package com.alipay.easysdk.kms.aliyun.credentials.provider;

import com.alipay.easysdk.kms.aliyun.credentials.BasicSessionCredentials;
import com.alipay.easysdk.kms.aliyun.credentials.ICredentials;
import com.alipay.easysdk.kms.aliyun.credentials.exceptions.CredentialException;
import com.alipay.easysdk.kms.aliyun.credentials.http.CompatibleUrlConnClient;
import com.alipay.easysdk.kms.aliyun.credentials.http.HttpRequest;
import com.alipay.easysdk.kms.aliyun.credentials.http.HttpResponse;
import com.alipay.easysdk.kms.aliyun.credentials.http.MethodType;
import com.alipay.easysdk.kms.aliyun.credentials.utils.HmacSHA1Signer;
import com.alipay.easysdk.kms.aliyun.credentials.utils.ParameterUtils;
import com.amazonaws.auth.policy.internal.JsonDocumentFields;
import com.google.gson.Gson;
import java.util.Map;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:BOOT-INF/lib/alipay-easysdk-2.2.2.jar:com/alipay/easysdk/kms/aliyun/credentials/provider/RamRoleArnCredentialsProvider.class */
public class RamRoleArnCredentialsProvider implements ICredentialsProvider {
    public static final int DEFAULT_DURATION_SECONDS = 3600;
    private static final int DEFAULT_TIMEOUT_IN_MILLISECONDS = 5000;
    private static final String DEFAULT_STS_ENDPOINT = "sts.aliyuncs.com";
    private final String roleArn;
    private final String roleSessionName;
    private final String accessKeyId;
    private final String accessKeySecret;
    private final String stsEndpoint;
    private String policy;
    private Integer connectTimeout;
    private Integer readTimeout;
    private BasicSessionCredentials credential;

    public RamRoleArnCredentialsProvider(String str, String str2, String str3) {
        this.credential = null;
        this.roleArn = str3;
        this.accessKeyId = str;
        this.accessKeySecret = str2;
        this.roleSessionName = getNewRoleSessionName();
        this.stsEndpoint = DEFAULT_STS_ENDPOINT;
        this.connectTimeout = 5000;
        this.readTimeout = 10000;
    }

    public RamRoleArnCredentialsProvider(String str, String str2, String str3, String str4) {
        this(str, str2, str3);
        this.policy = str4;
    }

    public RamRoleArnCredentialsProvider withConnectionTimeout(int i) {
        this.connectTimeout = Integer.valueOf(i);
        this.readTimeout = Integer.valueOf(i * 2);
        return this;
    }

    public static String getNewRoleSessionName() {
        return "kms-credentials-" + System.currentTimeMillis();
    }

    @Override // com.alipay.easysdk.kms.aliyun.credentials.provider.ICredentialsProvider
    public ICredentials getCredentials() throws Exception {
        if (this.credential == null || this.credential.willSoonExpire()) {
            this.credential = getNewSessionCredential(new CompatibleUrlConnClient());
        }
        return this.credential;
    }

    public BasicSessionCredentials getNewSessionCredential(CompatibleUrlConnClient compatibleUrlConnClient) throws Exception {
        ParameterUtils parameterUtils = new ParameterUtils();
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setUrlParameter(JsonDocumentFields.ACTION, "AssumeRole");
        httpRequest.setUrlParameter("Format", "JSON");
        httpRequest.setUrlParameter("Version", "2015-04-01");
        httpRequest.setUrlParameter("DurationSeconds", String.valueOf(3600));
        httpRequest.setUrlParameter("RoleArn", this.roleArn);
        httpRequest.setUrlParameter("AccessKeyId", this.accessKeyId);
        httpRequest.setUrlParameter("RoleSessionName", this.roleSessionName);
        if (this.policy != null) {
            httpRequest.setUrlParameter("Policy", this.policy);
        }
        httpRequest.setMethod(MethodType.GET);
        httpRequest.setConnectTimeout(this.connectTimeout);
        httpRequest.setReadTimeout(this.readTimeout);
        httpRequest.setUrlParameter("Signature", HmacSHA1Signer.signString(parameterUtils.composeStringToSign(MethodType.GET, httpRequest.getUrlParameters()), this.accessKeySecret + BeanFactory.FACTORY_BEAN_PREFIX));
        httpRequest.setUrl(parameterUtils.composeUrl(this.stsEndpoint, httpRequest.getUrlParameters(), "https"));
        HttpResponse syncInvoke = compatibleUrlConnClient.syncInvoke(httpRequest);
        Gson gson = new Gson();
        Map map = (Map) gson.fromJson(syncInvoke.getHttpContentString(), Map.class);
        if (!map.containsKey("Credentials")) {
            throw new CredentialException(gson.toJson(map));
        }
        Map map2 = (Map) map.get("Credentials");
        return new BasicSessionCredentials((String) map2.get("AccessKeyId"), (String) map2.get("AccessKeySecret"), (String) map2.get("SecurityToken"), Long.valueOf(ParameterUtils.getUTCDate((String) map2.get("Expiration")).getTime()));
    }
}
