1 /*
2  * Copyright 2014-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 package com.amazonaws.auth.profile.internal.securitytoken;
16
17 import com.amazonaws.SdkClientException;
18 import com.amazonaws.annotation.ThreadSafe;
19 import com.amazonaws.auth.AWSCredentials;
20 import com.amazonaws.auth.AWSCredentialsProvider;
21
22 @ThreadSafe
23 public class STSProfileCredentialsServiceProvider implements AWSCredentialsProvider {
24     private static final String CLASS_NAME = "com.amazonaws.services.securitytoken.internal.STSProfileCredentialsService";
25     private static volatile ProfileCredentialsService STS_CREDENTIALS_SERVICE;
26
27     private final RoleInfo roleInfo;
28     private volatile AWSCredentialsProvider profileCredentialsProvider;
29
30     public STSProfileCredentialsServiceProvider(RoleInfo roleInfo) {
31         this.roleInfo = roleInfo;
32     }
33
34     private AWSCredentialsProvider getProfileCredentialsProvider() {
35         if (this.profileCredentialsProvider == null) {
36             synchronized (STSProfileCredentialsServiceProvider.class) {
37                 if (this.profileCredentialsProvider == null) {
38                     this.profileCredentialsProvider = getProfileCredentialService()
39                             .getAssumeRoleCredentialsProvider(roleInfo);
40                 }
41             }
42         }
43         return this.profileCredentialsProvider;
44     }
45
46     /**
47      * Only called once per creation of each profile credential provider so we don't bother with any
48      * double checked locking.
49      */
50     private static synchronized ProfileCredentialsService getProfileCredentialService() {
51         if (STS_CREDENTIALS_SERVICE == null) {
52             try {
53                 STS_CREDENTIALS_SERVICE = (ProfileCredentialsService) Class.forName(CLASS_NAME)
54                         .newInstance();
55             } catch (ClassNotFoundException ex) {
56                 throw new SdkClientException(
57                         "To use assume role profiles the aws-java-sdk-sts module must be on the class path.",
58                         ex);
59             } catch (InstantiationException ex) {
60                 throw new SdkClientException("Failed to instantiate " + CLASS_NAME, ex);
61             } catch (IllegalAccessException ex) {
62                 throw new SdkClientException("Failed to instantiate " + CLASS_NAME, ex);
63             }
64         }
65         return STS_CREDENTIALS_SERVICE;
66     }
67
68
69     @Override
70     public AWSCredentials getCredentials() {
71         return getProfileCredentialsProvider().getCredentials();
72     }
73
74     @Override
75     public void refresh() {
76         getProfileCredentialsProvider().refresh();
77     }
78 }
79