package com.aliyuncs.auth;

import com.aliyun.oss.internal.SignParameters;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.HttpRequest;
import com.aliyuncs.http.HttpResponse;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.clients.CompatibleUrlConnClient;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.net.MalformedURLException;
import java.net.URL;
import org.apache.rocketmq.acl.common.SessionCredentials;

/* loaded from: input_file:BOOT-INF/lib/aliyun-java-sdk-core-4.5.10.jar:com/aliyuncs/auth/ECSMetadataServiceCredentialsFetcher.class */
public class ECSMetadataServiceCredentialsFetcher {
    private static final String URL_IN_ECS_METADATA = "/latest/meta-data/ram/security-credentials/";
    private static final int DEFAULT_TIMEOUT_IN_MILLISECONDS = 1000;
    private static final String ECS_METADAT_FETCH_ERROR_MSG = "Failed to get RAM session credentials from ECS metadata service.";
    private static final int DEFAULT_ECS_SESSION_TOKEN_DURATION_SECONDS = 21600;
    private URL credentialUrl;
    private String roleName;
    private String metadataServiceHost = "100.100.100.200";
    private int connectionTimeoutInMilliseconds = 1000;

    public void setRoleName(String str) {
        if (null == str) {
            throw new NullPointerException("You must specifiy a valid role name.");
        }
        this.roleName = str;
        setCredentialUrl();
    }

    private void setCredentialUrl() {
        try {
            this.credentialUrl = new URL("http://" + this.metadataServiceHost + URL_IN_ECS_METADATA + this.roleName);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e.toString());
        }
    }

    public ECSMetadataServiceCredentialsFetcher withECSMetadataServiceHost(String str) {
        System.err.println("withECSMetadataServiceHost() method is only for testing, please don't use it");
        this.metadataServiceHost = str;
        setCredentialUrl();
        return this;
    }

    public ECSMetadataServiceCredentialsFetcher withConnectionTimeout(int i) {
        this.connectionTimeoutInMilliseconds = i;
        return this;
    }

    public String getMetadata() throws ClientException {
        HttpRequest httpRequest = new HttpRequest(this.credentialUrl.toString());
        httpRequest.setSysMethod(MethodType.GET);
        httpRequest.setSysConnectTimeout(Integer.valueOf(this.connectionTimeoutInMilliseconds));
        httpRequest.setSysReadTimeout(Integer.valueOf(this.connectionTimeoutInMilliseconds));
        try {
            HttpResponse compatibleGetResponse = CompatibleUrlConnClient.compatibleGetResponse(httpRequest);
            if (compatibleGetResponse.getStatus() != 200) {
                throw new ClientException("Failed to get RAM session credentials from ECS metadata service. HttpCode=" + compatibleGetResponse.getStatus());
            }
            return new String(compatibleGetResponse.getHttpContent());
        } catch (Exception e) {
            throw new ClientException("Failed to connect ECS Metadata Service: " + e.toString());
        }
    }

    public InstanceProfileCredentials fetch() throws ClientException {
        JsonObject asJsonObject = new JsonParser().parse(getMetadata()).getAsJsonObject();
        if (!asJsonObject.has("Code") || !asJsonObject.has(SignParameters.AUTHORIZATION_ACCESS_KEY_ID) || !asJsonObject.has("AccessKeySecret") || !asJsonObject.has(SessionCredentials.SECURITY_TOKEN) || !asJsonObject.has("Expiration")) {
            throw new ClientException("Invalid json got from ECS Metadata service.");
        }
        if ("Success".equals(asJsonObject.get("Code").getAsString())) {
            return new InstanceProfileCredentials(asJsonObject.get(SignParameters.AUTHORIZATION_ACCESS_KEY_ID).getAsString(), asJsonObject.get("AccessKeySecret").getAsString(), asJsonObject.get(SessionCredentials.SECURITY_TOKEN).getAsString(), asJsonObject.get("Expiration").getAsString(), 21600L);
        }
        throw new ClientException(ECS_METADAT_FETCH_ERROR_MSG);
    }

    public InstanceProfileCredentials fetch(int i) throws ClientException {
        for (int i2 = 0; i2 <= i; i2++) {
            try {
                return fetch();
            } catch (ClientException e) {
                if (i2 == i) {
                    throw e;
                }
            }
        }
        throw new ClientException("Failed to connect ECS Metadata Service: Max retry times exceeded.");
    }
}
