package com.ge.research.semtk.aws;

import com.ge.research.semtk.utility.LocalLogger;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import org.apache.commons.cli.HelpFormatter;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Credentials;

/* loaded from: input_file:BOOT-INF/lib/sparqlGraphLibrary-2.2.2.jar:com/ge/research/semtk/aws/SemtkAwsCredentialsProviderBuilder.class */
public class SemtkAwsCredentialsProviderBuilder {
    private static String awsArnRole = null;
    private static StaticCredentialsProvider lastProvider = null;
    private static Date expirationDate = null;
    private static String token = null;
    static final String SECURITY_CREDENTIALS_URL = "http://169.254.169.254/latest/meta-data/iam/security-credentials";

    public static void tryMe() {
        AssumeRoleRequest assumeRoleRequest = (AssumeRoleRequest) AssumeRoleRequest.builder().roleArn("bu-pw-teds-athena").mo11615build();
        StsClient create = StsClient.create();
        create.assumeRole(assumeRoleRequest);
        Credentials credentials = create.getSessionToken().credentials();
        LocalLogger.logToStdOut("TryMe: " + credentials.accessKeyId() + HelpFormatter.DEFAULT_LONG_OPT_PREFIX + credentials.secretAccessKey() + "==" + credentials.sessionToken());
        create.close();
    }

    public static StaticCredentialsProvider getAWSCredentialsProvider() throws Exception {
        if (lastProvider == null) {
            retrieveAWSArnRole();
            if (awsArnRole.isEmpty()) {
                try {
                    lastProvider = StaticCredentialsProvider.create(InstanceProfileCredentialsProvider.create().resolveCredentials());
                } catch (Exception e) {
                    lastProvider = StaticCredentialsProvider.create(DefaultCredentialsProvider.create().resolveCredentials());
                }
            } else {
                lastProvider = StaticCredentialsProvider.create(getTemporaryCredentials(awsArnRole));
            }
        } else if (expirationDate != null && expirationDate.getTime() - Calendar.getInstance().getTime().getTime() < 60000) {
            lastProvider = StaticCredentialsProvider.create(getTemporaryCredentials(awsArnRole));
        }
        return lastProvider;
    }

    private static AwsSessionCredentials getTemporaryCredentials(String str) throws Exception {
        CloseableHttpResponse execute = HttpClients.createDefault().execute((HttpUriRequest) new HttpGet("http://169.254.169.254/latest/meta-data/iam/security-credentials/" + str));
        if (execute.getStatusLine().getStatusCode() != 200) {
            throw new Exception("Error retrieving temporary credentials: " + execute.getStatusLine());
        }
        try {
            HttpEntity entity = execute.getEntity();
            JSONObject jSONObject = (JSONObject) new JSONParser().parse(EntityUtils.toString(entity, "UTF-8"));
            String str2 = (String) jSONObject.get("AccessKeyId");
            String str3 = (String) jSONObject.get("SecretAccessKey");
            token = (String) jSONObject.get(DelegationTokenAuthenticator.DELEGATION_TOKEN_JSON);
            expirationDate = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").parse((String) jSONObject.get("Expiration"));
            AwsSessionCredentials create = AwsSessionCredentials.create(str2, str3, token);
            EntityUtils.consume(entity);
            execute.close();
            return create;
        } catch (Throwable th) {
            execute.close();
            throw th;
        }
    }

    private static void retrieveAWSArnRole() throws Exception {
        awsArnRole = "";
        CloseableHttpResponse execute = HttpClients.createDefault().execute((HttpUriRequest) new HttpGet(SECURITY_CREDENTIALS_URL));
        try {
            if (execute.getStatusLine().getStatusCode() == 200) {
                HttpEntity entity = execute.getEntity();
                String entityUtils = EntityUtils.toString(entity, "UTF-8");
                if (entityUtils != null && !entityUtils.isEmpty()) {
                    String[] split = entityUtils.split("[ \t\n]+");
                    if (split.length > 1) {
                        throw new Exception("Did not recieve a single role from the credentials provider.  response: " + entityUtils);
                    }
                    if (split.length == 1) {
                        awsArnRole = split[0];
                    }
                }
                EntityUtils.consume(entity);
            }
        } finally {
            execute.close();
        }
    }
}
