package io.minio.credentials;

import J4.B;
import J4.D;
import J4.q;
import J4.r;
import J4.t;
import J4.u;
import J4.v;
import J4.w;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.util.a;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.json.JsonMapper;
import h5.AbstractC0723a;
import i3.k;
import io.minio.messages.ResponseDate;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.Objects;

/* loaded from: classes.dex */
public class IamAwsProvider extends EnvironmentProvider {
    private Credentials credentials;
    private final r customEndpoint;
    private final v httpClient;
    private final ObjectMapper mapper;

    /* loaded from: classes.dex */
    public static class EcsCredentials {

        @JsonProperty("AccessKeyID")
        private String accessKey;

        @JsonProperty("Code")
        private String code;

        @JsonProperty("Expiration")
        private ResponseDate expiration;

        @JsonProperty("Message")
        private String message;

        @JsonProperty("SecretAccessKey")
        private String secretKey;

        @JsonProperty("Token")
        private String sessionToken;

        public String code() {
            return this.code;
        }

        public String message() {
            return this.message;
        }

        public Credentials toCredentials() {
            return new Credentials(this.accessKey, this.secretKey, this.sessionToken, this.expiration);
        }
    }

    public IamAwsProvider(String str, v vVar) {
        r rVar = null;
        if (str != null) {
            try {
                q qVar = new q();
                qVar.g(null, str);
                rVar = qVar.d();
            } catch (IllegalArgumentException unused) {
            }
            Objects.requireNonNull(rVar, "Invalid custom endpoint");
        }
        this.customEndpoint = rVar;
        if (vVar == null) {
            u a2 = new v().a();
            a2.a(Arrays.asList(w.HTTP_1_1));
            vVar = new v(a2);
        }
        this.httpClient = vVar;
        this.mapper = JsonMapper.builder().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true).build();
    }

    private void checkLoopbackHost(r rVar) {
        try {
            for (InetAddress inetAddress : InetAddress.getAllByName(rVar.f4554d)) {
                if (!inetAddress.isLoopbackAddress()) {
                    throw new ProviderException(rVar.f4554d + " is not loopback only host");
                }
            }
        } catch (UnknownHostException unused) {
            throw new ProviderException("Host in " + rVar + " is not loopback address");
        }
    }

    private Credentials fetchCredentials(r rVar, String str, String str2) {
        B0.q qVar = new B0.q();
        k.f(rVar, "url");
        qVar.f793g = rVar;
        qVar.L("GET", null);
        if (str2 != null && !str2.isEmpty()) {
            qVar.D(str, str2);
        }
        try {
            D e4 = this.httpClient.b(qVar.g()).e();
            try {
                if (!e4.d()) {
                    throw new ProviderException(rVar + " failed with HTTP status code " + e4.f4427i);
                }
                EcsCredentials ecsCredentials = (EcsCredentials) this.mapper.readValue(e4.f4430l.b(), EcsCredentials.class);
                if (ecsCredentials.code() != null && !ecsCredentials.code().equals("Success")) {
                    throw new ProviderException(rVar + " failed with code " + ecsCredentials.code() + " and message " + ecsCredentials.message());
                }
                Credentials credentials = ecsCredentials.toCredentials();
                e4.close();
                return credentials;
            } finally {
            }
        } catch (IOException e7) {
            throw new ProviderException("Unable to parse response", e7);
        }
    }

    private Credentials fetchCredentials(String str) {
        r rVar = this.customEndpoint;
        if (rVar == null) {
            String property = getProperty("AWS_REGION");
            String h7 = property == null ? "https://sts.amazonaws.com" : A.k.h("https://sts.", property, ".amazonaws.com");
            k.f(h7, "<this>");
            try {
                q qVar = new q();
                qVar.g(null, h7);
                rVar = qVar.d();
            } catch (IllegalArgumentException unused) {
                rVar = null;
            }
        }
        Credentials fetch = new WebIdentityProvider(new a(str, 2), rVar.f4558h, null, null, getProperty("AWS_ROLE_ARN"), getProperty("AWS_ROLE_SESSION_NAME"), this.httpClient).fetch();
        this.credentials = fetch;
        return fetch;
    }

    private String fetchImdsToken() {
        r d7;
        r rVar = this.customEndpoint;
        if (rVar == null) {
            try {
                q qVar = new q();
                qVar.g(null, "http://169.254.169.254/latest/api/token");
                d7 = qVar.d();
            } catch (IllegalArgumentException unused) {
                d7 = null;
            }
        } else {
            q qVar2 = new q();
            qVar2.j(rVar.f4551a);
            qVar2.f(rVar.f4554d);
            qVar2.h(rVar.f4555e);
            qVar2.b("latest/api/token", false);
            d7 = qVar2.d();
        }
        B0.q qVar3 = new B0.q();
        k.f(d7, "url");
        qVar3.f793g = d7;
        qVar3.L("PUT", B.create(new byte[0], (t) null));
        qVar3.D("X-aws-ec2-metadata-token-ttl-seconds", "21600");
        try {
            D e4 = this.httpClient.b(qVar3.g()).e();
            try {
                String h7 = e4.d() ? e4.f4430l.h() : "";
                e4.close();
                return h7;
            } catch (Throwable th) {
                try {
                    throw th;
                } finally {
                }
            }
        } catch (IOException unused2) {
            return "";
        }
    }

    private String getIamRoleName(r rVar, String str) {
        B0.q qVar = new B0.q();
        k.f(rVar, "url");
        qVar.f793g = rVar;
        qVar.L("GET", null);
        if (str != null && !str.isEmpty()) {
            qVar.D("X-aws-ec2-metadata-token", str);
        }
        try {
            D e4 = this.httpClient.b(qVar.g()).e();
            try {
                if (!e4.d()) {
                    throw new ProviderException(rVar + " failed with HTTP status code " + e4.f4427i);
                }
                String[] split = e4.f4430l.h().split("\\R");
                e4.close();
                if (split.length != 0) {
                    return split[0];
                }
                throw new ProviderException("No IAM roles attached to EC2 service " + rVar);
            } catch (Throwable th) {
                try {
                    throw th;
                } finally {
                }
            }
        } catch (IOException e7) {
            throw new ProviderException("Unable to parse response", e7);
        }
    }

    private r getIamRoleNamedUrl(String str) {
        r d7;
        r rVar = this.customEndpoint;
        if (rVar == null) {
            d7 = null;
            try {
                q qVar = new q();
                qVar.g(null, "http://169.254.169.254/latest/meta-data/iam/security-credentials/");
                d7 = qVar.d();
            } catch (IllegalArgumentException unused) {
            }
        } else {
            q qVar2 = new q();
            qVar2.j(rVar.f4551a);
            qVar2.f(rVar.f4554d);
            qVar2.h(rVar.f4555e);
            qVar2.b("latest/meta-data/iam/security-credentials/", false);
            d7 = qVar2.d();
        }
        String iamRoleName = getIamRoleName(d7, str);
        q f3 = d7.f();
        k.f(iamRoleName, "pathSegment");
        f3.i(iamRoleName, 0, iamRoleName.length(), false, false);
        return f3.d();
    }

    public static /* synthetic */ Jwt lambda$fetchCredentials$0(String str) {
        try {
            return new Jwt(new String(Files.readAllBytes(Paths.get(str, new String[0])), StandardCharsets.UTF_8), 0);
        } catch (IOException e4) {
            throw new ProviderException(AbstractC0723a.f("Error in reading file ", str), e4);
        }
    }

    @Override // io.minio.credentials.Provider
    public synchronized Credentials fetch() {
        Credentials credentials = this.credentials;
        if (credentials != null && !credentials.isExpired()) {
            return this.credentials;
        }
        r rVar = this.customEndpoint;
        String property = getProperty("AWS_WEB_IDENTITY_TOKEN_FILE");
        if (property != null) {
            Credentials fetchCredentials = fetchCredentials(property);
            this.credentials = fetchCredentials;
            return fetchCredentials;
        }
        String str = "Authorization";
        String property2 = getProperty("AWS_CONTAINER_AUTHORIZATION_TOKEN");
        if (getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") != null) {
            if (rVar == null) {
                q qVar = new q();
                qVar.j("http");
                qVar.f("169.254.170.2");
                String property3 = getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
                k.f(property3, "pathSegments");
                qVar.b(property3, false);
                rVar = qVar.d();
            }
        } else if (getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI") != null) {
            if (rVar == null) {
                String property4 = getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI");
                k.f(property4, "<this>");
                try {
                    q qVar2 = new q();
                    qVar2.g(null, property4);
                    rVar = qVar2.d();
                } catch (IllegalArgumentException unused) {
                    rVar = null;
                }
            }
            checkLoopbackHost(rVar);
        } else {
            property2 = fetchImdsToken();
            str = "X-aws-ec2-metadata-token";
            rVar = getIamRoleNamedUrl(property2);
        }
        Credentials fetchCredentials2 = fetchCredentials(rVar, str, property2);
        this.credentials = fetchCredentials2;
        return fetchCredentials2;
    }
}
