package com.netflix.spinnaker.kork.aws.bastion;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.netflix.spinnaker.kork.aws.bastion.RemoteCredentialsSupport;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/netflix/spinnaker/kork/aws/bastion/BastionCredentialsProvider.class */
public class BastionCredentialsProvider implements AWSCredentialsProvider {
    private static final String CREDENTIALS_BASE_URL = "http://169.254.169.254/latest/meta-data/iam/security-credentials";
    private static final Logger log = LoggerFactory.getLogger(BastionCredentialsProvider.class);
    private final String user;
    private final String host;
    private final Integer port;
    private final String proxyCluster;
    private final String proxyRegion;
    private final String iamRole;
    private Date expiration;
    private AWSCredentials credentials;
    private final SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US);

    public BastionCredentialsProvider(String str, String str2, Integer num, String str3, String str4, String str5) {
        this.user = str == null ? (String) System.getProperties().get("user.name") : str;
        this.host = str2;
        this.port = num;
        this.proxyCluster = str3;
        this.proxyRegion = str4;
        this.iamRole = str5;
    }

    public AWSCredentials getCredentials() {
        if (this.expiration == null || this.expiration.before(new Date())) {
            this.credentials = getRemoteCredentials();
        }
        return this.credentials;
    }

    public void refresh() {
        this.credentials = getRemoteCredentials();
    }

    private AWSCredentials getRemoteCredentials() {
        RemoteCredentialsSupport.RemoteCredentials remoteCredentials = RemoteCredentialsSupport.getRemoteCredentials(String.format("oq-ssh -r %s %s,0 'curl -s %s/%s'", this.proxyRegion, this.proxyCluster, CREDENTIALS_BASE_URL, this.iamRole), this.user, this.host, this.port.intValue());
        try {
            this.expiration = this.format.parse(remoteCredentials.getExpiration());
            return new BasicSessionCredentials(remoteCredentials.getAccessKeyId(), remoteCredentials.getSecretAccessKey(), remoteCredentials.getToken());
        } catch (ParseException e) {
            log.error("Failed to parse credentials expiration {}", remoteCredentials.getExpiration(), e);
            throw new IllegalStateException(e);
        }
    }
}
