package io.minio.credentials;

import a2.a;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import cq.c1;
import cq.i1;
import cq.k1;
import cq.m1;
import cq.n1;
import cq.o1;
import cq.r1;
import cq.u1;
import cq.v0;
import cq.w0;
import cq.x0;
import e.i;
import ho.s;
import io.minio.messages.ResponseDate;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.Objects;
import oauth.signpost.OAuth;
import org.apache.commons.compress.harmony.unpack200.AttributeLayout;
import ra.g;

/* loaded from: classes3.dex */
public class IamAwsProvider extends EnvironmentProvider {
    private Credentials credentials;
    private final x0 customEndpoint;
    private final k1 httpClient;
    private final ObjectMapper mapper;

    /* loaded from: classes3.dex */
    public static class EcsCredentials {

        @JsonProperty("AccessKeyID")
        private String accessKey;

        @JsonProperty(AttributeLayout.ATTRIBUTE_CODE)
        private String code;

        @JsonProperty("Expiration")
        private ResponseDate expiration;

        @JsonProperty("Message")
        private String message;

        @JsonProperty("SecretAccessKey")
        private String secretKey;

        @JsonProperty("Token")
        private String sessionToken;

        public String code() {
            return this.code;
        }

        public String message() {
            return this.message;
        }

        public Credentials toCredentials() {
            return new Credentials(this.accessKey, this.secretKey, this.sessionToken, this.expiration);
        }
    }

    public IamAwsProvider(String str, k1 k1Var) {
        x0 x0Var;
        if (str != null) {
            x0.f14116j.getClass();
            x0Var = w0.a(str);
            Objects.requireNonNull(x0Var, "Invalid custom endpoint");
        } else {
            x0Var = null;
        }
        this.customEndpoint = x0Var;
        if (k1Var == null) {
            i1 a10 = new k1().a();
            a10.d(Arrays.asList(m1.f14008d));
            k1Var = new k1(a10);
        }
        this.httpClient = k1Var;
        ObjectMapper objectMapper = new ObjectMapper();
        this.mapper = objectMapper;
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        objectMapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true);
    }

    private void checkLoopbackHost(x0 x0Var) {
        try {
            for (InetAddress inetAddress : InetAddress.getAllByName(x0Var.f14120d)) {
                if (!inetAddress.isLoopbackAddress()) {
                    throw new ProviderException(x0Var.f14120d + " is not loopback only host");
                }
            }
        } catch (UnknownHostException unused) {
            throw new ProviderException("Host in " + x0Var + " is not loopback address");
        }
    }

    private Credentials fetchCredentials(x0 x0Var, String str, String str2) {
        n1 n1Var = new n1();
        s.f(x0Var, "url");
        n1Var.f14021a = x0Var;
        n1Var.c("GET", null);
        if (str2 != null && !str2.isEmpty()) {
            n1Var.b(str, str2);
        }
        try {
            u1 e10 = this.httpClient.b(new o1(n1Var)).e();
            try {
                if (!e10.f14098p) {
                    throw new ProviderException(x0Var + " failed with HTTP status code " + e10.f14086d);
                }
                EcsCredentials ecsCredentials = (EcsCredentials) this.mapper.readValue(e10.f14089g.charStream(), EcsCredentials.class);
                if (ecsCredentials.code() != null && !ecsCredentials.code().equals("Success")) {
                    throw new ProviderException(x0Var + " failed with code " + ecsCredentials.code() + " and message " + ecsCredentials.message());
                }
                Credentials credentials = ecsCredentials.toCredentials();
                e10.close();
                return credentials;
            } finally {
            }
        } catch (IOException e11) {
            throw new ProviderException("Unable to parse response", e11);
        }
    }

    private Credentials fetchCredentials(String str) {
        x0 x0Var = this.customEndpoint;
        if (x0Var == null) {
            String property = getProperty("AWS_REGION");
            String n10 = property == null ? "https://sts.amazonaws.com" : a.n("https://sts.", property, ".amazonaws.com");
            x0.f14116j.getClass();
            x0Var = w0.a(n10);
        }
        Credentials fetch = new WebIdentityProvider(new g(str, 1), x0Var.toString(), null, null, getProperty("AWS_ROLE_ARN"), getProperty("AWS_ROLE_SESSION_NAME"), this.httpClient).fetch();
        this.credentials = fetch;
        return fetch;
    }

    private String fetchImdsToken() {
        x0 e10;
        x0 x0Var = this.customEndpoint;
        if (x0Var == null) {
            x0.f14116j.getClass();
            e10 = w0.a("http://169.254.169.254/latest/api/token");
        } else {
            v0 v0Var = new v0();
            v0Var.j(x0Var.f14117a);
            v0Var.g(x0Var.f14120d);
            v0Var.c("latest/api/token");
            e10 = v0Var.e();
        }
        n1 n1Var = new n1();
        s.f(e10, "url");
        n1Var.f14021a = e10;
        n1Var.c("PUT", r1.create(new byte[0], (c1) null));
        n1Var.b("X-aws-ec2-metadata-token-ttl-seconds", "21600");
        try {
            u1 e11 = this.httpClient.b(new o1(n1Var)).e();
            try {
                String string = e11.f14098p ? e11.f14089g.string() : "";
                e11.close();
                return string;
            } catch (Throwable th2) {
                try {
                    throw th2;
                } finally {
                }
            }
        } catch (IOException unused) {
            return "";
        }
    }

    private String getIamRoleName(x0 x0Var, String str) {
        n1 n1Var = new n1();
        s.f(x0Var, "url");
        n1Var.f14021a = x0Var;
        n1Var.c("GET", null);
        if (str != null && !str.isEmpty()) {
            n1Var.b("X-aws-ec2-metadata-token", str);
        }
        try {
            u1 e10 = this.httpClient.b(new o1(n1Var)).e();
            try {
                if (!e10.f14098p) {
                    throw new ProviderException(x0Var + " failed with HTTP status code " + e10.f14086d);
                }
                String[] split = e10.f14089g.string().split("\\R");
                e10.close();
                if (split.length != 0) {
                    return split[0];
                }
                throw new ProviderException("No IAM roles attached to EC2 service " + x0Var);
            } catch (Throwable th2) {
                try {
                    throw th2;
                } finally {
                }
            }
        } catch (IOException e11) {
            throw new ProviderException("Unable to parse response", e11);
        }
    }

    private x0 getIamRoleNamedUrl(String str) {
        x0 e10;
        x0 x0Var = this.customEndpoint;
        if (x0Var == null) {
            x0.f14116j.getClass();
            e10 = w0.a("http://169.254.169.254/latest/meta-data/iam/security-credentials/");
        } else {
            v0 v0Var = new v0();
            v0Var.j(x0Var.f14117a);
            v0Var.g(x0Var.f14120d);
            v0Var.c("latest/meta-data/iam/security-credentials/");
            e10 = v0Var.e();
        }
        String iamRoleName = getIamRoleName(e10, str);
        v0 g10 = e10.g();
        s.f(iamRoleName, "pathSegment");
        dq.a.f22950a.getClass();
        dq.a.e(g10, iamRoleName, 0, iamRoleName.length(), false, false);
        return g10.e();
    }

    public static /* synthetic */ Jwt lambda$fetchCredentials$0(String str) {
        Path path;
        byte[] readAllBytes;
        try {
            path = Paths.get(str, new String[0]);
            readAllBytes = Files.readAllBytes(path);
            return new Jwt(new String(readAllBytes, StandardCharsets.UTF_8), 0);
        } catch (IOException e10) {
            throw new ProviderException(i.m("Error in reading file ", str), e10);
        }
    }

    @Override // io.minio.credentials.Provider
    public synchronized Credentials fetch() {
        Credentials credentials = this.credentials;
        if (credentials != null && !credentials.isExpired()) {
            return this.credentials;
        }
        x0 x0Var = this.customEndpoint;
        String property = getProperty("AWS_WEB_IDENTITY_TOKEN_FILE");
        if (property != null) {
            Credentials fetchCredentials = fetchCredentials(property);
            this.credentials = fetchCredentials;
            return fetchCredentials;
        }
        String str = OAuth.HTTP_AUTHORIZATION_HEADER;
        String property2 = getProperty("AWS_CONTAINER_AUTHORIZATION_TOKEN");
        if (getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") != null) {
            if (x0Var == null) {
                v0 v0Var = new v0();
                v0Var.j("http");
                v0Var.g("169.254.170.2");
                v0Var.c(getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"));
                x0Var = v0Var.e();
            }
        } else if (getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI") != null) {
            if (x0Var == null) {
                String property3 = getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI");
                x0.f14116j.getClass();
                x0Var = w0.a(property3);
            }
            checkLoopbackHost(x0Var);
        } else {
            property2 = fetchImdsToken();
            str = "X-aws-ec2-metadata-token";
            x0Var = getIamRoleNamedUrl(property2);
        }
        Credentials fetchCredentials2 = fetchCredentials(x0Var, str, property2);
        this.credentials = fetchCredentials2;
        return fetchCredentials2;
    }
}
