package com.simba.athena.iamsupport.model;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.simba.athena.amazonaws.ClientConfiguration;
import com.simba.athena.amazonaws.SdkClientException;
import com.simba.athena.amazonaws.auth.AWSStaticCredentialsProvider;
import com.simba.athena.amazonaws.auth.BasicSessionCredentials;
import com.simba.athena.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.simba.athena.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.simba.athena.amazonaws.auth.profile.ProfilesConfigFile;
import com.simba.athena.amazonaws.auth.profile.internal.BasicProfile;
import com.simba.athena.amazonaws.auth.profile.internal.ProfileStaticCredentialsProvider;
import com.simba.athena.amazonaws.client.builder.AwsClientBuilder;
import com.simba.athena.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.simba.athena.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.simba.athena.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.simba.athena.amazonaws.services.securitytoken.model.Credentials;
import com.simba.athena.amazonaws.util.StringUtils;
import com.simba.athena.iamsupport.IPlugin;
import com.simba.athena.iamsupport.IamSupport;
import com.simba.athena.iamsupport.model.CredentialsHolder;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/simba/athena/iamsupport/model/PluginProfilesConfiguration.class */
public class PluginProfilesConfiguration extends ProfilesConfigFile {
    private static final String CREDENTIAL_PROCESS = "credential_process";
    private Map<String, CredentialsHolder> m_credentialCache = new ConcurrentHashMap();
    private IamSupportSettings m_settings;

    public PluginProfilesConfiguration(IamSupportSettings iamSupportSettings) {
        this.m_settings = iamSupportSettings;
    }

    @Override // com.simba.athena.amazonaws.auth.profile.ProfilesConfigFile
    public CredentialsHolder getCredentials(String str) {
        CredentialsHolder newInstance;
        CredentialsHolder credentialsHolder = this.m_credentialCache.get(str);
        if (credentialsHolder != null && !credentialsHolder.isExpired()) {
            return credentialsHolder;
        }
        BasicProfile basicProfile = getAllBasicProfiles().get(str);
        if (basicProfile == null) {
            throw new SdkClientException("No AWS profile named '" + str + "'");
        }
        if (basicProfile.isRoleBasedProfile()) {
            String roleSourceProfile = basicProfile.getRoleSourceProfile();
            if (null == roleSourceProfile) {
                CredentialsHolder assumeRole = assumeRole(basicProfile, InstanceProfileCredentialsProvider.getInstance());
                this.m_credentialCache.put(str, assumeRole);
                return assumeRole;
            }
            CredentialsHolder credentials = getCredentials(roleSourceProfile);
            CredentialsHolder assumeRole2 = assumeRole(basicProfile, new AWSStaticCredentialsProvider(credentials));
            assumeRole2.setMetadata(credentials.getMetadata());
            this.m_credentialCache.put(str, assumeRole2);
            return assumeRole2;
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String propertyValue = basicProfile.getPropertyValue("plugin_name");
        if (StringUtils.isNullOrEmpty(propertyValue)) {
            propertyValue = basicProfile.getPropertyValue("AwsCredentialsProviderClass");
            if (StringUtils.isNullOrEmpty(propertyValue)) {
                propertyValue = basicProfile.getPropertyValue("aws_credentials_provider_class");
            }
        }
        if (StringUtils.isNullOrEmpty(propertyValue)) {
            newInstance = !StringUtils.isNullOrEmpty(basicProfile.getPropertyValue("credential_process")) ? CredentialsHolder.newInstance(new ProfileCredentialsProvider(str).getCredentials()) : CredentialsHolder.newInstance(new ProfileStaticCredentialsProvider(basicProfile).getCredentials());
        } else {
            try {
                AWSCredentialsProvider aWSCredentialsProvider = (AWSCredentialsProvider) Class.forName(propertyValue).asSubclass(AWSCredentialsProvider.class).newInstance();
                if (aWSCredentialsProvider instanceof IPlugin) {
                    IPlugin iPlugin = (IPlugin) aWSCredentialsProvider;
                    for (Map.Entry<String, String> entry : basicProfile.getProperties().entrySet()) {
                        String lowerCase = entry.getKey().toLowerCase(Locale.getDefault());
                        if (!"plugin_name".equals(lowerCase)) {
                            String value = entry.getValue();
                            iPlugin.addParameter(lowerCase, value);
                            if (IamSupport.DB_USER.equalsIgnoreCase(lowerCase)) {
                                str2 = value;
                            } else if (IamSupport.DB_GROUPS.equalsIgnoreCase(lowerCase)) {
                                str4 = value;
                            } else if (IamSupport.USER_AUTOCREATE.equalsIgnoreCase(lowerCase)) {
                                str3 = value;
                            }
                        }
                    }
                    for (Map.Entry<String, String> entry2 : this.m_settings.m_pluginArgs.entrySet()) {
                        if (!"plugin_name".equals(entry2.getKey().toLowerCase(Locale.getDefault()))) {
                            iPlugin.addParameter(entry2.getKey(), entry2.getValue());
                        }
                    }
                }
                newInstance = CredentialsHolder.newInstance(aWSCredentialsProvider.getCredentials());
            } catch (ClassNotFoundException e) {
                throw new SdkClientException("Invalid plugin: '" + propertyValue + "'");
            } catch (IllegalAccessException e2) {
                throw new SdkClientException("Invalid plugin: '" + propertyValue + "'");
            } catch (InstantiationException e3) {
                throw new SdkClientException("Invalid plugin: '" + propertyValue + "'");
            }
        }
        CredentialsHolder.IamMetadata metadata = newInstance.getMetadata();
        if (null == metadata) {
            metadata = new CredentialsHolder.IamMetadata();
        }
        if (null != str2) {
            metadata.setDbUser(str2);
        }
        if (null != str3) {
            metadata.setAutoCreate(Boolean.valueOf(str3));
        }
        if (null != str4) {
            metadata.setDbGroups(str4);
        }
        newInstance.setMetadata(metadata);
        this.m_credentialCache.put(str, newInstance);
        return newInstance;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private CredentialsHolder assumeRole(BasicProfile basicProfile, AWSCredentialsProvider aWSCredentialsProvider) {
        AWSSecurityTokenServiceClientBuilder standard = AWSSecurityTokenServiceClientBuilder.standard();
        if (!StringUtils.isNullOrEmpty(this.m_settings.m_stsEndpointOverride) && !StringUtils.isNullOrEmpty(this.m_settings.m_awsRegion)) {
            standard.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(this.m_settings.m_stsEndpointOverride, this.m_settings.m_awsRegion));
        } else if (!StringUtils.isNullOrEmpty(this.m_settings.m_awsRegion)) {
            standard.setRegion(this.m_settings.m_awsRegion);
        }
        if (null != this.m_settings.m_proxyHost && !this.m_settings.m_proxyHost.isEmpty()) {
            ClientConfiguration clientConfiguration = new ClientConfiguration();
            clientConfiguration.setProxyHost(this.m_settings.m_proxyHost);
            clientConfiguration.setProxyPort(this.m_settings.m_proxyPort);
            clientConfiguration.setProxyUsername(this.m_settings.m_proxyUid);
            clientConfiguration.setProxyPassword(this.m_settings.m_proxyPwd);
            clientConfiguration.setProxyDomain(this.m_settings.m_proxyDomain);
            clientConfiguration.setProxyWorkstation(this.m_settings.m_proxyWorkstation);
            clientConfiguration.setUserAgent(this.m_settings.m_userAgent);
            standard.setClientConfiguration(clientConfiguration);
        }
        AWSSecurityTokenService build = ((AWSSecurityTokenServiceClientBuilder) standard.withCredentials(aWSCredentialsProvider)).build();
        String roleArn = basicProfile.getRoleArn();
        String roleSessionName = basicProfile.getRoleSessionName();
        if (StringUtils.isNullOrEmpty(roleSessionName)) {
            roleSessionName = this.m_settings.m_defaultRoleSessionNamePrefix + System.currentTimeMillis();
        }
        String roleExternalId = basicProfile.getRoleExternalId();
        AssumeRoleRequest withRoleSessionName = new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName(roleSessionName);
        if (!StringUtils.isNullOrEmpty(roleExternalId)) {
            withRoleSessionName = withRoleSessionName.withExternalId(roleExternalId);
        }
        Credentials credentials = build.assumeRole(withRoleSessionName).getCredentials();
        return CredentialsHolder.newInstance(new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()), credentials.getExpiration());
    }
}
