package org.mule.extension.sqs.internal.connection.provider;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import org.mule.extension.sqs.internal.connection.provider.group.CommonParameters;
import org.mule.runtime.api.connection.ConnectionException;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.annotation.param.display.Placement;
import org.mule.runtime.extension.api.annotation.param.display.Summary;
import org.mule.sdk.api.annotation.semantics.connectivity.ExcludeFromConnectivitySchema;

@Alias("role")
/* loaded from: input_file:org/mule/extension/sqs/internal/connection/provider/AssumeRoleConnectionProvider.class */
public class AssumeRoleConnectionProvider extends AbstractConnectionProvider {

    @Parameter
    @Summary("The Role ARN unique identifies role to assume in order to gain cross account access.")
    @Placement(order = 1)
    @DisplayName("Role ARN")
    private String roleARN;

    @Optional
    @Parameter
    @Summary("Sets a custom STS endpoint. Useful when a non-standard service endpoint is required, such as a VPC endpoint.")
    @Placement(tab = "Advanced", order = 1)
    @DisplayName("Custom STS Endpoint")
    @ExcludeFromConnectivitySchema
    private String customStsEndpoint;

    @Override // org.mule.extension.sqs.internal.connection.provider.AbstractConnectionProvider
    protected AWSCredentialsProvider getAWSCredentialsProvider(CommonParameters commonParameters) throws ConnectionException {
        try {
            AWSSecurityTokenServiceClientBuilder withCredentials = AWSSecurityTokenServiceClientBuilder.standard().withClientConfiguration(getClientConfiguration()).withCredentials(commonParameters.isTryDefaultAWSCredentialsProviderChain() ? DefaultAWSCredentialsProviderChain.getInstance() : new AWSStaticCredentialsProvider(new BasicAWSCredentials(commonParameters.getAccessKey(), commonParameters.getSecretKey())));
            String replace = commonParameters.getRegion().toLowerCase().replace('_', '-');
            if (this.customStsEndpoint != null) {
                withCredentials.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(this.customStsEndpoint, replace));
            } else {
                withCredentials.withRegion(replace);
            }
            return new STSAssumeRoleSessionCredentialsProvider.Builder(this.roleARN, "WithRoleARN").withStsClient((AWSSecurityTokenService) withCredentials.build()).build();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new ConnectionException(e.getMessage(), e);
        }
    }
}
