defaultS3Client;

    public S3ClientFactory(@NotNull AWSCredentialsProvider aWSCredentialsProvider, @NotNull ClientConfiguration clientConfiguration, @NotNull String str, @Nullable String str2) {
        this.awsCredentialsProvider = aWSCredentialsProvider;
        this.awsClientConfiguration = clientConfiguration;
        this.awsRegion = str;
        this.roleArn = str2;
        this.assumeRole = StringUtils.isNotBlank(this.roleArn);
        this.defaultS3Client = (AmazonS3) AmazonS3ClientBuilder.standard().withCredentials(aWSCredentialsProvider).withClientConfiguration(clientConfiguration).withRegion(this.awsRegion).build();
    }

    public AmazonS3 getS3Client() {
        if (!this.assumeRole) {
            return this.defaultS3Client;
        }
        Credentials credentials = ((AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(this.awsCredentialsProvider).withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build()).assumeRole(new AssumeRoleRequest().withRoleArn(this.roleArn).withRoleSessionName("Genie-" + UUID.randomUUID().toString())).getCredentials();
        return (AmazonS3) AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()))).withClientConfiguration(this.awsClientConfiguration).withRegion(this.awsRegion).build();
    }
}
