package com.alibabacloud.credentials.plugin.auth;

import com.alibabacloud.credentials.plugin.client.AlibabaClient;
import com.aliyuncs.auth.sts.AssumeRoleResponse;
import com.aliyuncs.exceptions.ClientException;
import com.cloudbees.plugins.credentials.CredentialsDescriptor;
import com.cloudbees.plugins.credentials.CredentialsScope;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.Extension;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.util.Date;
import java.util.UUID;
import jenkins.model.Jenkins;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/alibabacloud/credentials/plugin/auth/AlibabaSessionTokenCredentials.class */
public class AlibabaSessionTokenCredentials extends AlibabaCredentials implements AlibabaCloudRamCredentials {
    private static final long serialVersionUID = -4185406790852698614L;
    private String secretToken;
    private String iamRoleArn;
    private String roleSessionName;
    private Long stsTokenDuration;
    private Long ramRefreshTime;
    private AlibabaCredentials parent;
    public static final String DEFAULT_ECS_REGION = "cn-beijing";
    private static final Logger log = LoggerFactory.getLogger(AlibabaSessionTokenCredentials.class);
    public static final Long STS_CREDENTIALS_DURATION_SECONDS = 3600L;

    @Extension
    /* loaded from: input_file:com/alibabacloud/credentials/plugin/auth/AlibabaSessionTokenCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends CredentialsDescriptor {
        public static final Long DEFAULT_STS_TOKEN_DURATION = AlibabaSessionTokenCredentials.STS_CREDENTIALS_DURATION_SECONDS;

        public String getDisplayName() {
            return "Alibaba SessionToken Cloud Credentials";
        }

        public ACL getACL() {
            return Jenkins.get().getACL();
        }

        @RequirePOST
        public FormValidation doCheckParentSecretKey(@QueryParameter("parentAccessKey") String str, @QueryParameter("iamRoleArn") String str2, @QueryParameter("roleSessionName") String str3, @QueryParameter("stsTokenDuration") Long l, @QueryParameter String str4) {
            if (!getACL().hasPermission(Permission.CREATE) && !getACL().hasPermission(Permission.UPDATE)) {
                return FormValidation.error("permission is error");
            }
            if (StringUtils.isBlank(str) && StringUtils.isBlank(str4)) {
                return FormValidation.ok();
            }
            if (StringUtils.isBlank(str)) {
                return FormValidation.error("Illegal Access Key");
            }
            if (StringUtils.isBlank(str4)) {
                return FormValidation.error("Illegal Secret Key");
            }
            AlibabaClient alibabaClient = new AlibabaClient(new AlibabaCredentials(str, str4), "cn-beijing", false);
            if (!StringUtils.isBlank(str2)) {
                try {
                    AssumeRoleResponse createAssumeRoleRequest = alibabaClient.createAssumeRoleRequest(str2, str3, l);
                    alibabaClient = new AlibabaClient(new AlibabaSessionTokenCredentials(createAssumeRoleRequest.getCredentials().getAccessKeyId(), createAssumeRoleRequest.getCredentials().getAccessKeySecret(), createAssumeRoleRequest.getCredentials().getSecurityToken()), "cn-beijing", false);
                } catch (Exception e) {
                    AlibabaSessionTokenCredentials.log.error("Unable to assume role [" + str2 + "] with request。" + e);
                    return FormValidation.error("Unable to assume role [" + str2 + "] with request。" + e);
                }
            }
            return CollectionUtils.isEmpty(alibabaClient.describeRegions()) ? FormValidation.error("Illegal ak/sk") : FormValidation.ok();
        }
    }

    public AlibabaSessionTokenCredentials(String str, String str2, String str3) {
        super(CredentialsScope.GLOBAL, UUID.randomUUID().toString(), "test");
        this.accessKey = str;
        this.secretKey = Secret.fromString(str2);
        this.secretToken = str3;
    }

    @DataBoundConstructor
    public AlibabaSessionTokenCredentials(@CheckForNull CredentialsScope credentialsScope, @CheckForNull String str, @CheckForNull String str2, @CheckForNull String str3, @CheckForNull String str4, @CheckForNull String str5, @CheckForNull String str6, @CheckForNull Long l) {
        super(credentialsScope, str, str4);
        this.parent = new AlibabaCredentials(str2, str3);
        this.iamRoleArn = str5;
        this.roleSessionName = str6;
        this.stsTokenDuration = l;
        readResolve();
    }

    protected Object readResolve() {
        try {
            AssumeRoleResponse createAssumeRoleRequest = new AlibabaClient(this.parent, "cn-beijing", false).createAssumeRoleRequest(this.iamRoleArn, this.roleSessionName, this.stsTokenDuration);
            this.accessKey = createAssumeRoleRequest.getCredentials().getAccessKeyId();
            this.secretKey = Secret.fromString(createAssumeRoleRequest.getCredentials().getAccessKeySecret());
            this.secretToken = createAssumeRoleRequest.getCredentials().getSecurityToken();
            this.ramRefreshTime = getCurrentTime();
        } catch (ClientException e) {
            log.error("createAssumeRoleRequest error, e:{}", ExceptionUtils.getStackTrace(e));
        }
        return this;
    }

    public String getParentAccessKey() {
        return this.parent.getAccessKeyId();
    }

    public String getParentSecretKey() {
        return this.parent.getAccessKeySecret();
    }

    public Long getCurrentTime() {
        return Long.valueOf(new Date().getTime() / 1000);
    }

    public Long getRamRefreshTime() {
        return this.ramRefreshTime;
    }

    public void setSecretToken(String str) {
        this.secretToken = str;
    }

    public String getIamRoleArn() {
        return this.iamRoleArn;
    }

    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    public Long getStsTokenDuration() {
        return this.stsTokenDuration == null ? DescriptorImpl.DEFAULT_STS_TOKEN_DURATION : this.stsTokenDuration;
    }

    public AlibabaCredentials getParent() {
        return this.parent;
    }

    @Override // com.alibabacloud.credentials.plugin.auth.AlibabaCloudRamCredentials
    public String getSecretToken() {
        return this.secretToken;
    }
}
