package com.alipay.easysdk.kms.aliyun.credentials.provider;
|
|
import com.alipay.easysdk.kms.aliyun.credentials.EcsRamRoleCredentials;
|
import com.alipay.easysdk.kms.aliyun.credentials.ICredentials;
|
import com.alipay.easysdk.kms.aliyun.credentials.exceptions.CredentialException;
|
|
public class EcsRamRoleCredentialsProvider implements ICredentialsProvider {
|
private static final int MAX_ECS_METADATA_FETCH_RETRY_TIMES = 3;
|
private final String roleName;
|
private EcsRamRoleCredentials credentials = null;
|
private ECSMetadataServiceCredentialsFetcher fetcher;
|
|
public EcsRamRoleCredentialsProvider(String roleName) {
|
if (null == roleName) {
|
throw new NullPointerException("You must specifiy a valid role name.");
|
}
|
this.roleName = roleName;
|
this.fetcher = new ECSMetadataServiceCredentialsFetcher();
|
this.fetcher.setRoleName(this.roleName);
|
}
|
|
public EcsRamRoleCredentialsProvider withFetcher(ECSMetadataServiceCredentialsFetcher fetcher) {
|
this.fetcher = fetcher;
|
this.fetcher.setRoleName(roleName);
|
return this;
|
}
|
|
@Override
|
public ICredentials getCredentials() throws CredentialException {
|
if (credentials == null || credentials.isExpired()) {
|
credentials = fetcher.fetch(MAX_ECS_METADATA_FETCH_RETRY_TIMES);
|
} else if (credentials.willSoonExpire() && credentials.shouldRefresh()) {
|
try {
|
credentials = fetcher.fetch();
|
} catch (CredentialException e) {
|
// Use the current expiring session token and wait for next round
|
credentials.setLastFailedRefreshTime();
|
}
|
}
|
return credentials;
|
}
|
}
|
