package org.kuali.common.aws.auth;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSCredentialsProviderChain;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.google.common.base.Optional;
import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.List;
import org.kuali.common.aws.auth.EnvCredentialsProvider;
import org.kuali.common.aws.model.ImmutableAWSCredentials;
import org.kuali.common.aws.model.ImmutableSessionCredentials;
import org.kuali.common.util.Assert;
import org.kuali.common.util.enc.EncUtils;
import org.kuali.common.util.enc.EncryptionService;
import org.kuali.common.util.spring.env.EnvironmentService;

/* loaded from: input_file:org/kuali/common/aws/auth/DefaultProviderChain.class */
public final class DefaultProviderChain extends AWSCredentialsProviderChain {
    private final Optional<AWSCredentials> optionalCredentials;
    private final Optional<EncryptionService> enc;
    private final Optional<EnvironmentService> env;
    private final boolean instanceCredentialsOverride;
    private final List<AWSCredentialsProvider> providers;

    /* loaded from: input_file:org/kuali/common/aws/auth/DefaultProviderChain$Builder.class */
    public static class Builder {
        private Optional<EncryptionService> enc = Optional.absent();
        private Optional<EnvironmentService> env = Optional.absent();
        private Optional<AWSCredentials> optionalCredentials = Optional.absent();
        private boolean instanceCredentialsOverride = false;
        private List<AWSCredentialsProvider> providers;
        private static final String INSTANCE_CREDENTIALS_OVERRIDE_KEY = "aws.instanceCredentialsOverride";

        public Builder enc(EncryptionService encryptionService) {
            this.enc = Optional.of(encryptionService);
            return this;
        }

        public Builder env(EnvironmentService environmentService) {
            this.env = Optional.of(environmentService);
            return this;
        }

        public Builder credentials(AWSCredentials aWSCredentials) {
            this.optionalCredentials = Optional.of(aWSCredentials);
            return this;
        }

        public Builder instanceCredentialsOverride(boolean z) {
            this.instanceCredentialsOverride = z;
            return this;
        }

        private void override() {
            if (this.env.isPresent()) {
                instanceCredentialsOverride(((EnvironmentService) this.env.get()).getBoolean(INSTANCE_CREDENTIALS_OVERRIDE_KEY, Boolean.valueOf(this.instanceCredentialsOverride)).booleanValue());
            }
        }

        private void validate(DefaultProviderChain defaultProviderChain) {
            Assert.noNulls(new Object[]{defaultProviderChain.getCredentials(), defaultProviderChain.getEnc(), defaultProviderChain.getEnv(), defaultProviderChain.getProviders()});
            Assert.isTrue(defaultProviderChain.getProviders().size() > 0, "Must supply at least one provider");
        }

        public DefaultProviderChain build() {
            override();
            this.providers = getProviders();
            DefaultProviderChain defaultProviderChain = new DefaultProviderChain(this);
            validate(defaultProviderChain);
            return defaultProviderChain;
        }

        private List<AWSCredentialsProvider> getProviders() {
            ArrayList arrayList = new ArrayList();
            if (this.env.isPresent()) {
                arrayList.add(new EnvCredentialsProvider.Builder((EnvironmentService) this.env.get()).build());
            }
            arrayList.addAll(getOther());
            return ImmutableList.copyOf(arrayList);
        }

        protected List<AWSCredentialsProvider> getOther() {
            InstanceProfileCredentialsProvider instanceProfileCredentialsProvider = new InstanceProfileCredentialsProvider();
            if (!this.optionalCredentials.isPresent()) {
                return ImmutableList.of(instanceProfileCredentialsProvider);
            }
            SimpleCredentialsProvider simpleCredentialsProvider = new SimpleCredentialsProvider((AWSCredentials) this.optionalCredentials.get());
            return this.instanceCredentialsOverride ? ImmutableList.of(instanceProfileCredentialsProvider, simpleCredentialsProvider) : ImmutableList.of(simpleCredentialsProvider, instanceProfileCredentialsProvider);
        }
    }

    public DefaultProviderChain(Builder builder) {
        super(toArray(builder.providers));
        this.optionalCredentials = builder.optionalCredentials;
        this.enc = builder.enc;
        this.env = builder.env;
        this.instanceCredentialsOverride = builder.instanceCredentialsOverride;
        this.providers = builder.providers;
    }

    private static AWSCredentialsProvider[] toArray(List<AWSCredentialsProvider> list) {
        return (AWSCredentialsProvider[]) list.toArray(new AWSCredentialsProvider[list.size()]);
    }

    public Optional<AWSCredentials> getOptionalCredentials() {
        return this.optionalCredentials;
    }

    public boolean isInstanceCredentialsOverride() {
        return this.instanceCredentialsOverride;
    }

    public AWSCredentials getCredentials() {
        AWSSessionCredentials credentials = super.getCredentials();
        String aWSAccessKeyId = credentials.getAWSAccessKeyId();
        String decrypt = EncUtils.decrypt(this.enc, credentials.getAWSSecretKey());
        return credentials instanceof AWSSessionCredentials ? new ImmutableSessionCredentials(aWSAccessKeyId, decrypt, credentials.getSessionToken()) : new ImmutableAWSCredentials(aWSAccessKeyId, decrypt);
    }

    public List<AWSCredentialsProvider> getProviders() {
        return this.providers;
    }

    public Optional<EncryptionService> getEnc() {
        return this.enc;
    }

    public Optional<EnvironmentService> getEnv() {
        return this.env;
    }
}
