package com.alipay.api.kms.aliyun.credentials.provider;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alipay.api.kms.aliyun.credentials.BasicSessionCredentials;
import com.alipay.api.kms.aliyun.credentials.ICredentials;
import com.alipay.api.kms.aliyun.credentials.exceptions.CredentialsException;
import com.alipay.api.kms.aliyun.http.CompatibleUrlConnClient;
import com.alipay.api.kms.aliyun.http.HttpRequest;
import com.alipay.api.kms.aliyun.http.MethodType;
import com.alipay.api.kms.aliyun.utils.HmacSHA1Signer;
import com.alipay.api.kms.aliyun.utils.ParameterUtils;
import com.amazonaws.auth.policy.internal.JsonDocumentFields;

/* loaded from: input_file:BOOT-INF/lib/alipay-sdk-java-4.17.9.ALL.jar:com/alipay/api/kms/aliyun/credentials/provider/RamRoleArnCredentialsProvider.class */
public class RamRoleArnCredentialsProvider implements ICredentialsProvider {
    private static final int DEFAULT_DURATION_SECONDS = 3600;
    private static final int DEFAULT_TIMEOUT_IN_MILLISECONDS = 5000;
    private static final String DEFAULT_STS_ENDPOINT = "sts.aliyuncs.com";
    private final String roleArn;
    private final String roleSessionName;
    private final String accessKeyId;
    private final String accessKeySecret;
    private final String stsEndpoint;
    private String policy;
    private Integer connectTimeout;
    private Integer readTimeout;
    private BasicSessionCredentials credential;

    public RamRoleArnCredentialsProvider(String str, String str2, String str3, String str4) {
        this.credential = null;
        this.roleArn = str3;
        this.accessKeyId = str;
        this.accessKeySecret = str2;
        this.roleSessionName = str4;
        this.stsEndpoint = DEFAULT_STS_ENDPOINT;
        this.connectTimeout = 5000;
        this.readTimeout = 5000;
    }

    public RamRoleArnCredentialsProvider(String str, String str2, String str3, String str4, String str5) {
        this(str, str2, str3, str4);
        this.policy = str5;
    }

    @Override // com.alipay.api.kms.aliyun.credentials.provider.ICredentialsProvider
    public ICredentials getCredentials() throws Exception {
        if (this.credential == null || this.credential.willSoonExpire()) {
            this.credential = getNewSessionCredential(new CompatibleUrlConnClient());
        }
        return this.credential;
    }

    public BasicSessionCredentials getNewSessionCredential(CompatibleUrlConnClient compatibleUrlConnClient) throws Exception {
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setUrlParameter(JsonDocumentFields.ACTION, "AssumeRole");
        httpRequest.setUrlParameter("Format", "JSON");
        httpRequest.setUrlParameter("Version", "2015-04-01");
        httpRequest.setUrlParameter("DurationSeconds", String.valueOf(3600));
        httpRequest.setUrlParameter("RoleArn", this.roleArn);
        httpRequest.setUrlParameter("AccessKeyId", this.accessKeyId);
        httpRequest.setUrlParameter("RoleSessionName", this.roleSessionName);
        if (this.policy != null) {
            httpRequest.setUrlParameter("Policy", this.policy);
        }
        httpRequest.setMethod(MethodType.GET);
        httpRequest.setConnectTimeout(this.connectTimeout);
        httpRequest.setReadTimeout(this.readTimeout);
        httpRequest.setUrlParameter("Signature", HmacSHA1Signer.signString(ParameterUtils.composeStringToSign(MethodType.GET, httpRequest.getUrlParameters()), this.accessKeySecret + "&"));
        httpRequest.setUrl(ParameterUtils.composeUrl(this.stsEndpoint, httpRequest.getUrlParameters(), "https"));
        JSONObject parseObject = JSON.parseObject(compatibleUrlConnClient.syncInvoke(httpRequest).getHttpContentString());
        if (!parseObject.containsKey("Credentials")) {
            throw new CredentialsException(JSON.toJSONString(parseObject));
        }
        JSONObject jSONObject = parseObject.getJSONObject("Credentials");
        return new BasicSessionCredentials(jSONObject.getString("AccessKeyId"), jSONObject.getString("AccessKeySecret"), jSONObject.getString("SecurityToken"), Long.valueOf(ParameterUtils.getUTCDate(jSONObject.getString("Expiration")).getTime()));
    }

    public Integer getConnectTimeout() {
        return this.connectTimeout;
    }

    public void setConnectTimeout(Integer num) {
        this.connectTimeout = num;
    }

    public Integer getReadTimeout() {
        return this.readTimeout;
    }

    public void setReadTimeout(Integer num) {
        this.readTimeout = num;
    }
}
