package org.apache.hadoop.fs.s3a.auth;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.io.Serializable;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.fs.s3a.auth.delegation.DelegationTokenIOException;
import org.apache.hadoop.fs.s3a.commit.files.PendingSet;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/MarshalledCredentials.class */
public final class MarshalledCredentials implements Writable, Serializable {

    @VisibleForTesting
    public static final String INVALID_CREDENTIALS = "Invalid AWS credentials";
    private static final int MAX_SECRET_LENGTH = 8192;
    private static final long serialVersionUID = 8444610385533920692L;
    private String accessKey;
    private String secretKey;
    private String sessionToken;
    private String roleARN;
    private long expiration;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.fs.s3a.auth.MarshalledCredentials$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/MarshalledCredentials$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired = new int[CredentialTypeRequired.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[CredentialTypeRequired.AnyIncludingEmpty.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[CredentialTypeRequired.Empty.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[CredentialTypeRequired.AnyNonEmpty.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[CredentialTypeRequired.FullOnly.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[CredentialTypeRequired.SessionOnly.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/MarshalledCredentials$CredentialTypeRequired.class */
    public enum CredentialTypeRequired {
        Empty("None"),
        AnyIncludingEmpty("Full, Session or None"),
        AnyNonEmpty("Full or Session"),
        SessionOnly("Session"),
        FullOnly("Full");

        private final String text;

        CredentialTypeRequired(String str) {
            this.text = str;
        }

        public String getText() {
            return this.text;
        }

        @Override // java.lang.Enum
        public String toString() {
            return getText();
        }
    }

    public MarshalledCredentials() {
        this.accessKey = "";
        this.secretKey = "";
        this.sessionToken = "";
        this.roleARN = "";
    }

    public MarshalledCredentials(String str, String str2, String str3) {
        this();
        this.accessKey = (String) Objects.requireNonNull(str);
        this.secretKey = (String) Objects.requireNonNull(str2);
        this.sessionToken = str3 == null ? "" : str3;
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public String getSessionToken() {
        return this.sessionToken;
    }

    public long getExpiration() {
        return this.expiration;
    }

    public void setExpiration(long j) {
        this.expiration = j;
    }

    public Optional<OffsetDateTime> getExpirationDateTime() {
        return this.expiration == 0 ? Optional.empty() : Optional.of(OffsetDateTime.ofInstant(new Date(this.expiration).toInstant(), ZoneOffset.UTC));
    }

    public String getRoleARN() {
        return this.roleARN;
    }

    public void setRoleARN(String str) {
        this.roleARN = (String) Objects.requireNonNull(str);
    }

    public void setAccessKey(String str) {
        this.accessKey = (String) Objects.requireNonNull(str, "access key");
    }

    public void setSecretKey(String str) {
        this.secretKey = (String) Objects.requireNonNull(str, "secret key");
    }

    public void setSessionToken(String str) {
        this.sessionToken = (String) Objects.requireNonNull(str, "session token");
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        MarshalledCredentials marshalledCredentials = (MarshalledCredentials) obj;
        return this.expiration == marshalledCredentials.expiration && Objects.equals(this.accessKey, marshalledCredentials.accessKey) && Objects.equals(this.secretKey, marshalledCredentials.secretKey) && Objects.equals(this.sessionToken, marshalledCredentials.sessionToken) && Objects.equals(this.roleARN, marshalledCredentials.roleARN);
    }

    public int hashCode() {
        return Objects.hash(this.accessKey, this.secretKey, this.sessionToken, this.roleARN, Long.valueOf(this.expiration));
    }

    public String toString() {
        if (isEmpty()) {
            return "Empty credentials";
        }
        String str = isValid(CredentialTypeRequired.AnyNonEmpty) ? "valid" : "invalid";
        if (!hasSessionToken()) {
            return "full credentials (" + str + ")";
        }
        Object[] objArr = new Object[3];
        objArr[0] = getExpirationDateTime().map(offsetDateTime -> {
            return offsetDateTime.format(DateTimeFormatter.ISO_DATE_TIME);
        }).orElse("unknown");
        objArr[1] = StringUtils.isNotEmpty(this.roleARN) ? "role \"" + this.roleARN + "\" " : "";
        objArr[2] = str;
        return String.format("session credentials, expiry %s; %s(%s)", objArr);
    }

    public boolean isEmpty() {
        return (StringUtils.isNotEmpty(this.accessKey) && StringUtils.isNotEmpty(this.secretKey)) ? false : true;
    }

    public boolean isValid(CredentialTypeRequired credentialTypeRequired) {
        if (this.accessKey == null || this.secretKey == null || this.sessionToken == null) {
            return false;
        }
        boolean z = StringUtils.isNotEmpty(this.accessKey) && StringUtils.isNotEmpty(this.secretKey);
        boolean hasSessionToken = hasSessionToken();
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$fs$s3a$auth$MarshalledCredentials$CredentialTypeRequired[credentialTypeRequired.ordinal()]) {
            case 1:
                return true;
            case 2:
                return !z;
            case PendingSet.VERSION /* 3 */:
                return z;
            case Constants.DEFAULT_FAST_UPLOAD_ACTIVE_BLOCKS /* 4 */:
                return z && !hasSessionToken;
            case 5:
                return z && hasSessionToken();
            default:
                return false;
        }
    }

    public boolean hasSessionToken() {
        return StringUtils.isNotEmpty(this.sessionToken);
    }

    public void write(DataOutput dataOutput) throws IOException {
        validate("Writing " + this + ": ", CredentialTypeRequired.AnyIncludingEmpty);
        Text.writeString(dataOutput, this.accessKey);
        Text.writeString(dataOutput, this.secretKey);
        Text.writeString(dataOutput, this.sessionToken);
        Text.writeString(dataOutput, this.roleARN);
        dataOutput.writeLong(this.expiration);
    }

    public void readFields(DataInput dataInput) throws IOException {
        this.accessKey = Text.readString(dataInput, 8192);
        this.secretKey = Text.readString(dataInput, 8192);
        this.sessionToken = Text.readString(dataInput, 8192);
        this.roleARN = Text.readString(dataInput, 8192);
        this.expiration = dataInput.readLong();
    }

    public void validate(String str, CredentialTypeRequired credentialTypeRequired) throws IOException {
        if (!isValid(credentialTypeRequired)) {
            throw new DelegationTokenIOException(str + buildInvalidCredentialsError(credentialTypeRequired));
        }
    }

    public String buildInvalidCredentialsError(CredentialTypeRequired credentialTypeRequired) {
        return isEmpty() ? " No AWS credentials" : " Invalid AWS credentials in " + toString() + " required: " + credentialTypeRequired;
    }

    public void setSecretsInConfiguration(Configuration configuration) {
        configuration.set(Constants.ACCESS_KEY, this.accessKey);
        configuration.set(Constants.SECRET_KEY, this.secretKey);
        S3AUtils.setIfDefined(configuration, Constants.SESSION_TOKEN, this.sessionToken, "session credentials");
    }

    public static MarshalledCredentials empty() {
        return new MarshalledCredentials("", "", "");
    }
}
