package org.springframework.cloud.config.server.environment.vault.authentication;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import java.util.concurrent.atomic.AtomicReference;
import org.springframework.cloud.config.server.environment.VaultEnvironmentProperties;
import org.springframework.cloud.config.server.environment.vault.SpringVaultClientAuthenticationProvider;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AwsIamAuthentication;
import org.springframework.vault.authentication.AwsIamAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-server-3.1.7.jar:org/springframework/cloud/config/server/environment/vault/authentication/AwsIamClientAuthenticationProvider.class */
public class AwsIamClientAuthenticationProvider extends SpringVaultClientAuthenticationProvider {

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-server-3.1.7.jar:org/springframework/cloud/config/server/environment/vault/authentication/AwsIamClientAuthenticationProvider$AwsCredentialProvider.class */
    private static class AwsCredentialProvider {
        private AwsCredentialProvider() {
        }

        private static AWSCredentialsProvider getAwsCredentialsProvider() {
            final DefaultAWSCredentialsProviderChain defaultAWSCredentialsProviderChain = DefaultAWSCredentialsProviderChain.getInstance();
            final AWSCredentials credentials = defaultAWSCredentialsProviderChain.getCredentials();
            final AtomicReference atomicReference = new AtomicReference(credentials);
            return new AWSCredentialsProvider() { // from class: org.springframework.cloud.config.server.environment.vault.authentication.AwsIamClientAuthenticationProvider.AwsCredentialProvider.1
                public AWSCredentials getCredentials() {
                    return atomicReference.compareAndSet(credentials, null) ? credentials : defaultAWSCredentialsProviderChain.getCredentials();
                }

                public void refresh() {
                    defaultAWSCredentialsProviderChain.refresh();
                }
            };
        }

        static /* synthetic */ AWSCredentialsProvider access$000() {
            return getAwsCredentialsProvider();
        }
    }

    public AwsIamClientAuthenticationProvider() {
        super(VaultEnvironmentProperties.AuthenticationMethod.AWS_IAM);
    }

    @Override // org.springframework.cloud.config.server.environment.vault.SpringVaultClientAuthenticationProvider
    public ClientAuthentication getClientAuthentication(VaultEnvironmentProperties vaultEnvironmentProperties, RestOperations restOperations, RestOperations restOperations2) {
        assertClassPresent("com.amazonaws.auth.AWSCredentials", missingClassForAuthMethod("AWSCredentials", "aws-java-sdk-core", VaultEnvironmentProperties.AuthenticationMethod.AWS_IAM));
        VaultEnvironmentProperties.AwsIamProperties awsIam = vaultEnvironmentProperties.getAwsIam();
        AWSCredentialsProvider access$000 = AwsCredentialProvider.access$000();
        AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions.builder();
        if (StringUtils.hasText(awsIam.getRole())) {
            builder.role(awsIam.getRole());
        }
        if (StringUtils.hasText(awsIam.getServerName())) {
            builder.serverName(awsIam.getServerName());
        }
        if (awsIam.getEndpointUri() != null) {
            builder.endpointUri(awsIam.getEndpointUri());
        }
        builder.path(awsIam.getAwsPath()).credentialsProvider(access$000);
        return new AwsIamAuthentication(builder.credentialsProvider(access$000).build(), restOperations);
    }
}
