package zipkin.module.aws.sqs;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.type.AnnotatedTypeMetadata;
import zipkin.module.aws.sqs.ZipkinSQSCollectorModule;

@EnableConfigurationProperties({ZipkinSQSCollectorProperties.class})
@Configuration
@Conditional({ZipkinSQSCollectorModule.SQSSetCondition.class})
/* loaded from: input_file:zipkin/module/aws/sqs/ZipkinSQSCredentialsConfiguration.class */
class ZipkinSQSCredentialsConfiguration {

    @Autowired(required = false)
    private AWSSecurityTokenService securityTokenService;

    /* loaded from: input_file:zipkin/module/aws/sqs/ZipkinSQSCredentialsConfiguration$STSSetCondition.class */
    static final class STSSetCondition extends SpringBootCondition {
        private static final String PROPERTY_NAME = "zipkin.collector.sqs.aws-sts-role-arn";

        STSSetCondition() {
        }

        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            return isEmpty(conditionContext.getEnvironment().getProperty(PROPERTY_NAME)) ? ConditionOutcome.noMatch("zipkin.collector.sqs.aws-sts-role-arn isn't set") : ConditionOutcome.match();
        }

        private static boolean isEmpty(String str) {
            return str == null || str.isEmpty();
        }
    }

    ZipkinSQSCredentialsConfiguration() {
    }

    @ConditionalOnMissingBean
    @Conditional({STSSetCondition.class})
    @Bean
    AWSSecurityTokenService securityTokenService(ZipkinSQSCollectorProperties zipkinSQSCollectorProperties) {
        return (AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(getDefaultCredentialsProvider(zipkinSQSCollectorProperties)).withRegion(zipkinSQSCollectorProperties.awsStsRegion).build();
    }

    @ConditionalOnMissingBean
    @Bean
    AWSCredentialsProvider credentialsProvider(ZipkinSQSCollectorProperties zipkinSQSCollectorProperties) {
        return this.securityTokenService != null ? new STSAssumeRoleSessionCredentialsProvider.Builder(zipkinSQSCollectorProperties.awsStsRoleArn, "zipkin-server").withStsClient(this.securityTokenService).build() : getDefaultCredentialsProvider(zipkinSQSCollectorProperties);
    }

    private static AWSCredentialsProvider getDefaultCredentialsProvider(ZipkinSQSCollectorProperties zipkinSQSCollectorProperties) {
        AWSStaticCredentialsProvider defaultAWSCredentialsProviderChain = new DefaultAWSCredentialsProviderChain();
        if (notNullOrEmpty(zipkinSQSCollectorProperties.awsAccessKeyId) && notNullOrEmpty(zipkinSQSCollectorProperties.awsSecretAccessKey)) {
            defaultAWSCredentialsProviderChain = new AWSStaticCredentialsProvider(new BasicAWSCredentials(zipkinSQSCollectorProperties.awsAccessKeyId, zipkinSQSCollectorProperties.awsSecretAccessKey));
        }
        return defaultAWSCredentialsProviderChain;
    }

    private static boolean notNullOrEmpty(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }
}
