package com.alibabacloud.credentials.plugin.util;

import com.alibaba.fastjson.JSON;
import com.alibabacloud.credentials.plugin.auth.AlibabaCredentials;
import com.alibabacloud.credentials.plugin.auth.AlibabaSessionTokenCredentials;
import com.aliyuncs.auth.AlibabaCloudCredentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.domains.Domain;
import hudson.security.ACL;
import java.io.IOException;
import java.util.Collections;
import javax.annotation.CheckForNull;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/alibabacloud/credentials/plugin/util/CredentialsHelper.class */
public class CredentialsHelper {
    private static final Logger log = LoggerFactory.getLogger(CredentialsHelper.class);
    private static final Long REFRESH_THRESHOLD_TIME = 300L;

    @CheckForNull
    public static AlibabaCredentials getCredentials(@CheckForNull String str) {
        if (StringUtils.isBlank(str)) {
            log.warn("getCredentials credentialsId is null, credentialsId:{}", str);
            return null;
        }
        AlibabaCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AlibabaCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        if (firstOrNull == null) {
            log.warn("getCredentials alibabaCredentials is null, credentialsId:{}", str);
            return null;
        }
        if (isSessionTokenCredentials(firstOrNull)) {
            if (isRamTokenExpired((AlibabaSessionTokenCredentials) firstOrNull)) {
                return firstOrNull;
            }
            if (refreshRamCredentials((AlibabaSessionTokenCredentials) firstOrNull)) {
                log.info("refresh success. credentialsId: {}", str);
            } else {
                log.warn("refresh failed. credentialsId: {}", str);
            }
        }
        return firstOrNull;
    }

    public static boolean isSessionTokenCredentials(AlibabaCloudCredentials alibabaCloudCredentials) {
        return alibabaCloudCredentials instanceof AlibabaSessionTokenCredentials;
    }

    public static boolean isRamTokenExpired(AlibabaSessionTokenCredentials alibabaSessionTokenCredentials) {
        Long ramRefreshTime = alibabaSessionTokenCredentials.getRamRefreshTime();
        if (alibabaSessionTokenCredentials.getCurrentTime().longValue() - ramRefreshTime.longValue() > alibabaSessionTokenCredentials.getStsTokenDuration().longValue() - REFRESH_THRESHOLD_TIME.longValue()) {
            return false;
        }
        log.warn("isRamTokenExpired error, regions isEmpty credentialsId:{}", alibabaSessionTokenCredentials.getId());
        return true;
    }

    public static boolean refreshRamCredentials(AlibabaSessionTokenCredentials alibabaSessionTokenCredentials) {
        AlibabaCredentials parent = alibabaSessionTokenCredentials.getParent();
        if (parent == null) {
            log.error("refreshRamCredentials error, getParent not found, sessionTokenCredentials:{}", JSON.toJSON(alibabaSessionTokenCredentials));
            return false;
        }
        try {
            AlibabaSessionTokenCredentials alibabaSessionTokenCredentials2 = new AlibabaSessionTokenCredentials(alibabaSessionTokenCredentials.getScope(), alibabaSessionTokenCredentials.getId(), parent.getAccessKeyId(), parent.getAccessKeySecret(), alibabaSessionTokenCredentials.getDescription(), alibabaSessionTokenCredentials.getIamRoleArn(), alibabaSessionTokenCredentials.getRoleSessionName(), alibabaSessionTokenCredentials.getStsTokenDuration());
            updateCredentials(alibabaSessionTokenCredentials, alibabaSessionTokenCredentials2);
            alibabaSessionTokenCredentials.setAccessKey(alibabaSessionTokenCredentials2.getAccessKeyId());
            alibabaSessionTokenCredentials.setSecretKey(alibabaSessionTokenCredentials2.getAccessKeySecret());
            alibabaSessionTokenCredentials.setSecretToken(alibabaSessionTokenCredentials2.getSecretToken());
            return true;
        } catch (IOException e) {
            log.error("refreshRamCredentials error, credentialsId:{}, e:{}", alibabaSessionTokenCredentials.getId(), ExceptionUtils.getStackTrace(e));
            return false;
        }
    }

    private static void updateCredentials(AlibabaSessionTokenCredentials alibabaSessionTokenCredentials, AlibabaSessionTokenCredentials alibabaSessionTokenCredentials2) throws IOException {
        new SystemCredentialsProvider.StoreImpl().updateCredentials(Domain.global(), alibabaSessionTokenCredentials, alibabaSessionTokenCredentials2);
    }
}
