package io.kubernetes.client.util.credentials;

import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.AWSSessionCredentialsProvider;
import io.kubernetes.client.openapi.ApiClient;
import io.kubernetes.client.util.eks.AWS4STSSigner;
import io.kubernetes.client.util.eks.AWS4SignerBase;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/kubernetes/client/util/credentials/EKSAuthentication.class */
public class EKSAuthentication implements Authentication {
    private static final Logger log = LoggerFactory.getLogger(EKSAuthentication.class);
    private static final int MAX_EXPIRY_SECONDS = 900;
    private final AWSSessionCredentialsProvider provider;
    private final String region;
    private final String clusterName;
    private final int expirySeconds;

    public EKSAuthentication(AWSSessionCredentialsProvider aWSSessionCredentialsProvider, String str, String str2) {
        this(aWSSessionCredentialsProvider, str, str2, MAX_EXPIRY_SECONDS);
    }

    public EKSAuthentication(AWSSessionCredentialsProvider aWSSessionCredentialsProvider, String str, String str2, int i) {
        this.provider = aWSSessionCredentialsProvider;
        this.region = str;
        this.clusterName = str2;
        this.expirySeconds = i > MAX_EXPIRY_SECONDS ? MAX_EXPIRY_SECONDS : i;
    }

    @Override // io.kubernetes.client.util.credentials.Authentication
    public void provide(ApiClient apiClient) {
        URI create = URI.create("https://sts." + this.region + ".amazonaws.com/");
        AWSSessionCredentials credentials = this.provider.getCredentials();
        try {
            String str = "k8s-aws-v1." + Base64.getEncoder().withoutPadding().encodeToString(new AWS4STSSigner(create.toURL(), "GET", "sts", this.region).computeSignature(create, new HashMap<String, String>() { // from class: io.kubernetes.client.util.credentials.EKSAuthentication.1
                {
                    put("x-k8s-aws-id", EKSAuthentication.this.clusterName);
                }
            }, new HashMap<String, String>() { // from class: io.kubernetes.client.util.credentials.EKSAuthentication.2
                {
                    put("Action", "GetCallerIdentity");
                    put("Version", "2011-06-15");
                }
            }, this.expirySeconds, AWS4SignerBase.EMPTY_BODY_SHA256, credentials.getAWSAccessKeyId(), credentials.getAWSSecretKey(), credentials.getSessionToken()).getBytes());
            apiClient.setApiKeyPrefix("Bearer");
            apiClient.setApiKey(str);
            log.info("Generated BEARER token for ApiClient, expiring at {}", Instant.now().plus(this.expirySeconds, (TemporalUnit) ChronoUnit.SECONDS));
        } catch (MalformedURLException | URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }
}
