package io.awspring.cloud.autoconfigure.core;

import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.context.annotation.Bean;
import org.springframework.lang.Nullable;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.regions.providers.AwsRegionProvider;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.auth.StsWebIdentityTokenFileCredentialsProvider;

@EnableConfigurationProperties({CredentialsProperties.class})
@AutoConfiguration
@ConditionalOnClass({AwsCredentialsProvider.class, ProfileFile.class})
@ConditionalOnMissingBean({AwsCredentialsProvider.class})
/* loaded from: input_file:io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration.class */
public class CredentialsProviderAutoConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(CredentialsProviderAutoConfiguration.class);
    private static final String STS_WEB_IDENTITY_TOKEN_FILE_CREDENTIALS_PROVIDER = "software.amazon.awssdk.services.sts.auth.StsWebIdentityTokenFileCredentialsProvider";
    private final CredentialsProperties properties;
    private final AwsRegionProvider regionProvider;
    private final ObjectProvider<AwsConnectionDetails> connectionDetails;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration$StsCredentialsProviderFactory.class */
    public static class StsCredentialsProviderFactory {
        private StsCredentialsProviderFactory() {
        }

        private static AwsCredentialsProvider create(@Nullable StsProperties stsProperties, AwsRegionProvider awsRegionProvider) {
            PropertyMapper propertyMapper = PropertyMapper.get();
            StsWebIdentityTokenFileCredentialsProvider.Builder stsClient = StsWebIdentityTokenFileCredentialsProvider.builder().stsClient((StsClient) StsClient.builder().credentialsProvider(AnonymousCredentialsProvider.create()).region(awsRegionProvider.getRegion()).build());
            if (stsProperties != null) {
                stsClient.asyncCredentialUpdateEnabled(Boolean.valueOf(stsProperties.isAsyncCredentialsUpdate()));
                Objects.requireNonNull(stsProperties);
                PropertyMapper.Source whenNonNull = propertyMapper.from(stsProperties::getRoleArn).whenNonNull();
                Objects.requireNonNull(stsClient);
                whenNonNull.to(stsClient::roleArn);
                Objects.requireNonNull(stsProperties);
                propertyMapper.from(stsProperties::getWebIdentityTokenFile).whenNonNull().to(str -> {
                    stsClient.webIdentityTokenFile(Paths.get(str, new String[0]));
                });
                Objects.requireNonNull(stsProperties);
                PropertyMapper.Source whenNonNull2 = propertyMapper.from(stsProperties::getRoleSessionName).whenNonNull();
                Objects.requireNonNull(stsClient);
                whenNonNull2.to(stsClient::roleSessionName);
            }
            return stsClient.build();
        }
    }

    public CredentialsProviderAutoConfiguration(CredentialsProperties credentialsProperties, AwsRegionProvider awsRegionProvider, ObjectProvider<AwsConnectionDetails> objectProvider) {
        this.properties = credentialsProperties;
        this.regionProvider = awsRegionProvider;
        this.connectionDetails = objectProvider;
    }

    @Bean
    public AwsCredentialsProvider credentialsProvider() {
        return createCredentialsProvider(this.properties, this.regionProvider, (AwsConnectionDetails) this.connectionDetails.getIfAvailable());
    }

    public static AwsCredentialsProvider createCredentialsProvider(CredentialsProperties credentialsProperties, AwsRegionProvider awsRegionProvider) {
        return createCredentialsProvider(credentialsProperties, awsRegionProvider, null);
    }

    public static AwsCredentialsProvider createCredentialsProvider(CredentialsProperties credentialsProperties, AwsRegionProvider awsRegionProvider, @Nullable AwsConnectionDetails awsConnectionDetails) {
        ArrayList arrayList = new ArrayList();
        if (awsConnectionDetails != null && StringUtils.hasText(awsConnectionDetails.getAccessKey()) && StringUtils.hasText(awsConnectionDetails.getSecretKey())) {
            arrayList.add(createStaticCredentialsProvider(awsConnectionDetails));
        }
        if (StringUtils.hasText(credentialsProperties.getAccessKey()) && StringUtils.hasText(credentialsProperties.getSecretKey())) {
            arrayList.add(createStaticCredentialsProvider(credentialsProperties));
        }
        if (credentialsProperties.isInstanceProfile()) {
            arrayList.add(InstanceProfileCredentialsProvider.create());
        }
        Profile profile = credentialsProperties.getProfile();
        if (profile != null && profile.getName() != null) {
            arrayList.add(createProfileCredentialProvider(profile));
        }
        StsProperties sts = credentialsProperties.getSts();
        if (ClassUtils.isPresent(STS_WEB_IDENTITY_TOKEN_FILE_CREDENTIALS_PROVIDER, (ClassLoader) null)) {
            try {
                arrayList.add(StsCredentialsProviderFactory.create(sts, awsRegionProvider));
            } catch (IllegalStateException e) {
                LOGGER.warn("Skipping creating `StsCredentialsProvider`. `software.amazon.awssdk:sts` is on the classpath, but neither `spring.cloud.aws.credentials.sts` properties are configured nor `AWS_WEB_IDENTITY_TOKEN_FILE` or the javaproperty `aws.webIdentityTokenFile` is set");
            }
        }
        return arrayList.isEmpty() ? DefaultCredentialsProvider.create() : arrayList.size() == 1 ? (AwsCredentialsProvider) arrayList.get(0) : AwsCredentialsProviderChain.builder().credentialsProviders(arrayList).build();
    }

    private static StaticCredentialsProvider createStaticCredentialsProvider(CredentialsProperties credentialsProperties) {
        return StaticCredentialsProvider.create(AwsBasicCredentials.create(credentialsProperties.getAccessKey(), credentialsProperties.getSecretKey()));
    }

    private static StaticCredentialsProvider createStaticCredentialsProvider(AwsConnectionDetails awsConnectionDetails) {
        return StaticCredentialsProvider.create(AwsBasicCredentials.create(awsConnectionDetails.getAccessKey(), awsConnectionDetails.getSecretKey()));
    }

    private static ProfileCredentialsProvider createProfileCredentialProvider(Profile profile) {
        return ProfileCredentialsProvider.builder().profileName(profile.getName()).profileFile(profile.getPath() != null ? ProfileFile.builder().type(ProfileFile.Type.CREDENTIALS).content(Paths.get(profile.getPath(), new String[0])).build() : ProfileFile.defaultProfileFile()).build();
    }
}
