package org.apache.brooklyn.location.jclouds;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import java.io.IOException;
import java.net.URL;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.apache.brooklyn.util.core.config.ConfigBag;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.compute.ComputeService;
import org.jclouds.domain.Credentials;

/* loaded from: input_file:org/apache/brooklyn/location/jclouds/AwsEc2SessionAwareComputeServiceRegistry.class */
public class AwsEc2SessionAwareComputeServiceRegistry extends AbstractComputeServiceRegistry implements ComputeServiceRegistry, AwsEc2SessionAwareLocationConfig {
    public static final String ACCESS_KEY_ID = "AccessKeyId";
    public static final String SECRET_ACCESS_KEY = "SecretAccessKey";
    public static final String TOKEN = "Token";
    public static final String EXPIRATION = "Expiration";
    public static final String AWS_SECURITY_CREDENTIAL_URL = "http://169.254.169.254/latest/meta-data/iam/security-credentials";
    public static final String AWS_EXPIRATION_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";

    @Override // org.apache.brooklyn.location.jclouds.AbstractComputeServiceRegistry, org.apache.brooklyn.location.jclouds.ComputeServiceRegistry
    public ComputeService findComputeService(ConfigBag configBag, boolean z) {
        return super.findComputeService(configBag, false);
    }

    @Override // org.apache.brooklyn.location.jclouds.AbstractComputeServiceRegistry
    protected Supplier<Credentials> makeCredentials(ConfigBag configBag) {
        String str = null;
        String str2 = null;
        String str3 = null;
        Date date = null;
        String providerFromConfig = getProviderFromConfig(configBag);
        String iamRoleNameFromConfig = getIamRoleNameFromConfig(configBag);
        if (!"aws-ec2".equals(providerFromConfig)) {
            throw new IllegalArgumentException("Provider " + providerFromConfig + " does not support session credentials");
        }
        try {
            JsonNode readTree = new ObjectMapper().readTree(new URL(AWS_SECURITY_CREDENTIAL_URL + "/" + iamRoleNameFromConfig));
            str = readTree.path(ACCESS_KEY_ID).asText();
            str2 = readTree.path(SECRET_ACCESS_KEY).asText();
            str3 = readTree.path(TOKEN).asText();
            date = new SimpleDateFormat(AWS_EXPIRATION_DATE_FORMAT).parse(readTree.path(EXPIRATION).asText());
        } catch (IOException | ParseException e) {
            Exceptions.propagate(e);
        }
        String str4 = (String) Preconditions.checkNotNull(str, "identity must not be null");
        SessionCredentials build = SessionCredentials.builder().accessKeyId(str4).credential((String) Preconditions.checkNotNull(str2, "credential must not be null")).sessionToken((String) Preconditions.checkNotNull(str3, "token must not be null")).expiration(date).build();
        return () -> {
            return build;
        };
    }

    private String getIamRoleNameFromConfig(ConfigBag configBag) {
        return (String) Preconditions.checkNotNull(configBag.get(IAM_ROLE_NAME), "IAM role must not be null");
    }

    @Override // org.apache.brooklyn.location.jclouds.AbstractComputeServiceRegistry
    public String toString() {
        return getClass().getName();
    }
}
