package org.mule.extension.s3.internal.connection.provider.sts;

import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.stream.Collectors;
import org.mule.extension.s3.api.connection.Role;
import org.mule.extension.s3.internal.error.exception.AssumeRoleException;
import org.mule.extension.s3.internal.error.exception.S3RuntimeException;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.services.sts.StsAsyncClient;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.AssumeRoleResponse;
import software.amazon.awssdk.services.sts.model.PolicyDescriptorType;
import software.amazon.awssdk.services.sts.model.RegionDisabledException;
import software.amazon.awssdk.services.sts.model.Tag;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.Validate;

/* loaded from: input_file:repository/com/mulesoft/connectors/mule-amazon-s3-connector/6.3.8/mule-amazon-s3-connector-6.3.8-mule-plugin.jar:org/mule/extension/s3/internal/connection/provider/sts/RoleCredentialsProvider.class */
public class RoleCredentialsProvider implements AwsCredentialsProvider {
    private final StsAsyncClient stsClient;
    private final Role role;
    private volatile AwsCredentials currentCredentials;

    public RoleCredentialsProvider(StsAsyncClient stsAsyncClient, Role role) {
        this.stsClient = stsAsyncClient;
        this.role = (Role) Validate.notNull(role, "ConsumerRole must not be null.", new Object[0]);
        refreshCredentials();
    }

    public void refreshCredentials() {
        AssumeRoleResponse assumeRole = assumeRole(this.stsClient, this.role);
        this.currentCredentials = AwsSessionCredentials.create(assumeRole.credentials().accessKeyId(), assumeRole.credentials().secretAccessKey(), assumeRole.credentials().sessionToken());
    }

    @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        return this.currentCredentials;
    }

    public String toString() {
        return ToString.builder("StaticCredentialsProvider").add("credentials", this.currentCredentials).build();
    }

    private AssumeRoleResponse assumeRole(StsAsyncClient stsAsyncClient, Role role) {
        try {
            return stsAsyncClient.assumeRole((AssumeRoleRequest) AssumeRoleRequest.builder().durationSeconds(Integer.valueOf(Math.toIntExact(role.getDurationTimeUnit().toSeconds(role.getDuration())))).externalId(role.getExternalId()).policyArns((Collection<PolicyDescriptorType>) Optional.ofNullable(role.getReferredPolicyArns()).filter(list -> {
                return !list.isEmpty();
            }).map(list2 -> {
                return (List) list2.stream().map(str -> {
                    return (PolicyDescriptorType) PolicyDescriptorType.builder().arn(str).mo9542build();
                }).collect(Collectors.toList());
            }).orElse(null)).roleArn(role.getArn()).roleSessionName("mule-s3-connector-role-" + UUID.randomUUID()).tags((Collection<Tag>) Optional.ofNullable(role.getTags()).map(map -> {
                return (List) map.entrySet().stream().map(entry -> {
                    return (Tag) Tag.builder().key((String) entry.getKey()).value((String) entry.getValue()).mo9542build();
                }).collect(Collectors.toList());
            }).orElse(null)).mo9542build()).get();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new S3RuntimeException(e);
        } catch (ExecutionException e2) {
            throw new AssumeRoleException(e2.getCause());
        } catch (RegionDisabledException e3) {
            throw new org.mule.extension.s3.internal.error.exception.RegionDisabledException(e3);
        }
    }
}
