package com.kdgregory.logging.aws.facade.v2.internal;

import java.util.regex.Pattern;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.Role;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;

/* loaded from: input_file:com/kdgregory/logging/aws/facade/v2/internal/AssumedRoleCredentialsProviderProvider.class */
public class AssumedRoleCredentialsProviderProvider {
    private IamClient iamClient;

    public StsAssumeRoleCredentialsProvider provideProvider(String str) {
        String retrieveArn = retrieveArn(str);
        if (retrieveArn == null) {
            throw new RuntimeException("no such role: " + str);
        }
        return (StsAssumeRoleCredentialsProvider) StsAssumeRoleCredentialsProvider.builder().stsClient((StsClient) StsClient.builder().build()).refreshRequest((AssumeRoleRequest) AssumeRoleRequest.builder().roleArn(retrieveArn).roleSessionName("com.kdgregory.logging.aws").build()).build();
    }

    protected IamClient iamClient() {
        if (this.iamClient == null) {
            this.iamClient = (IamClient) IamClient.builder().region(Region.AWS_GLOBAL).build();
        }
        return this.iamClient;
    }

    public String retrieveArn(String str) {
        if (Pattern.matches("arn:.*:iam::\\d{12}:role/.*", str)) {
            return str;
        }
        for (Role role : iamClient().listRolesPaginator().roles()) {
            if (role.roleName().equals(str) || role.arn().equals(str)) {
                return role.arn();
            }
        }
        return null;
    }
}
