package com.mulesoft.connectors.awslambda.internal.amazon.client;

import com.mulesoft.connectivity.rest.commons.internal.util.RestRequestBuilder;
import com.mulesoft.connectors.awslambda.internal.amazon.AwsCredentials;
import com.mulesoft.connectors.awslambda.internal.amazon.AwsHttpRequest;
import com.mulesoft.connectors.awslambda.internal.amazon.AwsRoleCredentials;
import com.mulesoft.connectors.awslambda.internal.amazon.AwsSignature;
import com.mulesoft.connectors.awslambda.internal.error.exception.AwsClientException;
import com.mulesoft.connectors.awslambda.internal.model.AssumeRoleResponse;
import java.io.IOException;
import java.time.LocalDateTime;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeoutException;
import org.json.JSONObject;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.client.HttpClient;
import org.mule.runtime.http.api.client.HttpRequestOptions;
import org.mule.runtime.http.api.domain.message.request.HttpRequest;
import org.mule.runtime.http.api.domain.message.response.HttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connectors/awslambda/internal/amazon/client/AwsStsHttpClient.class */
public class AwsStsHttpClient implements HttpClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(AwsStsHttpClient.class);
    private static final String SERVICE_NAME_STS = "sts";
    private static final String ASSUME_ROLE_RESPONSE_KEY = "AssumeRoleResponse";
    private final HttpClient httpClient;
    private final String service;
    private final AwsCredentials credentials;
    private AwsRoleCredentials roleCredentials;
    private HttpRequest assumeRoleRequestBase;
    private LocalDateTime expiration = LocalDateTime.MIN;

    public AwsStsHttpClient(HttpClient httpClient, String str, AwsCredentials awsCredentials, String str2) {
        this.service = str.toLowerCase();
        this.credentials = awsCredentials;
        this.httpClient = httpClient;
        this.assumeRoleRequestBase = new RestRequestBuilder(String.format("https://sts.%s.amazonaws.com/", awsCredentials.getRegion()), "", HttpConstants.Method.GET).addQueryParam("Version", "2011-06-15").addQueryParam("Action", "AssumeRole").addQueryParam("RoleSessionName", UUID.randomUUID().toString()).addQueryParam("RoleArn", str2).addHeader("accept", "application/json").build();
    }

    public void start() {
        this.httpClient.start();
    }

    public void stop() {
        this.httpClient.stop();
    }

    public void updateCredentials() {
        if (LocalDateTime.now().plusMinutes(5L).isAfter(this.expiration)) {
            LOGGER.debug("Refreshing Role credentials...");
            AwsHttpRequest awsHttpRequest = new AwsHttpRequest(this.assumeRoleRequestBase);
            awsHttpRequest.sign(new AwsSignature(awsHttpRequest, SERVICE_NAME_STS, this.credentials));
            try {
                JSONObject jSONObject = new JSONObject(new String(this.httpClient.send(awsHttpRequest, HttpRequestOptions.builder().build()).getEntity().getBytes()));
                if (!jSONObject.has(ASSUME_ROLE_RESPONSE_KEY)) {
                    if (!jSONObject.has("Error")) {
                        throw new AwsClientException("Unexpected response:" + jSONObject.toString());
                    }
                    throw new AwsClientException(jSONObject.getJSONObject("Error").getString("Message"));
                }
                AssumeRoleResponse.AssumeRoleResult.Credentials credentials = new AssumeRoleResponse(jSONObject.getJSONObject(ASSUME_ROLE_RESPONSE_KEY)).getResult().getCredentials();
                this.expiration = credentials.getExpiration();
                this.roleCredentials = new AwsRoleCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken(), this.credentials.getRegion());
            } catch (IOException e) {
                throw new AwsClientException("Failed to get temporary credentials", e);
            } catch (TimeoutException e2) {
                throw new AwsClientException("The STS server is not responding", e2);
            }
        }
    }

    public HttpResponse send(HttpRequest httpRequest, HttpRequestOptions httpRequestOptions) throws IOException, TimeoutException {
        updateCredentials();
        AwsHttpRequest awsHttpRequest = new AwsHttpRequest(httpRequest);
        awsHttpRequest.sign(new AwsSignature(awsHttpRequest, this.service, this.roleCredentials), this.roleCredentials.getSecurityToken());
        return this.httpClient.send(awsHttpRequest, httpRequestOptions);
    }

    public CompletableFuture<HttpResponse> sendAsync(HttpRequest httpRequest, HttpRequestOptions httpRequestOptions) {
        updateCredentials();
        AwsHttpRequest awsHttpRequest = new AwsHttpRequest(httpRequest);
        awsHttpRequest.sign(new AwsSignature(awsHttpRequest, this.service, this.roleCredentials), this.roleCredentials.getSecurityToken());
        return this.httpClient.sendAsync(awsHttpRequest, httpRequestOptions);
    }
}
