package com.dbeaver.net.auth.iam;

import org.jkiss.dbeaver.model.auth.AuthProperty;
import org.jkiss.dbeaver.model.connection.DBPConnectionConfiguration;
import org.jkiss.dbeaver.model.exec.DBCException;
import org.jkiss.dbeaver.model.impl.auth.AuthModelDatabaseNativeCredentials;
import org.jkiss.dbeaver.model.meta.Property;
import org.jkiss.utils.CommonUtils;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;

/* loaded from: input_file:com/dbeaver/net/auth/iam/AuthModelIAMCredentials.class */
public class AuthModelIAMCredentials extends AuthModelDatabaseNativeCredentials {
    private String region;
    private ProviderType providerType = ProviderType.STATIC;
    private String profileName;
    private boolean defaultAwsCredentials;
    private String awsAccessKey;
    private String awsSecretKey;
    private boolean crossAccountAccess;
    private String awsAccountId;
    private String awsRoleName;

    /* loaded from: input_file:com/dbeaver/net/auth/iam/AuthModelIAMCredentials$ProviderType.class */
    enum ProviderType {
        STATIC,
        PROFILE;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static ProviderType[] valuesCustom() {
            ProviderType[] valuesCustom = values();
            int length = valuesCustom.length;
            ProviderType[] providerTypeArr = new ProviderType[length];
            System.arraycopy(valuesCustom, 0, providerTypeArr, 0, length);
            return providerTypeArr;
        }
    }

    public ProviderType getProviderType() {
        return this.providerType;
    }

    public void setProviderType(ProviderType providerType) {
        this.providerType = providerType;
    }

    public String getUserPassword() {
        return super.getUserPassword();
    }

    @AuthProperty(contextProvided = true)
    @Property(hidden = true)
    public String getProfileName() {
        return this.profileName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProfileName(String str) {
        this.profileName = str;
    }

    @AuthProperty(contextProvided = true)
    @Property(hidden = true)
    public String getRegion() {
        return this.region;
    }

    public void setRegion(String str) {
        this.region = str;
    }

    public Region getAwsRegion() {
        return CommonUtils.isEmpty(this.region) ? Region.AWS_GLOBAL : Region.of(this.region);
    }

    @AuthProperty(contextProvided = true)
    @Property(hidden = true)
    public boolean isDefaultAwsCredentials() {
        return this.defaultAwsCredentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDefaultAwsCredentials(boolean z) {
        this.defaultAwsCredentials = z;
    }

    @AuthProperty(contextProvided = true)
    @Property
    public String getAwsAccessKey() {
        return this.awsAccessKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAwsAccessKey(String str) {
        this.awsAccessKey = str;
    }

    @AuthProperty(contextProvided = true)
    @Property(password = true)
    public String getAwsSecretKey() {
        return this.awsSecretKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAwsSecretKey(String str) {
        this.awsSecretKey = str;
    }

    public boolean isCrossAccountAccess() {
        return this.crossAccountAccess;
    }

    public void setCrossAccountAccess(boolean z) {
        this.crossAccountAccess = z;
    }

    @AuthProperty(contextProvided = true)
    @Property
    public String getAwsAccountId() {
        return this.awsAccountId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAwsAccountId(String str) {
        this.awsAccountId = str;
    }

    @AuthProperty(contextProvided = true)
    @Property
    public String getAwsRoleName() {
        return this.awsRoleName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAwsRoleName(String str) {
        this.awsRoleName = str;
    }

    public AwsCredentialsProvider getAuthCredentialsProvider(DBPConnectionConfiguration dBPConnectionConfiguration) throws DBCException {
        AwsBasicCredentials resolveCredentials;
        ProfileCredentialsProvider create;
        if (this.providerType != ProviderType.PROFILE) {
            if (this.defaultAwsCredentials) {
                try {
                    resolveCredentials = DefaultCredentialsProvider.builder().reuseLastProviderEnabled(false).build().resolveCredentials();
                } catch (Exception e) {
                    throw new DBCException("There is no default AWS credentials in system", e);
                }
            } else {
                String str = this.awsAccessKey;
                String str2 = this.awsSecretKey;
                if (CommonUtils.isEmpty(str)) {
                    str = dBPConnectionConfiguration.getUserName();
                }
                if (CommonUtils.isEmpty(str2)) {
                    str2 = dBPConnectionConfiguration.getUserPassword();
                }
                if (CommonUtils.isEmpty(str) || CommonUtils.isEmpty(str2)) {
                    throw new DBCException("AWS access key and secret key must be specified");
                }
                resolveCredentials = AwsBasicCredentials.create(str, str2);
            }
            create = StaticCredentialsProvider.create(resolveCredentials);
        } else {
            if (CommonUtils.isEmpty(this.profileName)) {
                throw new DBCException("AWS profile name must be specified");
            }
            create = ProfileCredentialsProvider.builder().profileName(this.profileName).build();
        }
        if (this.crossAccountAccess && !CommonUtils.isEmpty(this.awsAccountId)) {
            if (CommonUtils.isEmpty(this.awsRoleName)) {
                throw new DBCException("AWS IAM role name must be specified when 3rd party IAM account is specified");
            }
            Region awsRegion = getAwsRegion();
            String str3 = "arn:aws:iam::" + this.awsAccountId + ":role/" + this.awsRoleName;
            create = (AwsCredentialsProvider) StsAssumeRoleCredentialsProvider.builder().stsClient((StsClient) StsClient.builder().region(awsRegion).credentialsProvider(create).build()).refreshRequest((AssumeRoleRequest) AssumeRoleRequest.builder().roleArn(str3).roleSessionName("dbeaver").build()).build();
        }
        return create;
    }
}
