package org.apache.hadoop.fs.s3a.auth.delegation;

import java.io.IOException;
import java.util.Optional;
import org.apache.hadoop.fs.s3a.AWSCredentialProviderList;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.fs.s3a.auth.MarshalledCredentialBinding;
import org.apache.hadoop.fs.s3a.auth.MarshalledCredentialProvider;
import org.apache.hadoop.fs.s3a.auth.MarshalledCredentials;
import org.apache.hadoop.fs.s3a.auth.RoleModel;
import org.apache.hadoop.fs.s3native.S3xLoginHelper;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;

/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/delegation/FullCredentialsTokenBinding.class */
public class FullCredentialsTokenBinding extends AbstractDelegationTokenBinding {
    private static final String NAME = "FullCredentials/001";
    public static final String FULL_TOKEN = "Full Delegation Token";
    private MarshalledCredentials awsCredentials;
    private String credentialOrigin;

    public FullCredentialsTokenBinding() {
        super(NAME, DelegationConstants.FULL_TOKEN_KIND);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding, org.apache.hadoop.service.AbstractService
    public void serviceStart() throws Exception {
        super.serviceStart();
    }

    private void loadAWSCredentials() throws IOException {
        this.credentialOrigin = AbstractS3ATokenIdentifier.createDefaultOriginMessage();
        S3xLoginHelper.Login aWSAccessKeys = S3AUtils.getAWSAccessKeys(getCanonicalUri(), getConfig());
        if (aWSAccessKeys.hasLogin()) {
            this.awsCredentials = new MarshalledCredentials(aWSAccessKeys.getUser(), aWSAccessKeys.getPassword(), "");
            this.credentialOrigin += "; source = Hadoop configuration data";
        } else {
            this.awsCredentials = MarshalledCredentialBinding.fromEnvironment(System.getenv());
            if (this.awsCredentials.isValid(MarshalledCredentials.CredentialTypeRequired.AnyNonEmpty)) {
                this.credentialOrigin += "; source = Environment variables";
            } else {
                this.credentialOrigin = "no credentials in configuration or environment variables";
            }
        }
        this.awsCredentials.validate(this.credentialOrigin + ": ", MarshalledCredentials.CredentialTypeRequired.AnyNonEmpty);
    }

    @Override // org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding
    public AWSCredentialProviderList deployUnbonded() throws IOException {
        requireServiceStarted();
        loadAWSCredentials();
        return new AWSCredentialProviderList("Full Credentials Token Binding", new MarshalledCredentialProvider(FULL_TOKEN, getStoreContext().getFsURI(), getConfig(), this.awsCredentials, MarshalledCredentials.CredentialTypeRequired.AnyNonEmpty));
    }

    @Override // org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding
    public AbstractS3ATokenIdentifier createTokenIdentifier(Optional<RoleModel.Policy> optional, EncryptionSecrets encryptionSecrets, Text text) throws IOException {
        requireServiceStarted();
        Preconditions.checkNotNull(this.awsCredentials, "No AWS credentials to use for a delegation token");
        return new FullCredentialsTokenIdentifier(getCanonicalUri(), getOwnerText(), text, this.awsCredentials, encryptionSecrets, this.credentialOrigin);
    }

    @Override // org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding
    public AWSCredentialProviderList bindToTokenIdentifier(AbstractS3ATokenIdentifier abstractS3ATokenIdentifier) throws IOException {
        return new AWSCredentialProviderList("Full Credentials Token Binding", new MarshalledCredentialProvider(FULL_TOKEN, getStoreContext().getFsURI(), getConfig(), ((FullCredentialsTokenIdentifier) convertTokenIdentifier(abstractS3ATokenIdentifier, FullCredentialsTokenIdentifier.class)).getMarshalledCredentials(), MarshalledCredentials.CredentialTypeRequired.AnyNonEmpty));
    }

    @Override // org.apache.hadoop.fs.s3a.auth.delegation.AbstractDelegationTokenBinding
    public AbstractS3ATokenIdentifier createEmptyIdentifier() {
        return new FullCredentialsTokenIdentifier();
    }
}
