package com.netflix.spinnaker.igor.config;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.netflix.spinnaker.igor.codebuild.AwsCodeBuildAccount;
import com.netflix.spinnaker.igor.codebuild.AwsCodeBuildAccountRepository;
import java.util.Objects;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({AwsCodeBuildProperties.class})
@Configuration
@ConditionalOnProperty({"codebuild.enabled"})
/* loaded from: input_file:com/netflix/spinnaker/igor/config/AwsCodeBuildConfig.class */
public class AwsCodeBuildConfig {
    @Bean({"awsCodeBuildAccountRepository"})
    AwsCodeBuildAccountRepository awsCodeBuildAccountRepository(AwsCodeBuildProperties awsCodeBuildProperties, AWSCredentialsProvider aWSCredentialsProvider) {
        AwsCodeBuildAccountRepository awsCodeBuildAccountRepository = new AwsCodeBuildAccountRepository();
        awsCodeBuildProperties.getAccounts().forEach(account -> {
            AwsCodeBuildAccount awsCodeBuildAccount = new AwsCodeBuildAccount(aWSCredentialsProvider, account.getRegion());
            if (account.getAccountId() != null && account.getAssumeRole() != null) {
                awsCodeBuildAccount = new AwsCodeBuildAccount(new STSAssumeRoleSessionCredentialsProvider.Builder(getRoleArn(account.getAccountId(), account.getAssumeRole()), "spinnaker-session").withStsClient((AWSSecurityTokenServiceClient) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(aWSCredentialsProvider).withRegion(account.getRegion()).build()).build(), account.getRegion());
            }
            awsCodeBuildAccountRepository.addAccount(account.getName(), awsCodeBuildAccount);
        });
        return awsCodeBuildAccountRepository;
    }

    @Bean({"awsCredentialsProvider"})
    AWSCredentialsProvider awsCredentialsProvider(AwsCodeBuildProperties awsCodeBuildProperties) {
        AWSStaticCredentialsProvider defaultAWSCredentialsProviderChain = DefaultAWSCredentialsProviderChain.getInstance();
        if (awsCodeBuildProperties.getAccessKeyId() != null && !awsCodeBuildProperties.getAccessKeyId().isEmpty() && awsCodeBuildProperties.getSecretAccessKey() != null && !awsCodeBuildProperties.getSecretAccessKey().isEmpty()) {
            defaultAWSCredentialsProviderChain = new AWSStaticCredentialsProvider(new BasicAWSCredentials(awsCodeBuildProperties.getAccessKeyId(), awsCodeBuildProperties.getSecretAccessKey()));
        }
        return defaultAWSCredentialsProviderChain;
    }

    private String getRoleArn(String str, String str2) {
        String str3 = (String) Objects.requireNonNull(str2, "assumeRole");
        if (!str3.startsWith("arn:")) {
            str3 = String.format("arn:aws:iam::%s:%s", Objects.requireNonNull(str, "accountId"), str3);
        }
        return str3;
    }
}
